Malware Analysis Report

2025-01-02 05:02

Sample ID 231111-l8kz8aeb83
Target NEAS.468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce.exe
SHA256 468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce
Tags
mystic redline taiga infostealer persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce

Threat Level: Known bad

The file NEAS.468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence stealer

RedLine

RedLine payload

Mystic

Detect Mystic stealer payload

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Suspicious use of SetThreadContext

Enumerates physical storage devices

Program crash

Unsigned PE

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:12

Reported

2023-11-11 10:14

Platform

win10v2004-20231023-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ae4CT18.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kH4fI79.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3268 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kH4fI79.exe
PID 3268 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kH4fI79.exe
PID 3268 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kH4fI79.exe
PID 408 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kH4fI79.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe
PID 408 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kH4fI79.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe
PID 408 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kH4fI79.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe
PID 3972 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3972 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3972 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3972 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3972 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3972 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3972 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3972 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3972 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3972 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 408 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kH4fI79.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe
PID 408 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kH4fI79.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe
PID 408 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kH4fI79.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe
PID 1768 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1768 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1768 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1768 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1768 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1768 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1768 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1768 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1768 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1768 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1768 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3268 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ae4CT18.exe
PID 3268 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ae4CT18.exe
PID 3268 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ae4CT18.exe
PID 2952 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ae4CT18.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ae4CT18.exe C:\Windows\system32\cmd.exe
PID 1412 wrote to memory of 2780 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 2780 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 4048 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 4048 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 1984 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 1984 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1984 wrote to memory of 4132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1984 wrote to memory of 4132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 3880 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 3880 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3880 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3880 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 4292 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 4292 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 4512 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 4512 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 3892 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 3892 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1412 wrote to memory of 1640 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kH4fI79.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kH4fI79.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4504 -ip 4504

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ae4CT18.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ae4CT18.exe

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\CA45.tmp\CA46.tmp\CA47.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ae4CT18.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fff224e46f8,0x7fff224e4708,0x7fff224e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff224e46f8,0x7fff224e4708,0x7fff224e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x7fff224e46f8,0x7fff224e4708,0x7fff224e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff224e46f8,0x7fff224e4708,0x7fff224e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff224e46f8,0x7fff224e4708,0x7fff224e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff224e46f8,0x7fff224e4708,0x7fff224e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7fff224e46f8,0x7fff224e4708,0x7fff224e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff224e46f8,0x7fff224e4708,0x7fff224e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff224e46f8,0x7fff224e4708,0x7fff224e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff224e46f8,0x7fff224e4708,0x7fff224e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,2152979330152235253,12990678289848254455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2152979330152235253,12990678289848254455,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,314689070392238239,12083892292986154285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,314689070392238239,12083892292986154285,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,5269321813412478769,9219668410592321544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5269321813412478769,9219668410592321544,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,8576516682698785990,3837610913256946045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,1525416334034028450,15206624504488660750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1525416334034028450,15206624504488660750,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,8576516682698785990,3837610913256946045,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,363561516614289278,12720414520400308831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,363561516614289278,12720414520400308831,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,6209764115613471051,10132958676180708552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,13423430951089382006,6177813233367215403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13423430951089382006,6177813233367215403,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6209764115613471051,10132958676180708552,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,977231619067911941,15394175500112069043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,977231619067911941,15394175500112069043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6720 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x500 0x150

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14475874413620933402,2886044696998253358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8316 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 65.252.72.23.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.paypal.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 3.210.187.106:443 www.epicgames.com tcp
US 3.210.187.106:443 www.epicgames.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 106.187.210.3.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
NL 199.232.148.159:443 abs.twimg.com tcp
NL 199.232.148.159:443 abs.twimg.com tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 8.8.8.8:53 t.co udp
NL 199.232.148.159:443 abs.twimg.com tcp
NL 199.232.148.159:443 abs.twimg.com tcp
US 104.244.42.197:443 t.co tcp
US 68.232.34.217:443 video.twimg.com tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 254.1.248.8.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.171:80 apps.identrust.com tcp
NL 142.250.179.182:443 i.ytimg.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 i2.ytimg.com udp
NL 172.217.168.238:443 i2.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
NL 142.251.36.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.51:19057 tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 157.240.5.35:443 facebook.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 rr1---sn-5hne6n6e.googlevideo.com udp
NL 172.217.132.230:443 rr1---sn-5hne6n6e.googlevideo.com tcp
NL 172.217.132.230:443 rr1---sn-5hne6n6e.googlevideo.com tcp
NL 172.217.132.230:443 rr1---sn-5hne6n6e.googlevideo.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.138:443 jnn-pa.googleapis.com tcp
NL 142.250.179.138:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 230.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 104.244.42.194:443 api.twitter.com tcp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 fbsbx.com udp
US 104.244.42.194:443 api.twitter.com tcp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 52.3.28.207:443 www.epicgames.com tcp
US 8.8.8.8:53 rr5---sn-5hne6nzk.googlevideo.com udp
NL 172.217.132.138:443 rr5---sn-5hne6nzk.googlevideo.com udp
US 8.8.8.8:53 207.28.3.52.in-addr.arpa udp
US 8.8.8.8:53 138.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 api.steampowered.com udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kH4fI79.exe

MD5 dc3596c72e5617bb947614dc3078c8d0
SHA1 56b03629018ff7b94dede121254958d5ae7e1c87
SHA256 db94fde172a6827fd40276e0a06da12ef81cadbf77223a4bd65c76e6c788a1dd
SHA512 8f7ec685cf05cc69ecc2582656cf5850d6ffb4d4494fb6f150c8afcedc1d051034ed314d44f9a5325bd5d980b225cd07291fad2bca090cd52652391f7da3d500

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kH4fI79.exe

MD5 dc3596c72e5617bb947614dc3078c8d0
SHA1 56b03629018ff7b94dede121254958d5ae7e1c87
SHA256 db94fde172a6827fd40276e0a06da12ef81cadbf77223a4bd65c76e6c788a1dd
SHA512 8f7ec685cf05cc69ecc2582656cf5850d6ffb4d4494fb6f150c8afcedc1d051034ed314d44f9a5325bd5d980b225cd07291fad2bca090cd52652391f7da3d500

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe

MD5 5f5aa93efda01fc70a1dde8efb17e7b8
SHA1 0aab1e022d39d523a8d10a01f6732f0c900e4d67
SHA256 951aae575ddab85a5ef7772face2d5bdc40ccd36133534a821a5eb4f0b8367c5
SHA512 a12fc206adfd6609e0166dd90d7e79a94bae1090d911cc753bb237d6477992c21187d67ea5547a38be675abd7b709da2539efedf8aa7dbee04025018b687bdf9

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1QB42Wn0.exe

MD5 5f5aa93efda01fc70a1dde8efb17e7b8
SHA1 0aab1e022d39d523a8d10a01f6732f0c900e4d67
SHA256 951aae575ddab85a5ef7772face2d5bdc40ccd36133534a821a5eb4f0b8367c5
SHA512 a12fc206adfd6609e0166dd90d7e79a94bae1090d911cc753bb237d6477992c21187d67ea5547a38be675abd7b709da2539efedf8aa7dbee04025018b687bdf9

memory/4504-14-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4504-15-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4504-16-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4504-18-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe

MD5 3c2de8f3c980f7293a52366f7154174b
SHA1 f28ebbc07509a9bd08d85171fb35a6d09978b8c2
SHA256 00264b16534ebb91182d50206c870a98d1c9b5c9b579b8d57fd1b7e1055268c5
SHA512 dc96e9c173028e62f1303311b57fe39df0952f0f7aee9aa1a784c6196960d69014e07e431b188a9e9344e4893d2fd5f9b7e2ef248359b0f4c249bf8fc2f4ffe7

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2yC2483.exe

MD5 3c2de8f3c980f7293a52366f7154174b
SHA1 f28ebbc07509a9bd08d85171fb35a6d09978b8c2
SHA256 00264b16534ebb91182d50206c870a98d1c9b5c9b579b8d57fd1b7e1055268c5
SHA512 dc96e9c173028e62f1303311b57fe39df0952f0f7aee9aa1a784c6196960d69014e07e431b188a9e9344e4893d2fd5f9b7e2ef248359b0f4c249bf8fc2f4ffe7

memory/2412-22-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ae4CT18.exe

MD5 5b9e2b1fac6adde4f0477380dfc9e10f
SHA1 ab381fe2564a73db9fec15fe9b56779d0513b740
SHA256 652be51fb47683b251b056f37752c653a268e613f25c19ed8e20c16cd82b4e70
SHA512 4c540ef256cfcc634f7551f6fb07a091a2f2dd7a7cc80ca605e618351a0350da837c77889e0587942642444f97f8c56403a7b2f28264a99851f7bb629b5734ae

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ae4CT18.exe

MD5 5b9e2b1fac6adde4f0477380dfc9e10f
SHA1 ab381fe2564a73db9fec15fe9b56779d0513b740
SHA256 652be51fb47683b251b056f37752c653a268e613f25c19ed8e20c16cd82b4e70
SHA512 4c540ef256cfcc634f7551f6fb07a091a2f2dd7a7cc80ca605e618351a0350da837c77889e0587942642444f97f8c56403a7b2f28264a99851f7bb629b5734ae

memory/2412-27-0x0000000073DF0000-0x00000000745A0000-memory.dmp

memory/2412-28-0x00000000080C0000-0x0000000008664000-memory.dmp

memory/2412-29-0x0000000007BB0000-0x0000000007C42000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CA45.tmp\CA46.tmp\CA47.bat

MD5 119c7ceedfa38442f451868912023a7e
SHA1 a1100c253b32765e82fd073edb9248649c61a7eb
SHA256 b71eff09c1c9883c24ae2238214dc366cf551a5eaa93e5424a8837bdb1ff629e
SHA512 a1bb621894c9fe821bf073daa94bd68ebb3aad1fc9fbca91ca708a960baf630cd08f74041d151974f9e4b135a4f3656b4acc6c449f6f05ec4924fdb00602bedc

memory/2412-31-0x0000000007B20000-0x0000000007B30000-memory.dmp

memory/2412-32-0x0000000007D90000-0x0000000007D9A000-memory.dmp

memory/2412-33-0x0000000008C90000-0x00000000092A8000-memory.dmp

memory/2412-34-0x0000000007F40000-0x000000000804A000-memory.dmp

memory/2412-36-0x0000000007E70000-0x0000000007E82000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

memory/2412-38-0x0000000007ED0000-0x0000000007F0C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

memory/2412-45-0x0000000008050000-0x000000000809C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

\??\pipe\LOCAL\crashpad_4512_PGQSOJDGFBWPEUXR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2780_OWUAFKIYGHOOIJKK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

\??\pipe\LOCAL\crashpad_4048_DQDLNBIRNURHCBKH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3892_GAHSIVVSNXOQVBUH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1984_WDGCVWMASEGLYGVB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1640_WFPZOEKRTRHVGNCT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

\??\pipe\LOCAL\crashpad_3880_WVWKEWVACUDPFKDN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f9baba6a-7b76-4c60-afac-94c96953855c.tmp

MD5 df79c407c4d4a365d0b93b95a072c3cd
SHA1 82c4e295b727dcf0945263e5d8d5ab628cde97e3
SHA256 0dbd7788b191d2a6ff842b33b602eb1e4e55a1753d6d8ede0800023e933e36cd
SHA512 fe6a4f9d61cc3f023a534e01dea893ad8d83e441ef5502e2f861a34da9c180277bd26e02236ff5c29d9cdbdbc9eae0d0fa59cad8e7c4d837f3e3c543b7f4a667

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f195720248e830c93389bd9537827a6a
SHA1 cc51d32ce277e1099bf29d9b466678e2a7ecf15e
SHA256 ecb640da58b94da378f1cdf6d20a62c34dc13bb6e13d615d878fa38d6163cbe4
SHA512 de421532792eef360c2f21fbf7ef52d81ec60b8dc1c74046bac0a730b85d6c01a77c7d0c4be74e83a5693c93042f02df978c2716279b9cae83391d23bf66b574

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2f5d0e5f-165e-4972-90a4-4b7362f805bd.tmp

MD5 ea49cdebee08f22d900fdbf0ed4b5199
SHA1 2a331e6cd00d054bddbeaa2d59d82be4b73c4321
SHA256 92855d531c3f2ea5df428adf2e7ceed46843083ab9aefcbf2d75e20c94bac045
SHA512 fb3126342d569741e9ac0f926f2a0f6acde4f4c735e2c1b5f766f35d5531a1d9a7cf4fa38715403abdac2294438dffee01d2d301e0237a83a87469f657f5e3de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f07045a0-6507-484b-84eb-959dd417aaf4.tmp

MD5 faad49a82d8f781de2b447410f653cb2
SHA1 8eb8163d0924fe5b26c2c54407beda7483e5c05c
SHA256 4f42e560c15c5e0da5ef0ac48a8da607a218bd892aa1e4c61ef05f52c6ff89cc
SHA512 741df067c89b9c877dda396863e7688447830dd57ea6c059f472188c22006fd21129dca45c993d06da1a9c4bf1a9eb254e2068e8ea028666aa7c7c0f47aac41d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0e140420-f649-41ef-b12a-5eeaa29675db.tmp

MD5 f195720248e830c93389bd9537827a6a
SHA1 cc51d32ce277e1099bf29d9b466678e2a7ecf15e
SHA256 ecb640da58b94da378f1cdf6d20a62c34dc13bb6e13d615d878fa38d6163cbe4
SHA512 de421532792eef360c2f21fbf7ef52d81ec60b8dc1c74046bac0a730b85d6c01a77c7d0c4be74e83a5693c93042f02df978c2716279b9cae83391d23bf66b574

\??\pipe\LOCAL\crashpad_5348_XJBWFARCMRAFTGSK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_448_WWMEZRZJGBDLIBPN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4292_ZLUNWSCQBTHQEHKI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f195720248e830c93389bd9537827a6a
SHA1 cc51d32ce277e1099bf29d9b466678e2a7ecf15e
SHA256 ecb640da58b94da378f1cdf6d20a62c34dc13bb6e13d615d878fa38d6163cbe4
SHA512 de421532792eef360c2f21fbf7ef52d81ec60b8dc1c74046bac0a730b85d6c01a77c7d0c4be74e83a5693c93042f02df978c2716279b9cae83391d23bf66b574

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b9354c27-2361-49bd-9dbb-d40c7362d13a.tmp

MD5 9feb70f83f1fcf74de357dfa7b4c3aee
SHA1 9946ec32984c676212a4a0484e4cf7f1b9e746ee
SHA256 5f3c1143d5a3f58852b795d2970d0531a5947ba06c6c8d478b11276596c5166c
SHA512 10dd8336a1cf6d71f15b9e8748b4800a8f3f9a7a84ac7d68dbbf0ba173bc53c7367cf5e0f7d89d12e0b37a7a6633a58e1f9606deb267e4e696d6ef4942d14d34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 df79c407c4d4a365d0b93b95a072c3cd
SHA1 82c4e295b727dcf0945263e5d8d5ab628cde97e3
SHA256 0dbd7788b191d2a6ff842b33b602eb1e4e55a1753d6d8ede0800023e933e36cd
SHA512 fe6a4f9d61cc3f023a534e01dea893ad8d83e441ef5502e2f861a34da9c180277bd26e02236ff5c29d9cdbdbc9eae0d0fa59cad8e7c4d837f3e3c543b7f4a667

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e02dbec7-8bf6-4758-9498-b61372e9001c.tmp

MD5 9a3a875f899f1da5192bc77fc9427aab
SHA1 ca8f111dfaf9f9af0703c172ae136f8b796e04bc
SHA256 0dc5405dcebc5b553262c56cca0f1fc165d8d8f58eb61dbd95ae08fd6a71ef26
SHA512 c22f712de8daa75eb7cd0a8a4e898b3a11fc2d031fde03392190f94f517fc76bb67f058d6677c0dd6ef572a2c7fc8bc62ff45abfb8f5fd563cef97d91064b56a

memory/2412-232-0x0000000073DF0000-0x00000000745A0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 faad49a82d8f781de2b447410f653cb2
SHA1 8eb8163d0924fe5b26c2c54407beda7483e5c05c
SHA256 4f42e560c15c5e0da5ef0ac48a8da607a218bd892aa1e4c61ef05f52c6ff89cc
SHA512 741df067c89b9c877dda396863e7688447830dd57ea6c059f472188c22006fd21129dca45c993d06da1a9c4bf1a9eb254e2068e8ea028666aa7c7c0f47aac41d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d5e7a64d2e7ed2ce64a1b9131d248a1
SHA1 45ff24e15382d3ba9f0e647a4dfcad04bb4719ff
SHA256 7c789c0cbe73b27a50d5106552be41be036cf0729c9a48726a1b8c98a6e3ee06
SHA512 8eb107ad14350139ae07b2416903b691ba34886a28977a9892462fe569b16400340cbe732be8c9fc6e565aafc496ccbf518c6df2b7ab790bd4bffa78203f5848

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d5e7a64d2e7ed2ce64a1b9131d248a1
SHA1 45ff24e15382d3ba9f0e647a4dfcad04bb4719ff
SHA256 7c789c0cbe73b27a50d5106552be41be036cf0729c9a48726a1b8c98a6e3ee06
SHA512 8eb107ad14350139ae07b2416903b691ba34886a28977a9892462fe569b16400340cbe732be8c9fc6e565aafc496ccbf518c6df2b7ab790bd4bffa78203f5848

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9a3a875f899f1da5192bc77fc9427aab
SHA1 ca8f111dfaf9f9af0703c172ae136f8b796e04bc
SHA256 0dc5405dcebc5b553262c56cca0f1fc165d8d8f58eb61dbd95ae08fd6a71ef26
SHA512 c22f712de8daa75eb7cd0a8a4e898b3a11fc2d031fde03392190f94f517fc76bb67f058d6677c0dd6ef572a2c7fc8bc62ff45abfb8f5fd563cef97d91064b56a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 68eb08e9d7c4abb6759633d976e51ff0
SHA1 6de2cb95f2caaef7bd6965d611dbe41ae450789b
SHA256 fe3bc68063a3403756d63962708f647b2467fde784b5147dadd4d89e908115dc
SHA512 416f3b2197493eac313e70a07ef626a12ac7b3e3e9e062cb96f1b95696dcd753e52caa527548d8658923fd7d4edd70ddbba0fccfa0754842a86076532f2f20c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a7cec968bb95e7434cb6d15f3305fa48
SHA1 b330375a37d1934c11cdb3fad39aac073d0d23bb
SHA256 c67e4994ee08f0caaf5904732c929d23b1cece0b98a213d46f38ccfcf26cefb7
SHA512 d6c7e281d37bb6b04b3cc249276ec36f848cfb2be65214ae991a2e31b27d0366fcdb2e9263a782dc1184d942309bd240dfcf54d5a4448737c48256e6a8d667a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a7cec968bb95e7434cb6d15f3305fa48
SHA1 b330375a37d1934c11cdb3fad39aac073d0d23bb
SHA256 c67e4994ee08f0caaf5904732c929d23b1cece0b98a213d46f38ccfcf26cefb7
SHA512 d6c7e281d37bb6b04b3cc249276ec36f848cfb2be65214ae991a2e31b27d0366fcdb2e9263a782dc1184d942309bd240dfcf54d5a4448737c48256e6a8d667a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 76b3ad7a9447cfc39a4152b73c37b18a
SHA1 a5a09823c26f116cc0bcaf044ec7a31989c6e359
SHA256 204c34960b0cf5a03fa239d841ba670ebb5b7126599f5e7cb36a0af18d3abffb
SHA512 757a4b46ccedaad170ba898fd31965c17d942aef24813f3ff4eb95a09e854e80ab54fc224571871cf8bb7f6ddb8a43a1c43140b4922f9be677e9d148216e7b28

memory/2412-392-0x0000000007B20000-0x0000000007B30000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fb179de3-a06b-4def-92b0-afcf126617e0.tmp

MD5 838d31e084c6785438801e1e2f9cc5a5
SHA1 1f857fc5ebe75e25c910626e784c61901daacdf2
SHA256 d34a6d6ef6ebeafefe9db3903cbad32e09c395b3205e775791e319579b2d1c5d
SHA512 dbf67106726e6b977923034db3a58bbd5f43700e3bfc8c5510f08b455ba09b212f0bc5d084fe6abd272931dcfc87a2ae6a4d80e1f770687c40de4c2f3b181e17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 387346014bf994a6d51f73ebd2def52e
SHA1 0d4b067a8ad08c1540099987da25949f13e23654
SHA256 c87ff015a81e9ce404c972c1c86df24c77aa52deb6874740c8e500ef2b19e215
SHA512 90ab051924fb6eb8b708126258bd5d32d72e97c929156735b071bd7bd3ca0c599f0b37d6ae4366908bfdcb0920855143e15c0f84b2c0ae83fa9718c9ee9ff05c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4fff63c9c37ccacb0f6411abaa5965a0
SHA1 3e94d9d884a61bb56c05757bec5f0d8af5bbc75a
SHA256 a8b0227422cb1c676b234177bb2f4762f1c4ee808af956e346171f97e826c0da
SHA512 3f027fbd795120b57eb0e769d537564646df9666c357ce05a3012c965db3ef752cf9a01f1b56fa1ea5c9d6801a7ec77ec75bf3c180af65aa4dfd80bc68014a97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 31eb501d9db2ca81f383bec34dd69b28
SHA1 e0a233b0f7b11e8e14069496350979369d4cf37b
SHA256 05e20decd69f93b280af774dea3aec2442bd740c27792b2f31c9e0fd40da7ac4
SHA512 245f0431a34ad9d50610bbfef06f4bf4150f8eb917d44fbdcb375f3dacc14f3e637558e46c5072d2d49cb9f2edc2ebb6300346953b2d3408610080f17c4934f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4424cc34af73f7c8719e6ebc1f8c680c
SHA1 17a0f38518f494f38dfdc474d637c4b80bfdb5f2
SHA256 2d4dc3b947a0e6c7da88489d1788c260a20aadf850883ed8b59c9be20e11bc1a
SHA512 cc7d19c9d551da96a3bebdce16a084f744713507160ecb43019615abb59afe700430d913ffc2cdca7b330f4cd279fe8fd0f63942f4e06aecb3a1f871773f12a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cc46ba516fb01cdc967b22a06e036cfb
SHA1 eb43ee57a18b16ad37cb9710b30f6ca3078ae7ae
SHA256 d6fd58b153b2bebb56fab9146d6577892c8844b2f3ceb1bb91ddedb581105dd7
SHA512 bd89e3a2eee6c6bcacf3c7ea5970d14a91a2f16138a219bd46bf40c70b9f358e51e8c2405ea7c1218448734f881d118a0b2ca2d7318ae2c67227c31b90dfa77c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b9064b20001c2b3b6f9cc0417fb01bdb
SHA1 858bed8206c970c100ade8b150dca1a44f78908d
SHA256 93e9982544b80fd665276241fac1ca02d8128d6282ecd3577dde5d77394a662a
SHA512 d62ec8ed5176d35db8c0635f21e3d8157d94f40c3de1ba5be2efdf5e8250c51513afd00a7fe2fea28a62280ef064e69e086c69a486ec0d89e520e8ae6d269e0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 918ecd7940dcab6b9f4b8bdd4d3772b2
SHA1 7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4
SHA256 3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175
SHA512 c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f9578e565fe59c3f43f57d25e19539d1
SHA1 cf78d41981cc85061251d829970741e8ddb86af5
SHA256 b891b41c071dfc2b8b6afd868e76f92e285a992943f1709696317d58f6923664
SHA512 51fcd0a2157c6a5d408d8a59c2c295cb0ea5296ff4de9fa6d2abfc23fb77250b609b9e2815cf9e00b4b159cb8cc91b27fb55687177519310c57b18ff6449e79c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 925d63f88608621cca8dd7ee1cedb1e9
SHA1 1fbad14c9f38fb5fd852dd9e96220bfdccf1bb47
SHA256 8b85084559cda83478c083ee3d814ca7815968a979da968228f6f123606e1923
SHA512 bc764f40582eeb14ad192d1227b45197de7a13c8ec20bd077e1905fa0cccfafe6e4ca75564b329c9b6628c7fffd1eb0c9796eef10874b3bb8ce64c6df41b4575

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58f1cd.TMP

MD5 8face6d9e1e4e06bfc21ca794415b746
SHA1 5592bd745e1787e6cd4e7f46b6bd28b180b5c919
SHA256 6c01ca8b84b68ea153489a5248e200285670510c5350c69d46bfa826fc1503f2
SHA512 0850fa3fd104fe8864f9a055fbd2a8c24ae386049a7d99b0297b6e5af7245fb02c9c9bf68c178d7557144b15edd69b7ba103fcf70eb296e2923721890d6ca19e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\875ee2b6-018f-4551-87db-825686c55b23\index-dir\the-real-index~RFe58f1dd.TMP

MD5 9a7328198f77be5377c6b8733e23efac
SHA1 da6347146904c23e60c027bfaa38596d38ebcaf8
SHA256 350df52399a3511404c9a1d21ddd24b0c7c53bebbec44b235697a8459786d980
SHA512 3386c1a35b868695642a3150e070cf4d1464800436f725a6f2ed0fca04e8bea5a644eb1dda41ee7f2673ce13c230d097cc5ce2b67b738adc25d1cac307eb07ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\875ee2b6-018f-4551-87db-825686c55b23\index-dir\the-real-index

MD5 192a34a0214d61609f5b33de4bcb48d1
SHA1 f2ae809edc0782ecf13f2ff04abea4c0a70449ee
SHA256 ac04dc1804b83b139f0d3f975f727ab175ea69e8b0d2990c5b97c75e65cd32cc
SHA512 fce34ad0b784e735b74055bc8c8e9210793ab22f1033c22fd9bc47a0fb304b59ba5159d8359ecd31da57a2dedfe77d600dba8f9886fb386e36b766537dac3b2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d39acf19c8ca2edb0ba993ef58272ec0
SHA1 18152f2d33de9e3926710109c0732e0273e1e943
SHA256 18d6874419cf2eb6070c59d64beae7ac7d630d025439176c8c8dc3d94731cd2d
SHA512 e347eb293055e61b46c7c21af467adbb7b2de3490f075a406e7d6b57cbb4e8c1cefc18419d7a4e6cee73729ff49776c8b352a0a362dae3323f031051944f75df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5967e8.TMP

MD5 508584cb350f1bd686cb1a7e1868c4d8
SHA1 680f0938b51e367fa39ae697aa7ace8b966dd4de
SHA256 bb6e9d76b58bf0847f115a9a721f5fd8ef9922eb92075e915bb7ea5f46a65092
SHA512 726f71f9db0757c50183556093511cceeb581fd717b33256acffc26ccfcfdbfdcc993cc344427f66f55ee09bddc441ec10dd62108962d5f2c6467a8c1c77454a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b59e45c23ca528db2a5372f1097abaff
SHA1 f7bd140698a126f56df5378357bc96b6c64a30f7
SHA256 b1e57a49fe954e98cea0ed89765cf55b6b98f9fd14eb4bbef46f98d7c078bbfd
SHA512 8ce0fea4ec35394b30de1a1668ceb656bbe8f01b892c7cc6abc431468b1862dfb6db9600fe7acef7c2aecaaf83b936e1dfa3d27ac49c57d6e78366bf485c4a00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ee0ebf37936d219b6ba651046ed582e6
SHA1 f2b9b71f5af015089a3f4f4be7b82aae00b4a312
SHA256 54c77f1af289e86e9c59bd889c8e97d6a876553d3d2ba21c1a97e9998fe8308a
SHA512 f716b8faa782681c6da74edd482529ee06324ffffc6e594f0337b2dc30e67329ac33a091e6f2f35a22e0cc3e2b8595877d40a5510bd9452998c9c071564181b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f3f0ad055faf76f7922ff04f59b29794
SHA1 8f4261ae8acf4628e60ef437ce1139eee259afb0
SHA256 6592a955f0659558a0e88fb52934e5d78a1650d56c3a326f61135d92fc7e2173
SHA512 fd852554aa9fb8828cd73b15a4229f61b378668ebe1472986218814e613e6a79052d3066a9eab08fa42ad84819a4dc62315d144b9c76d2209f3888acf512a29e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e99c96773539dcb22e9877e40503921c
SHA1 25f0c9ccb3481ee57c2664e8cbeb372563bea50b
SHA256 61a7250cb254e2cfb5d6e3e37daa0d59a392d8f5ec1f1bf00715bcc0b6f3182b
SHA512 aa6eba7057e7f42d471d383ba919350c23e5ed9c8e8276999f74a6c043f4757cde20e9f351b8367be54934066e173a3d74fbdd3be3b564a248067ff46c854088

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b78113902d2d6bfe0fda528d7ec524a4
SHA1 6a9660a4a79b72f8af99e5a2a5e367b983b73d21
SHA256 7285995a880f69f97ec31fea8a78bace5d3496d04c8fe347f7b6334b2bc0f7ca
SHA512 bc9d3d027774463e5dd5ce54082e7ee631258b599c36358b2c62cec799669042460f8658b7e7d46880598d73cefeeb8264c7d17e9385cf361c39101fabfc4674

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 759fe569373cd1651d0c1522e1ddc30a
SHA1 184021151b40d04fcbe8f0e688b1539e21d94e11
SHA256 7aeff958981c1502f3911654eaa6fb4ceedbdd4b654e5a423af57a2c6d4be503
SHA512 4f80efe49d76bd8693455f9b018f2047311cd623583c000fbd371ae37a4db86b10c260d2bc7919096cf21c6ccd99097341b2c855f68b188e8fe73561d67315aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1313fc39-0bc9-4043-a545-4efffa93d7c2\index-dir\the-real-index~RFe59cc8d.TMP

MD5 174f8fc809199061482b75400130dfe9
SHA1 d63c98d81e0abda8e30bc62938b00678c946c58a
SHA256 7a0433662ea777f6bbbe8e2c5189c973c27b7f8fcd823bac9c2dcba37a9f3888
SHA512 cd79dc7bed97b7d708f232696211ce8a3b7511e163fc2dfea283d2adcb252d026df1f0591f2e17d94ed54510988c7fce3715db6d80fd21d814abada032eaefac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1313fc39-0bc9-4043-a545-4efffa93d7c2\index-dir\the-real-index

MD5 a451f6eeb2cdc6dc422a55f740341a83
SHA1 e314ad3362f89e96a5b613cb5be8b1217f09a5a9
SHA256 3745542c97866158295f6c96f6189122bd53f4b0389bc76be8dbe48fd26954da
SHA512 5eea1abe5575b080c5901b1a69196a7bcd6fe8ed8ad91b4c7c3b8902a77314af9cf56fb83325d40f8821fb677308b6364c45d8f12ea35bf39f913c9545743468

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 44491e231c121bc58a1846b3d4718f8f
SHA1 4b019eac2f3e76a410ecedef86536a3186114777
SHA256 9faa87a62504d877a47fa4240f66d30f8629d4c0d53c40559c169f2fcb1ec302
SHA512 f64878b7e29706a51719f5fffd0343ef5e8546189c03695e5ef4b2b8afcd63e71f99a9bd8d1e066c5f4c68184a3889f964c675ea7a5141d6cc07714891700b3a