Malware Analysis Report

2024-12-08 01:05

Sample ID 231111-l2w4xaea83
Target 3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212
SHA256 3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212
Tags
mystic redline taiga infostealer persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212

Threat Level: Known bad

The file 3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence spyware stealer

RedLine payload

Detect Mystic stealer payload

RedLine

Mystic

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:02

Reported

2023-11-11 10:07

Platform

win10v2004-20231020-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4352 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe
PID 4352 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe
PID 4352 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe
PID 3204 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe
PID 3204 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe
PID 3204 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe
PID 2852 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe
PID 2852 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe
PID 2852 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe
PID 3360 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2080 wrote to memory of 1456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2080 wrote to memory of 1456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2064 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2064 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 3100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 3100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3680 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3680 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3360 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2820 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe

"C:\Users\Admin\AppData\Local\Temp\3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x164,0x174,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,5505288065453447413,17910814454724191654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1804,11202138363109583833,7690141913586163956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,11202138363109583833,7690141913586163956,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,5505288065453447413,17910814454724191654,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,6596601450232069050,8788941141903473451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6596601450232069050,8788941141903473451,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,12726829050649750424,16233801987224539840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1540013800155242042,17412256316358264078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,1659116180900583426,8822715049918223448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffad14446f8,0x7ffad1444708,0x7ffad1444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12726829050649750424,16233801987224539840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9816 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5rd75JQ.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5rd75JQ.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2696 -ip 2696

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10284 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9592 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ZU832.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ZU832.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1700 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,368547880756813987,11437345071755947501,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5560 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 254.22.238.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.201.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 steamcommunity.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 23.21.113.241:443 www.epicgames.com tcp
US 23.21.113.241:443 www.epicgames.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 241.113.21.23.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 104.244.42.197:443 t.co tcp
US 93.184.220.70:443 pbs.twimg.com tcp
NL 199.232.148.158:443 video.twimg.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 tracking.epicgames.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 44.214.245.214:443 tracking.epicgames.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 play.google.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 8.8.8.8:53 c.paypal.com udp
US 157.240.5.35:443 fbcdn.net tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
NL 142.250.179.131:443 tcp
NL 142.250.179.131:443 tcp
NL 142.250.179.131:443 tcp
NL 142.250.179.131:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
NL 23.72.252.163:80 tcp
NL 23.72.252.163:80 tcp
US 8.8.8.8:53 udp
NL 172.217.168.196:443 tcp
US 8.8.8.8:53 udp
NL 199.232.148.157:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
NL 142.250.179.131:443 udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.131:443 udp
DE 172.217.23.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 api.hcaptcha.com udp
DE 172.217.23.194:443 googleads.g.doubleclick.net udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 rr1---sn-ntqe6n76.googlevideo.com udp
AU 173.194.28.6:443 rr1---sn-ntqe6n76.googlevideo.com tcp
AU 173.194.28.6:443 rr1---sn-ntqe6n76.googlevideo.com tcp
US 104.21.53.57:80 killredls.pw tcp
AU 173.194.28.6:443 rr1---sn-ntqe6n76.googlevideo.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 254.211.247.8.in-addr.arpa udp
US 8.8.8.8:53 6.28.194.173.in-addr.arpa udp
AU 173.194.28.6:443 rr1---sn-ntqe6n76.googlevideo.com tcp
US 104.21.53.57:80 killredls.pw tcp
AU 173.194.28.6:443 rr1---sn-ntqe6n76.googlevideo.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
AU 173.194.28.6:443 rr1---sn-ntqe6n76.googlevideo.com tcp
AU 173.194.28.6:443 rr1---sn-ntqe6n76.googlevideo.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
NL 172.217.168.196:443 udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
IE 52.111.236.23:443 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
NL 142.250.179.131:443 udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe

MD5 ca6e2773784ac10e37484c11ac990fa9
SHA1 acc832c8af21c2670a51a042dae5642325fd554d
SHA256 7a80ed70e6a9d3aabe8e7cebec48c65a3a62dae644b5d72234bb0f14cd9687b4
SHA512 0bd37dd84d834a01f10576b67caba6d9021e3e032c11550e404d22f2520200222d16f731c41926b03ec54c6f5ef281cc5833e4adab92625ef8e389ba7e19d17e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe

MD5 ca6e2773784ac10e37484c11ac990fa9
SHA1 acc832c8af21c2670a51a042dae5642325fd554d
SHA256 7a80ed70e6a9d3aabe8e7cebec48c65a3a62dae644b5d72234bb0f14cd9687b4
SHA512 0bd37dd84d834a01f10576b67caba6d9021e3e032c11550e404d22f2520200222d16f731c41926b03ec54c6f5ef281cc5833e4adab92625ef8e389ba7e19d17e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe

MD5 f5466eaab2fd1a07bc02e9eb64ed7ad7
SHA1 cac9130c9303a97cd62acdbb6e56f9c8665ecb2c
SHA256 ce483fdccf2bcbe0359fb7208876167a0ef6e897c32f5115bee5cd802c58823a
SHA512 16b79f87cf4824839f2c81514b8a6a4ac880fe2b89ed147fe2bb0b13ec55d6627a832e507a0c189c117605caf1f562a3e49ce8e347d3287ecb0ab92766b23ff2

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe

MD5 f5466eaab2fd1a07bc02e9eb64ed7ad7
SHA1 cac9130c9303a97cd62acdbb6e56f9c8665ecb2c
SHA256 ce483fdccf2bcbe0359fb7208876167a0ef6e897c32f5115bee5cd802c58823a
SHA512 16b79f87cf4824839f2c81514b8a6a4ac880fe2b89ed147fe2bb0b13ec55d6627a832e507a0c189c117605caf1f562a3e49ce8e347d3287ecb0ab92766b23ff2

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe

MD5 60dd201bc7d2074f64681ab5b9611fba
SHA1 7ba295310961de0f929d825c5ed976ab89f3dc5b
SHA256 2f4d9bf2477ad970e556620e0033ac02cb4c9e58a72dceeaa26e2d68552f962b
SHA512 d66312cdc9541a77c4b688e940e47d1672065b6aaa215d2dbbb516a7f7b9b477a4d84bac1222b5bb5afc17206cb31a1b62a8dfc93169f64ebcd04c41c9638533

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe

MD5 60dd201bc7d2074f64681ab5b9611fba
SHA1 7ba295310961de0f929d825c5ed976ab89f3dc5b
SHA256 2f4d9bf2477ad970e556620e0033ac02cb4c9e58a72dceeaa26e2d68552f962b
SHA512 d66312cdc9541a77c4b688e940e47d1672065b6aaa215d2dbbb516a7f7b9b477a4d84bac1222b5bb5afc17206cb31a1b62a8dfc93169f64ebcd04c41c9638533

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_2064_JMHJJLLCZKAZGOLZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3484_ZWPDFNBSHOPGGUYQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2080_SUIHXTPQFBHHYLEL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cfb9d82d29c7800d9ff895c30d4ec17e
SHA1 d94cacd1f0610b9d01f870c4f7e2c8e0fd1f3f1e
SHA256 6b4bd8324ab34587f17bc814c4fcb2e96a787909bcf5f4e53bb41cf127ef6639
SHA512 cf7a2a7d0c6f6f8db6d94aff0c488611cbf265bb6f4d10cbab56c4830ed417602736cb3b24f2f2cc12a33b2ac5c9fd23cb945f31ea022cc08e1a7d8d8bdf180d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17b1ad30450e3afbdd3ef59f885c8f8b
SHA1 1279768ee831ab8a12855cbbf5b07432049660af
SHA256 0ff64b08e571ce4d9ad9979d5dffa5fe364122a3a4fe496087a59c1d2eac888b
SHA512 d9cd052863d140d6aa18326fe906df14ba68c5fd382dde5bb509ea78bf77d4ef431d62c0e8717205794d1e6ab0286a984c510a5b8b4525db8a56abc094100e1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17b1ad30450e3afbdd3ef59f885c8f8b
SHA1 1279768ee831ab8a12855cbbf5b07432049660af
SHA256 0ff64b08e571ce4d9ad9979d5dffa5fe364122a3a4fe496087a59c1d2eac888b
SHA512 d9cd052863d140d6aa18326fe906df14ba68c5fd382dde5bb509ea78bf77d4ef431d62c0e8717205794d1e6ab0286a984c510a5b8b4525db8a56abc094100e1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9212e72a41c8234d09a61e10d5afed98
SHA1 2c0b58493b7b107f11becd27f8b6a5bef81b0b89
SHA256 8ea6c3a7c6edc8669443db33876458c042070ade5bbc3524324b6add200c11c8
SHA512 93355b7d9d07a7620abb14339a47f993537a29b48526e6cb578d5e3f99e6c1005586c55634d586e009ef35b822ea1234dd7f68e8820aaeeb7da8cab76ac8b405

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f56fb563-fc09-41b4-8e9b-e78cf0e9ae53.tmp

MD5 9b3b5445b7a501ee421bda88669eef1f
SHA1 3105409061a1d3f7291711e1f050c7e5e5f984d4
SHA256 de40663d8400a91fe210722b691b86acf0b988a8e77de5e676ba142dd05b2c10
SHA512 720722ea237084d6d9c7f198bdb6e9099b036fae060affa6dba83d119a1fb3d90640c8c2e4e3b0c422031bbd790183b8032b7af7b8a334a1e1d77b14bb733a2d

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe

MD5 a47c10eb8f72b14ba09ea12c5bb20454
SHA1 1e249ec31140e1c052c1ffa0f5355de8084f3002
SHA256 c95d5ad88d1bca772e02f2f52ea1807d0475b97f26196bae5c7f8fb43ff5f56e
SHA512 8c64bd22d508d69eb5d48a8394040ff915c78203c9f1ac740219dff6c11091b5ddb1b270774e2df5ef1160a52edb182476004483053a05b82fb643aab338bd41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9212e72a41c8234d09a61e10d5afed98
SHA1 2c0b58493b7b107f11becd27f8b6a5bef81b0b89
SHA256 8ea6c3a7c6edc8669443db33876458c042070ade5bbc3524324b6add200c11c8
SHA512 93355b7d9d07a7620abb14339a47f993537a29b48526e6cb578d5e3f99e6c1005586c55634d586e009ef35b822ea1234dd7f68e8820aaeeb7da8cab76ac8b405

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cfb9d82d29c7800d9ff895c30d4ec17e
SHA1 d94cacd1f0610b9d01f870c4f7e2c8e0fd1f3f1e
SHA256 6b4bd8324ab34587f17bc814c4fcb2e96a787909bcf5f4e53bb41cf127ef6639
SHA512 cf7a2a7d0c6f6f8db6d94aff0c488611cbf265bb6f4d10cbab56c4830ed417602736cb3b24f2f2cc12a33b2ac5c9fd23cb945f31ea022cc08e1a7d8d8bdf180d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17b1ad30450e3afbdd3ef59f885c8f8b
SHA1 1279768ee831ab8a12855cbbf5b07432049660af
SHA256 0ff64b08e571ce4d9ad9979d5dffa5fe364122a3a4fe496087a59c1d2eac888b
SHA512 d9cd052863d140d6aa18326fe906df14ba68c5fd382dde5bb509ea78bf77d4ef431d62c0e8717205794d1e6ab0286a984c510a5b8b4525db8a56abc094100e1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9b3b5445b7a501ee421bda88669eef1f
SHA1 3105409061a1d3f7291711e1f050c7e5e5f984d4
SHA256 de40663d8400a91fe210722b691b86acf0b988a8e77de5e676ba142dd05b2c10
SHA512 720722ea237084d6d9c7f198bdb6e9099b036fae060affa6dba83d119a1fb3d90640c8c2e4e3b0c422031bbd790183b8032b7af7b8a334a1e1d77b14bb733a2d

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe

MD5 a47c10eb8f72b14ba09ea12c5bb20454
SHA1 1e249ec31140e1c052c1ffa0f5355de8084f3002
SHA256 c95d5ad88d1bca772e02f2f52ea1807d0475b97f26196bae5c7f8fb43ff5f56e
SHA512 8c64bd22d508d69eb5d48a8394040ff915c78203c9f1ac740219dff6c11091b5ddb1b270774e2df5ef1160a52edb182476004483053a05b82fb643aab338bd41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2b7303e8e321714bbab8b7a5eeb35b25
SHA1 5337eb26de86d91de94a0f9a5e577aa0ffa8e115
SHA256 8bface407b92b1d41067885030b19ee404dfc8c526038e0f133124791ec9fc6d
SHA512 6376ddb343fba7008b241d4998aa8afcf5e22eed4dee16d78c5f64cac537ef62bb848af72cdf481c7953e9b5a0c33cbd32f2c81a26f83ef1c71f15cdad3e6898

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9d503c539990db94f42749ec98481021
SHA1 221da9e868c25213d8a59c3592a1f308915252c9
SHA256 7a256710fc8d84714a77d4416429dc4bc021501dda263fa6191fac175b756f91
SHA512 3b3f657d30714b967db27f8c21d8bf972aac159e38fa6c9993ebf3c01b8b88f3d757ac9303f663a8dcf128212d3c62ec62232474f94ae462ce1b208b300f45e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9b3b5445b7a501ee421bda88669eef1f
SHA1 3105409061a1d3f7291711e1f050c7e5e5f984d4
SHA256 de40663d8400a91fe210722b691b86acf0b988a8e77de5e676ba142dd05b2c10
SHA512 720722ea237084d6d9c7f198bdb6e9099b036fae060affa6dba83d119a1fb3d90640c8c2e4e3b0c422031bbd790183b8032b7af7b8a334a1e1d77b14bb733a2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e81abd81c69defa66dc99b6b7bf3a37c
SHA1 48c2788a131d1345b4b013a9b32165ad5aee2981
SHA256 34bd673eff9ebfb95018d247344fc951d4bccb819a95c0065c4a2ddc67e23cd9
SHA512 1aaaa8eca7e31ca86e49d9e087c9d7404503f9b3adf9a49ffaf6e80e5ac5eb2e782ce36be3e06ad3a4b4cbc2a6a080356c997b3f878c8185554d8a560c86ac19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e81abd81c69defa66dc99b6b7bf3a37c
SHA1 48c2788a131d1345b4b013a9b32165ad5aee2981
SHA256 34bd673eff9ebfb95018d247344fc951d4bccb819a95c0065c4a2ddc67e23cd9
SHA512 1aaaa8eca7e31ca86e49d9e087c9d7404503f9b3adf9a49ffaf6e80e5ac5eb2e782ce36be3e06ad3a4b4cbc2a6a080356c997b3f878c8185554d8a560c86ac19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2b7303e8e321714bbab8b7a5eeb35b25
SHA1 5337eb26de86d91de94a0f9a5e577aa0ffa8e115
SHA256 8bface407b92b1d41067885030b19ee404dfc8c526038e0f133124791ec9fc6d
SHA512 6376ddb343fba7008b241d4998aa8afcf5e22eed4dee16d78c5f64cac537ef62bb848af72cdf481c7953e9b5a0c33cbd32f2c81a26f83ef1c71f15cdad3e6898

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9212e72a41c8234d09a61e10d5afed98
SHA1 2c0b58493b7b107f11becd27f8b6a5bef81b0b89
SHA256 8ea6c3a7c6edc8669443db33876458c042070ade5bbc3524324b6add200c11c8
SHA512 93355b7d9d07a7620abb14339a47f993537a29b48526e6cb578d5e3f99e6c1005586c55634d586e009ef35b822ea1234dd7f68e8820aaeeb7da8cab76ac8b405

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2b7303e8e321714bbab8b7a5eeb35b25
SHA1 5337eb26de86d91de94a0f9a5e577aa0ffa8e115
SHA256 8bface407b92b1d41067885030b19ee404dfc8c526038e0f133124791ec9fc6d
SHA512 6376ddb343fba7008b241d4998aa8afcf5e22eed4dee16d78c5f64cac537ef62bb848af72cdf481c7953e9b5a0c33cbd32f2c81a26f83ef1c71f15cdad3e6898

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cfb9d82d29c7800d9ff895c30d4ec17e
SHA1 d94cacd1f0610b9d01f870c4f7e2c8e0fd1f3f1e
SHA256 6b4bd8324ab34587f17bc814c4fcb2e96a787909bcf5f4e53bb41cf127ef6639
SHA512 cf7a2a7d0c6f6f8db6d94aff0c488611cbf265bb6f4d10cbab56c4830ed417602736cb3b24f2f2cc12a33b2ac5c9fd23cb945f31ea022cc08e1a7d8d8bdf180d

\??\pipe\LOCAL\crashpad_3680_ITMWGVYJVWAAGVGX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2820_JRSNEPYMXWMWPBFW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 80943db86800dc2d04b4f6728987e236
SHA1 53640bb9fab5317a68ca741b92b98f656c5be4fa
SHA256 4bcaf9bdfb7c757220a78be8d5ab29880b03ce0cb15bdb18c4d391542a87a7c5
SHA512 3b17632365753da9ecb07f8c97be0f33657da39ba8a4a0593efbc6146daaf1d08682bf8c5858a513f8e6e85b1e0982ca30fe9760343ae1ad049ce0a1d946f20b

memory/2696-442-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2696-445-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2696-446-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2696-448-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3f8a726850fcb57cf229dbc351472f43
SHA1 2ce6fea0168539a751f75259a4b1064049fa0894
SHA256 72f1a1f575495916d5f77e495eb36121b84f91849c2662f91dede16046d73ceb
SHA512 b3b787acade07efba0880de64b8ff44a17fa99ebad1d42e26b0ead84c288d812a1f527605586bf240f83edae9373236aab16d5c24de99d3f4ddf806fd563dd69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1c706d53e85fb5321a8396d197051531
SHA1 0d92aa8524fb1d47e7ee5d614e58a398c06141a4
SHA256 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932
SHA512 d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 80761e766dbe574392bf10eb95b7a059
SHA1 bc0d1dd68550a27267d45d7c72e5c0e7ac5cc70b
SHA256 3099f909e08695310c86b7f47ef26c251d94bef825cc733d71b533127209cc01
SHA512 9968513f47842359a11c1d27a53b8010803f5f96296ac28050589c628606f3fbe89a60ba9b099290c4c5349c976ce8675f0717c6fa1738dd8b5ff136b20e1f18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5836f9.TMP

MD5 be8935f2504ad9bb6d54e635e36bac5c
SHA1 da7793442d42dcc10671b51686eb9e34cb39e2c9
SHA256 9aa7144ca6b607f18b8af07cf0f78c96ad8f99a8c9720b0bb07d5d034b2fb211
SHA512 ef3abfe64cadfa65e3676a8a5f0ff8eba9582cb96ab606f4928a95797189cfc7fa6377a586859517c99e28fe2eb51ae7d22104baacc6119946f40bfe5f2939e5

memory/1788-620-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1788-626-0x0000000073DA0000-0x0000000074550000-memory.dmp

memory/1788-627-0x0000000007AC0000-0x0000000008064000-memory.dmp

memory/1788-628-0x00000000075B0000-0x0000000007642000-memory.dmp

memory/1788-629-0x0000000007830000-0x0000000007840000-memory.dmp

memory/1788-630-0x0000000007650000-0x000000000765A000-memory.dmp

memory/1788-631-0x0000000008690000-0x0000000008CA8000-memory.dmp

memory/1788-632-0x0000000007950000-0x0000000007A5A000-memory.dmp

memory/1788-633-0x0000000007840000-0x0000000007852000-memory.dmp

memory/1788-634-0x00000000078A0000-0x00000000078DC000-memory.dmp

memory/1788-635-0x00000000078E0000-0x000000000792C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 07183ae7646c524f169c810aa5f55bd4
SHA1 20706a5fd87a57d3cebb2d8e41b7db0b743e1e45
SHA256 a6eb6805c9d317836aa0fe8f71c5fac208621c1eab9d8ba01b4452172bdeaef9
SHA512 3c0dda631767c38db8e310a160b3e73da03092287e02adb11a654ef11ec9b7a782ac6b5668a069c71833b289c6ab4ea71e36b50f1a709ac028760a2c9470a883

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe585270.TMP

MD5 17b83dea044b5fbeae2013fff8f48921
SHA1 12decfd4423849e567f6a649e5043c2a6e421fb9
SHA256 62f0546ccecff45e99720a442a5d9bb68b2583f4d8715a5b9f1d84a7f3d150ac
SHA512 4e25ad6c383443d2fe92fdb5349ebfd2df0b2cec0a42c5af8bf682111158d1a4e64187e8fd58fc8dadb10c508014c02cba08396ad45c5b03599cb96bab220f97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0b474bbd4483247f43ad38af24f55a40
SHA1 c8686fda4550f9fbb9b1bd785d253b21d9cef1b4
SHA256 a1f0adb7b85e90ea881a0ee4da6b63abbb913459d971865d383d889e0780946f
SHA512 a36bb6e469c63471e632efd63aad5b14ed08f6200e7b490b6f376b95b8c1b28b1c29c3fd1bcf02b353d75df5a1e3cc9169a757472f2694ead902f56bdc403787

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

memory/1560-975-0x0000000000400000-0x0000000000488000-memory.dmp

memory/1560-978-0x0000000000400000-0x0000000000488000-memory.dmp

memory/1560-979-0x0000000000400000-0x0000000000488000-memory.dmp

memory/1560-981-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 98ed8fefb860f3ac91725cee3b3c8ec8
SHA1 012d01fc75530b3afb6cac55d0780c78cdd5db70
SHA256 c859b3b5ce788f87d6e5da844b3b1423f96b10831e548a7f3c4bebdae05188eb
SHA512 d767773b44805eb2f42158e1fd9fd03e87eed7ac27fc627338b16267f0f45ccc7a411306147b7f1b56c5e2f47f6a57889a438a2014479f7599dd16be64eaf645

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5b214e7f0f53efefd26edf1adb174594
SHA1 c12e2bf14ffb1b78fed86ce2160460943d17b094
SHA256 e4105498170c243e03a05026d428f6c143e27b312a7a1c7ded771959a2b839ca
SHA512 714f296ebcc0294d1824e9e15c6ebc625f0224fcea8c828052f47d57341ce331762a6b55377fc3c77da97512d76e832922ef6590b370d854916b7b6f907c77e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e316c7b8181761b0c06d4d3c8ae318c
SHA1 dfe1592def1979257ded0b0bff2e9ac3681d179b
SHA256 40881d2b41f55ae48470cb066bdcaec40b6a5f5bb88340f4bb3a0fc86e9b3275
SHA512 78f259a6268387264ca2c7c9100fb8379d85593196dfadc1e5e3c36aa3b6d84b725d24fe18ef2b39ca19f810b33eeb61a418bd8e72f087b76c7c4faf9c49b14e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a154aea2-e329-470c-824e-3e517f0a3f6d\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a5759d9c7968ae22b99af2141888ef1a
SHA1 8027f7be79df9f682fdae9ef2d839ed45f054c69
SHA256 54a73034f6a6b58e452aac58566e11f9cfeb08e26cc30989b6473c1a522c2cc6
SHA512 8e0d20c48155471ee70756cc659a9a5306cc2374094cbce0be34ffa0a1defeda18829008aba02e2eb56977bde71744889136996b417aaf64e64d384dcb719017

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bebf1a0ac636a440f5019ed874a163f6
SHA1 cd9df21f36fbbd035a01493e7227ef91de261e68
SHA256 e48b05c3dc501a54ebfae178569fa6d6198ec6103b280acc9390f93fb31b3186
SHA512 0bcfa69956fa190951e9e3a662b7fcc6133b3394c58afbabb5664eb4838ed34abd80a55027d09200fa555a7874daca84eb4ad092572768ce56386ba3d94f1df1

memory/1788-1149-0x0000000073DA0000-0x0000000074550000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2b9d8b5269312ff0030bc7fd68445244
SHA1 02e41271b2d60d4df0258fab0e64481d1849bfe4
SHA256 531dd2119cac5974fbd005650d514194b4850038bee9058807d342932615801b
SHA512 afd62321dc08ae7b79f6df7364db51cdc8c4cf591f1291ee63e9911ff9eeb1690f202b7eb47d03fe6e8d3b328e998f7a26ac9ee6897f9d269db903a1ee549dfe

memory/1788-1271-0x0000000007830000-0x0000000007840000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\74b9b93e-1bcf-43fd-852a-441baca7434e\index-dir\the-real-index

MD5 143c2d235efc7c2abf8208e513f527c2
SHA1 406f74a3abb5ad11a7e331a6b49163ef9662887d
SHA256 1fdcaf87ab9b084f733ea9c242773bf884dfa557011fcf12f58082bfa0949d9f
SHA512 1a10c0bd8ef757a536dc4ad3818a0fefc9f5f2a5a9a22888ba91c683f4750f3f27ec878a6a17b61bd163d6a5283245444356c31e611e885dbe0619832e9f1d39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\74b9b93e-1bcf-43fd-852a-441baca7434e\index-dir\the-real-index

MD5 ee79ecfb9f6062e1078f498b1d55dc01
SHA1 d484cfa59d3c4f0298b9ab0c297007d7b8969414
SHA256 32c40b65bcaa3393b275b73d4b7651493d526292cc07623f081c7489bbc10030
SHA512 e56fbc59dc839193cdcf80e03e369b3a22d37530795a85da3f734c786ced277dff98ef841fbacea678f46367d618e01b9799869a28dc04792f5cceab08633c64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 030c769d706faedc6e62a2263b0e24a7
SHA1 9eb8e232818d6f747ee1e14ecb7f34178373d616
SHA256 32fa90f7de44a5ff6dfe2ebdd21aac57abb841d479ea2ededaeed98a14657d99
SHA512 4a20e63e033ac3d90476bb1b9f356b7f9b9256df79a3c37dbc1f76b0c2c78ed64cecd017096f3808e9670c2708c1066a29206ef1be7e8ae937c4146dff0e8385

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dc45501f63c7daf6af23494353506b88
SHA1 5d0c5cfabdc6cf6eb51ada6053bf7e01750c90ca
SHA256 48176d9de7f3b372a5ebd10dfb29567ad82d2e52e83cb23830f1780a92d86bc9
SHA512 0969b4f839ce84fd0a0cafcf8950d3a2641ef099c5b176a8e1db18da876f882e1ceeef92451a9ca08f8edb3930899800a36f0f1eb1e7ae29360f9f131f39ab50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b3a6eb0ee8956e3920c8083a13aa4ffa
SHA1 235ffa7e0b68bc814e19e79d5c10ba7023a87afd
SHA256 306d4e51d04c24f63813da2953f4a69fb1f2fb41bdeaa171556911e67b0d92d6
SHA512 2cb0e4462a03301f204b49c604797cb3261ba1c002397c68dacab88de02d36d58b0f2e74b1be0dba6526dab61481d27a549792cc0dba0b141c0ad04d2986d0f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 07c219d789b2035dc3484cb26a8d99e8
SHA1 11d4334b480693f25112d66fe386a8399f088303
SHA256 dbd4f0fbc5e38bd49700f97c097cbba95979dc8f95452136e25f2c7b0f9cc879
SHA512 f0fc10148aa7c407351386446f93afe8f48bf0c31be81b4b7733c8896bbbabd680d171338bd1c4d4db6a05ae24f13215562be07d207a2b0fa19a965ce1fe4120

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b8c0aea093e15b963ace283a0e19343a
SHA1 7046b9b6d05814057e21ccb9eb300ab58c9d1d6f
SHA256 d52b7e362a3d3ed4d21f6d5f8837582105df020590d897267a81ad635c479313
SHA512 adb8cc711ac222a1a775835d4618f8f35c782ee27bc871d545f4f6924e0003849fd6e9445164c28faa4fdab3fda82175bd40da7099857726d17afc112970bfaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ecdc.TMP

MD5 0d065a9c2efab2d6f2222a1eecc6c851
SHA1 893d46256e4237df0395794f08679a0225192116
SHA256 ade0a3e1c0b11a061a4a740c03084269d825d152ebf7ba5a5789316dfa5af38e
SHA512 255086cd3386a4136f84faedf288f9f565cfb69174d25da295da7222039a2ec223950d17d8fa830af211a4b87cff022c2a1d37bb64ccf32e3dd619e0b5372b5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 99dab52d7140993d897279053bf3a82b
SHA1 b5f0e4ee0d02f6338394e196f5d6e01dbaacf7e8
SHA256 1f6b1f00af4405e519959b407180e384c68c00fc0b016152341304ef29abc40b
SHA512 69521d3778e3ce156c7c944c2c0a7a44eab640492f8a3483e99436f90c42899cf006dc38a5c7b2086e3a0146592e08ee3b308c9446b8ee20b263d2bbab6557ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9a41bd1f-f490-41a6-948e-055e09318bf6\index-dir\the-real-index~RFe58fbb1.TMP

MD5 d03504fbb262ea7150595a52d2698f65
SHA1 904079d2d0107b72ed674564d0b425280f56941a
SHA256 eb43d17a73b0faccbf3d2cbc95820bd91663cb4c2efd962389b268945a41e187
SHA512 e154b2e8a8d23275fb2b3206d3645582af919eaeae5e8abc88036529dc73f9e9012a2e15c12a31410afef799c7a46b73d3f6b956412e98b8965846baeba429ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b2aca79b2726cfe36409104c4352cf38
SHA1 6effe79587a6670b6f4a66638611861fa53de7af
SHA256 d34026450f73c13834d82c74985d6b98953f7faa7a4e9a45db20d80b8bfe64cb
SHA512 630e75a0ef61e09cb359633652ab81cfaedf4d6831913ae91f03a30b0519e0d458e37b9777a9169c118123f02244254f0306f119fc3eed4354cb0b51ef65ac0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9a41bd1f-f490-41a6-948e-055e09318bf6\index-dir\the-real-index

MD5 947dcab6938408fc57766d7688b27dda
SHA1 2c9afcbeeb2355d458cec84fadb9e4bb40ae44ff
SHA256 b6d4f9c8a2bf93a421be7d6a33bfb4a6620bbe26836af8c0a08b2c099093399e
SHA512 6624d19c28006414a541f82399f743b1f83ad51911d2bea1b1800a9bfbaf9eb247fd5809b439a97c180213b53f848c9456356c735740b9415071e3b0c93b28ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 09796f69f392651f9d505cb64b9b6486
SHA1 7ebb55d3d8f4fa0e6236b27322dbc4a343d35678
SHA256 745012efa5227dafc283679fa69d4b34c1b9f77908ba4e69f5d8fd15f34d2b1a
SHA512 b1efe46782b9dbade54148d6de3726328a9ad915585b3cce3d8b5d61dde65c4000208519568e37da15cde565d587d44060394b284172985294de0ea51c4f50df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\4793ac47-911a-4015-8f80-3c4631a74c66\index-dir\the-real-index

MD5 778ad7ec697fded2b8bc5e1fc3a487cd
SHA1 4202caa09c7397c20f05b7f7d818d6e5a4f78ce0
SHA256 ed5fafc2f635ea49555f5eaedfb2d635606077402c9bc56d9b01a30315190137
SHA512 1ea026659545e389fbd7fcbd8411d3f60150577b9dc49c2ea03dace36f456a4447ba9d8fe3a47e286fb0a4cfa2651a04a1bc67a91b056ccab5a8fb16c784f5f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 91fbc772f4eac8b54ce93f75744c5780
SHA1 1fe381cae85a27aa0defc10084b4503a0131578f
SHA256 c472e8b7bcdd22272a0a085741ad13f3dc7084a35d1c6692c7b08aa6a2c0f073
SHA512 fce877bdb7d6d533f76c8c17d8eb775bc3a0637e403328681ad9a438752d79f2b3bca2c5a162d78522671a92656fbc98f8a302e511b9865af5d413c433231cdb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1debbf97abc0431763c5434ec77f2b1f
SHA1 7e8967501ea5a23e710629b0a268ace35edbb7e1
SHA256 31d0c5721c8b65f8acd8bf8ecaf91b6a514dcf190fa59d5bd1d02ca143c23030
SHA512 b3d72c0d378115c8820bded28055943787f5356f710bd4d93d438444039e01b0ccf13374d78b05828a3ee468b66a19abfcda582349d401ede7598490f0efd0a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 29dfc62172484eb9a6dab9191e04ec35
SHA1 90de7adc1f2b87c518011cfbe443165e97197057
SHA256 3464474f8085b663f150c3e2fb5f9c6b6ffddbd8e8fff8df3cfd674558c32b61
SHA512 55faff1c76af7d8389e3de9050f04a373725dba5dd8b4094b4fb40af069edc44f46eb34bd66af176d0f85ec49f173602c9b93a8d2cced405b131a47e89d39b34