Malware Analysis Report

2025-01-02 05:31

Sample ID 231111-lbq5zadg69
Target a21d191bade6c3f82393cc194aa0e9e1e3ab691bee05cc1e61a4431a3bbabc19
SHA256 a21d191bade6c3f82393cc194aa0e9e1e3ab691bee05cc1e61a4431a3bbabc19
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a21d191bade6c3f82393cc194aa0e9e1e3ab691bee05cc1e61a4431a3bbabc19

Threat Level: Known bad

The file a21d191bade6c3f82393cc194aa0e9e1e3ab691bee05cc1e61a4431a3bbabc19 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

RedLine

RedLine payload

Mystic

Detect Mystic stealer payload

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

AutoIT Executable

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 09:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 09:21

Reported

2023-11-11 09:24

Platform

win10v2004-20231020-en

Max time kernel

150s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a21d191bade6c3f82393cc194aa0e9e1e3ab691bee05cc1e61a4431a3bbabc19.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\a21d191bade6c3f82393cc194aa0e9e1e3ab691bee05cc1e61a4431a3bbabc19.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NY9ch34.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\PU9Fz74.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4744 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\a21d191bade6c3f82393cc194aa0e9e1e3ab691bee05cc1e61a4431a3bbabc19.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NY9ch34.exe
PID 4744 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\a21d191bade6c3f82393cc194aa0e9e1e3ab691bee05cc1e61a4431a3bbabc19.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NY9ch34.exe
PID 4744 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\a21d191bade6c3f82393cc194aa0e9e1e3ab691bee05cc1e61a4431a3bbabc19.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NY9ch34.exe
PID 4044 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NY9ch34.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\PU9Fz74.exe
PID 4044 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NY9ch34.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\PU9Fz74.exe
PID 4044 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NY9ch34.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\PU9Fz74.exe
PID 2812 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\PU9Fz74.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe
PID 2812 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\PU9Fz74.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe
PID 2812 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\PU9Fz74.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe
PID 1124 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 2236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 2236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 3992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 3992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4872 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4872 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 1736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 1736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a21d191bade6c3f82393cc194aa0e9e1e3ab691bee05cc1e61a4431a3bbabc19.exe

"C:\Users\Admin\AppData\Local\Temp\a21d191bade6c3f82393cc194aa0e9e1e3ab691bee05cc1e61a4431a3bbabc19.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NY9ch34.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NY9ch34.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\PU9Fz74.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\PU9Fz74.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0xac,0x16c,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,8122975508504960336,5291861320192840337,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8122975508504960336,5291861320192840337,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,14049827127713598847,14385377972019715948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,12110628950437313869,11439648382962091006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,14049827127713598847,14385377972019715948,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12110628950437313869,11439648382962091006,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x148,0x170,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,6034189916242761046,7549931479902146964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,17780551477793687529,10189087799905266762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,3520033049444440457,1548342403483508260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Gi6Sq1.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Gi6Sq1.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffda97f46f8,0x7ffda97f4708,0x7ffda97f4718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7804 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7804 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5gh63wp.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5gh63wp.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 7748 -ip 7748

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Wy866.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Wy866.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13416684799705880821,4959015169767731736,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5152 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.paypal.com udp
NL 157.240.201.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 151.101.1.21:443 www.paypal.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 www.epicgames.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 44.193.60.169:443 www.epicgames.com tcp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 169.60.193.44.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 192.229.220.133:443 video.twimg.com tcp
US 104.244.42.197:443 t.co tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.150:443 i.ytimg.com tcp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 138.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 8.8.8.8:53 t.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
NL 172.217.168.227:443 www.recaptcha.net udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
NL 23.222.49.98:443 api.steampowered.com tcp
NL 23.222.49.98:443 api.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 104.244.42.66:443 api.twitter.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 172.67.209.38:80 killredls.pw tcp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 rr5---sn-q4flrn7r.googlevideo.com udp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 8.8.8.8:53 106.165.85.209.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 8.8.8.8:53 api.hcaptcha.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 58.189.79.40.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 172.217.168.234:443 jnn-pa.googleapis.com tcp
NL 172.217.168.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.168.217.172.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NY9ch34.exe

MD5 1214ce4ec99011f6fd6cffa407cc0139
SHA1 81306a6ba838d7a61f8c1349385bca487461c7e4
SHA256 0f08b4c7e7d9afd88b8f2ed355a27fa4187380dc205a2195f7de43273b6cf5a0
SHA512 bae92dde202a8325209e7f78c59740950f82722f12b8284acf620e7969a8fac5498ef99cf3c3fc8fa162a1ee87379984f59570c95133f3c460b862757719bc72

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NY9ch34.exe

MD5 1214ce4ec99011f6fd6cffa407cc0139
SHA1 81306a6ba838d7a61f8c1349385bca487461c7e4
SHA256 0f08b4c7e7d9afd88b8f2ed355a27fa4187380dc205a2195f7de43273b6cf5a0
SHA512 bae92dde202a8325209e7f78c59740950f82722f12b8284acf620e7969a8fac5498ef99cf3c3fc8fa162a1ee87379984f59570c95133f3c460b862757719bc72

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\PU9Fz74.exe

MD5 a05942f79bbda244a4705afd55cc7cb4
SHA1 33cd0bd91d2e2c006c06fb6c3b3e434e7baf6108
SHA256 8e3423cbf841a7a470b8d98deb3963d4abfc495bf352fb6f0dc892d817e57eb1
SHA512 e84fa15ad945a2853810a30c5d79191b64d2f4e2f00179a19f33bac12fe79bff439d71c016179fbbf4478dff6591581ccc33c3599f9e70751a439bad5779333e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\PU9Fz74.exe

MD5 a05942f79bbda244a4705afd55cc7cb4
SHA1 33cd0bd91d2e2c006c06fb6c3b3e434e7baf6108
SHA256 8e3423cbf841a7a470b8d98deb3963d4abfc495bf352fb6f0dc892d817e57eb1
SHA512 e84fa15ad945a2853810a30c5d79191b64d2f4e2f00179a19f33bac12fe79bff439d71c016179fbbf4478dff6591581ccc33c3599f9e70751a439bad5779333e

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe

MD5 a0bc68d49feb4c5eb5b5339f18be4af2
SHA1 d7cf036d674064da1ad288a407ed4758e7634983
SHA256 7162f3b52fe7d07565c8ac91057cf205a6ab34d4ae1c5b5e5bc083fc88d4a03f
SHA512 4e61217d62e13ebb1fe07872b4a2e53cf89c0883879d07d3ab254cd10e41e053f696034d427f87cb0af381ec76de954030cfaf38c3850f9bd6de0ccb5126cdbc

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3el579xg.exe

MD5 a0bc68d49feb4c5eb5b5339f18be4af2
SHA1 d7cf036d674064da1ad288a407ed4758e7634983
SHA256 7162f3b52fe7d07565c8ac91057cf205a6ab34d4ae1c5b5e5bc083fc88d4a03f
SHA512 4e61217d62e13ebb1fe07872b4a2e53cf89c0883879d07d3ab254cd10e41e053f696034d427f87cb0af381ec76de954030cfaf38c3850f9bd6de0ccb5126cdbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_2836_HWITXUQBPEKTXFYU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_1548_OMFVMGLWQYDFIEHH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4872_VAYRXSXNIZWAPWHT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2664_DGWOWNCNVNUOXILO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3dc2ef19fb07a7e6d76ab0ed58733f6a
SHA1 1d6c8bb4b6cd27f5fa8ecb801fec05f9f799dec8
SHA256 e4a25bcda934f714b4b7e24e4c6e4bcdb8ac224510cf27d8b48a2ac65dcafa54
SHA512 d770e8a9fc4bf2f31ff1d91b9e3a729d781556f031480e79fbfcca83cc648582304e738fde9142077592cf01a5ae46b61b135aa14a779d2ef6e2c3fe69d27203

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5901d5ecdf016b07cbc7d1680b97178f
SHA1 1fcca1083a03f7582f7126c52a3aca278fc5a111
SHA256 b8cfd82779e8ad5e3138b1a78bfcf5209a1178840c1fa667ca998b1e3ff0110c
SHA512 389805970480fcb1d13cb28dfa43700526203389518762b20e3c6512b689f1878f73be5ba5ae64396d98b3a3e99c9e8a84dfd238e4f9f03f9e3a432a59409cac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3dc2ef19fb07a7e6d76ab0ed58733f6a
SHA1 1d6c8bb4b6cd27f5fa8ecb801fec05f9f799dec8
SHA256 e4a25bcda934f714b4b7e24e4c6e4bcdb8ac224510cf27d8b48a2ac65dcafa54
SHA512 d770e8a9fc4bf2f31ff1d91b9e3a729d781556f031480e79fbfcca83cc648582304e738fde9142077592cf01a5ae46b61b135aa14a779d2ef6e2c3fe69d27203

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c0b8235a11b8e6351371b17b5dd83c43
SHA1 0f4376a885c46eaf368dcb12212669b4ba1d4afb
SHA256 ff7c2290784763f0598275b3dd67d49cc21dc1a8308aa8a9e9b9fe193e7973a5
SHA512 9b2c7e650773bc48d69635ec7e9e0f2b2bbc3f6e75a780455e0531077ff4bd3f31074437c903cc3511e4a192e4117e78a7212d7f072600d35ae54302d66ce1f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5901d5ecdf016b07cbc7d1680b97178f
SHA1 1fcca1083a03f7582f7126c52a3aca278fc5a111
SHA256 b8cfd82779e8ad5e3138b1a78bfcf5209a1178840c1fa667ca998b1e3ff0110c
SHA512 389805970480fcb1d13cb28dfa43700526203389518762b20e3c6512b689f1878f73be5ba5ae64396d98b3a3e99c9e8a84dfd238e4f9f03f9e3a432a59409cac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Gi6Sq1.exe

MD5 45b2b7c6abfba4751b7861e886fa1f59
SHA1 fb5186a14029b594fe09bd0d2f50aa90641529c9
SHA256 7af1456fc7f243481647ec6411dd4361902534d8a8d91fb8185d33fc8770d8d6
SHA512 cc29f3b087d3e6ed0dfec1bb18fda1c8ed2bf23a689f758b846b2c7025e8b345a950d6bcd0b2f330f40a39d6926f6f2bc9f2951c51b17bbf30f59198048c0913

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8b1804233a0f0e1f1030d416268cc8d6
SHA1 f529381376e38f717c3e757c394232d051f1f382
SHA256 24027b58056d539a659c35c1620ce49007e19f998669d2e5d8b756181a9f87d0
SHA512 36cf5385c841e52cea8cad79522d05bf3e71443353128d4dff5e0142b5f9f7dcaa29bc5c1f3cdedeac00f883d15d4d966eaf76c40ddfb2d89a5ced2b454a5996

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 85febad464da206baf3aa11776fbd440
SHA1 c0a46cd5f819d0d2d7e23b2d4e7881dd803b378b
SHA256 d29754d7fa2b3f82e1d7e3a146214da6e194b5431d6dd9927e9f70d31ba3c0c6
SHA512 9fe84438b01dcd2a806dfbe832658618466558de81bee8af6b108ea5e8ee190034f21c8270535c9da74be97d4c2414dfa271d98ac2678c1b44140bc5ae503148

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 11ccd85656276cde6e786e6556b8c7ef
SHA1 102cafb4a529548b2e1970a916d0aab883fe0a7a
SHA256 c82ac277c2ff2afc8f1a760d7c8ad8b680e6270f37727676138f530319068a91
SHA512 6ba247784da8bc88cf4de5a6066433b979a83b3b8759ae1e3f56f84dcb7932b3cb54e9e43d4f71a97c7219a293a02480248731ae9131efaa720a88f2084089a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 11ccd85656276cde6e786e6556b8c7ef
SHA1 102cafb4a529548b2e1970a916d0aab883fe0a7a
SHA256 c82ac277c2ff2afc8f1a760d7c8ad8b680e6270f37727676138f530319068a91
SHA512 6ba247784da8bc88cf4de5a6066433b979a83b3b8759ae1e3f56f84dcb7932b3cb54e9e43d4f71a97c7219a293a02480248731ae9131efaa720a88f2084089a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bdfec07f-4d15-4f6d-99e5-82d332a8ab80.tmp

MD5 8b1804233a0f0e1f1030d416268cc8d6
SHA1 f529381376e38f717c3e757c394232d051f1f382
SHA256 24027b58056d539a659c35c1620ce49007e19f998669d2e5d8b756181a9f87d0
SHA512 36cf5385c841e52cea8cad79522d05bf3e71443353128d4dff5e0142b5f9f7dcaa29bc5c1f3cdedeac00f883d15d4d966eaf76c40ddfb2d89a5ced2b454a5996

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c0b8235a11b8e6351371b17b5dd83c43
SHA1 0f4376a885c46eaf368dcb12212669b4ba1d4afb
SHA256 ff7c2290784763f0598275b3dd67d49cc21dc1a8308aa8a9e9b9fe193e7973a5
SHA512 9b2c7e650773bc48d69635ec7e9e0f2b2bbc3f6e75a780455e0531077ff4bd3f31074437c903cc3511e4a192e4117e78a7212d7f072600d35ae54302d66ce1f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Gi6Sq1.exe

MD5 45b2b7c6abfba4751b7861e886fa1f59
SHA1 fb5186a14029b594fe09bd0d2f50aa90641529c9
SHA256 7af1456fc7f243481647ec6411dd4361902534d8a8d91fb8185d33fc8770d8d6
SHA512 cc29f3b087d3e6ed0dfec1bb18fda1c8ed2bf23a689f758b846b2c7025e8b345a950d6bcd0b2f330f40a39d6926f6f2bc9f2951c51b17bbf30f59198048c0913

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 85febad464da206baf3aa11776fbd440
SHA1 c0a46cd5f819d0d2d7e23b2d4e7881dd803b378b
SHA256 d29754d7fa2b3f82e1d7e3a146214da6e194b5431d6dd9927e9f70d31ba3c0c6
SHA512 9fe84438b01dcd2a806dfbe832658618466558de81bee8af6b108ea5e8ee190034f21c8270535c9da74be97d4c2414dfa271d98ac2678c1b44140bc5ae503148

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3dc2ef19fb07a7e6d76ab0ed58733f6a
SHA1 1d6c8bb4b6cd27f5fa8ecb801fec05f9f799dec8
SHA256 e4a25bcda934f714b4b7e24e4c6e4bcdb8ac224510cf27d8b48a2ac65dcafa54
SHA512 d770e8a9fc4bf2f31ff1d91b9e3a729d781556f031480e79fbfcca83cc648582304e738fde9142077592cf01a5ae46b61b135aa14a779d2ef6e2c3fe69d27203

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5901d5ecdf016b07cbc7d1680b97178f
SHA1 1fcca1083a03f7582f7126c52a3aca278fc5a111
SHA256 b8cfd82779e8ad5e3138b1a78bfcf5209a1178840c1fa667ca998b1e3ff0110c
SHA512 389805970480fcb1d13cb28dfa43700526203389518762b20e3c6512b689f1878f73be5ba5ae64396d98b3a3e99c9e8a84dfd238e4f9f03f9e3a432a59409cac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 11ccd85656276cde6e786e6556b8c7ef
SHA1 102cafb4a529548b2e1970a916d0aab883fe0a7a
SHA256 c82ac277c2ff2afc8f1a760d7c8ad8b680e6270f37727676138f530319068a91
SHA512 6ba247784da8bc88cf4de5a6066433b979a83b3b8759ae1e3f56f84dcb7932b3cb54e9e43d4f71a97c7219a293a02480248731ae9131efaa720a88f2084089a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1344837ecc32083a27224aebe29a3822
SHA1 39c51d498bde42b0718b87be8ace159d7212135d
SHA256 dce616a6bcc54629dfb036d39f605c50b69b240a56670e66a23566c3dbd333e1
SHA512 0a4029c553ea2d06ace75b60372992d99f2d04fc56bb52636f05cc14339e783916df1963136dd8f0a92a5630f4751cc89ca142bdecb4011e58470ff57b5f64a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8b1804233a0f0e1f1030d416268cc8d6
SHA1 f529381376e38f717c3e757c394232d051f1f382
SHA256 24027b58056d539a659c35c1620ce49007e19f998669d2e5d8b756181a9f87d0
SHA512 36cf5385c841e52cea8cad79522d05bf3e71443353128d4dff5e0142b5f9f7dcaa29bc5c1f3cdedeac00f883d15d4d966eaf76c40ddfb2d89a5ced2b454a5996

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c0b8235a11b8e6351371b17b5dd83c43
SHA1 0f4376a885c46eaf368dcb12212669b4ba1d4afb
SHA256 ff7c2290784763f0598275b3dd67d49cc21dc1a8308aa8a9e9b9fe193e7973a5
SHA512 9b2c7e650773bc48d69635ec7e9e0f2b2bbc3f6e75a780455e0531077ff4bd3f31074437c903cc3511e4a192e4117e78a7212d7f072600d35ae54302d66ce1f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f754a969527b5f74bfb4750108cca184
SHA1 60accdc630c83dc63004bb97b95f823aec84e4d4
SHA256 0e7e3d997882295ac668c2783353b87381a1025e54c7dd89e5962fb11e6899c1
SHA512 1b86554efb1797a01c392f501234623f86e9ed0d0ddef8696791633c1b98e9bae59ba82941d20aa720ebf4c8e42d4221d6740c26285438e8e7adc1a53c7909c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 85febad464da206baf3aa11776fbd440
SHA1 c0a46cd5f819d0d2d7e23b2d4e7881dd803b378b
SHA256 d29754d7fa2b3f82e1d7e3a146214da6e194b5431d6dd9927e9f70d31ba3c0c6
SHA512 9fe84438b01dcd2a806dfbe832658618466558de81bee8af6b108ea5e8ee190034f21c8270535c9da74be97d4c2414dfa271d98ac2678c1b44140bc5ae503148

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/7748-287-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7748-288-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7748-290-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7748-292-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b77c4db6d206052cc01892556b54b4e8
SHA1 dc3d5532d88abf4f33630ed508355c0f71a2f60e
SHA256 5a677ef6790e61b558bb54451633ea5c263ae7d349b041175f15d99c28b6a6e2
SHA512 d5b4acfb1f6352007934354ab7d63fa5e114171570f772a9c72185bd426f4ac1569d9467533aeccc4d1f62e75873cee8a7ee9a627b9beb22091b1c7956ca4f29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e05436aebb117e9919978ca32bbcefd9
SHA1 97b2af055317952ce42308ea69b82301320eb962
SHA256 cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f
SHA512 11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/7812-347-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7812-351-0x0000000074300000-0x0000000074AB0000-memory.dmp

memory/7812-352-0x0000000007EB0000-0x0000000008454000-memory.dmp

memory/7812-353-0x00000000079A0000-0x0000000007A32000-memory.dmp

memory/7812-354-0x0000000007B20000-0x0000000007B30000-memory.dmp

memory/7812-355-0x0000000007A40000-0x0000000007A4A000-memory.dmp

memory/7812-360-0x0000000008A80000-0x0000000009098000-memory.dmp

memory/7812-363-0x0000000008460000-0x000000000856A000-memory.dmp

memory/7812-373-0x0000000007C20000-0x0000000007C32000-memory.dmp

memory/7812-374-0x0000000007CA0000-0x0000000007CDC000-memory.dmp

memory/7812-375-0x0000000007C40000-0x0000000007C8C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3d8158b8d17f1ebcd7ad8a7b5e7a052a
SHA1 c6de44f7607a81c1a4d1b8ad0cb31b5e7ea1624a
SHA256 ac5e7dd4f7ab263f2fddd0607721f35cd520d61a446e44a0e4392f4e359b6990
SHA512 6c8f9f8f3499e314c39fd48415b27c3de6ad2ca98cccf7ce4d9ae0a246c7ccd5da4bf59bfd8d4422814fcb1eb8088b48e03456bf4451e127089ad924ef5f2207

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5851d4.TMP

MD5 1219a09a9d662a3ef3e7463524050f2c
SHA1 c2a28bda76b59327c292de1a2c4d65ebb9a8977c
SHA256 5cb9776cffa82d9f05600fece4dd76d5d2ceba15188eafbd06024f01821dccca
SHA512 f91be273e3cdcb5a7fcdb581398f407f9ce2ff1a05ea437d66fd828864ba1b15e62cc48ddaf17e617a56444abd1c3ca945a5a8c2954bc458c77af86831afa2d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

memory/5668-573-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5668-574-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5668-575-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5668-581-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 3b2b3c669cc49c8037e98b53eeb9d415
SHA1 604a9a0c343784e375e34b7ba09334809c035918
SHA256 203e63d8ea13e34be04a3d45472e941c5f31c9faa4c535428c4b47f63763fc4f
SHA512 a4636302e8ea2f1386861bbf85166c6da9761df97a4c1e70b521843ccdcbd7da5f81b96f799ba59cd983bd88c0157bea8e243fba6af46bcd4459e5e1cda28511

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe586dc8.TMP

MD5 4d903834c1e20f1f3df0c2505d1ae11f
SHA1 dd49a3dca6d574679c10906d1a74203a4d0b9362
SHA256 b171f22e2b0b82dbc6a92ac01f99dd5a51decc1d50ffbc007ae4ae5f0ac20a09
SHA512 f149af34db40132c152bd5b7f61c76b09657e23eb75c6aff3a0dc4f68b31fa02c68f007a0c6de4af4e41ed8858bb9f55c410c04cd8613acfa4a0d5b34b8d3e2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a678d5c6de9cda2902c2f00dd49b7a44
SHA1 bd386621a9ad2cbce0bf277168dc2f869d0bf9d7
SHA256 ce46a4e690356aa049531b2d8e9c1c5bc340332da58eca39a6c9d8e0d97cefb0
SHA512 adeced28695deb024dda0d727921c0569561e55c30db1026d5d8cc20a349b790cc9000b5c29d053a856a1bacbd6f271a455b1ba9320024b80bc40ec04ec217cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 05adc0615ed326d7cb9c793b737af34b
SHA1 44b0920a1395d47e656a6a64ef45adb386f1db72
SHA256 9a22f712159f10f9cd5422f29286a96b214b31e74cd4aa983b8538a461389258
SHA512 b690b3f7baa87546c0d8ef91805775e1a040fede7fccfb6afa3dab0ba988ef1175b396c7baa08658fb5cd6c75597f551d09a33c5d9cb8647d0f7486709111e01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

MD5 8df8a4119c3982766daedbc7e4458f52
SHA1 0a7bcf317687249eacab7f9fb475d3d133caa5c6
SHA256 f5169c37db305a4dbbec713cca0e65f6bd0cc93f92b7111f6703b955c1074ce8
SHA512 bdf46c5d8289329e3b1868b9e0b4ca54fe6f15d10a40fee6599a780ccd541ce494d53f79c9d6c6e494805bdc92ed133b7c748144118d13783653a729ff5170d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2605d795-786a-4a40-bed7-90f189d09300\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 30c040e015a2758f9e786fc937461619
SHA1 dbe56cce56fd16060a1f39cdca1e7912b8833e8b
SHA256 2ac59dced62bb897508ee89fa88cd7b824dae74d0735a2d7e20f30b29bd5bd68
SHA512 b844bea69ec41c678e4087a9af6818351ecb62207c7446cfcb2a5578e3ba1fc8654da6c8a67638ae90ef0a598748137dda82ad10425dd51ad340634951f51d64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3df877ec22861d6d3d84aef9d5086b24
SHA1 c63d97086209b6274623f05f5c015db50ee322f2
SHA256 be217b7fd897d51654d9a312f7c2be8fc6683213b8404ad79bb0fc64cdd3b5f2
SHA512 c2115e8f2bef0f81aeef866e86cc8a66cc1fe966175077a243d82f3889aaf771f5c256231752617a74dc8af3bafbe20dba2f050dc55c9bef34fb2140ef8c1d5c

memory/7812-964-0x0000000074300000-0x0000000074AB0000-memory.dmp

memory/7812-1021-0x0000000007B20000-0x0000000007B30000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 841e4fee416a95cf84c02a2433d20c5b
SHA1 14ff10f580a05acacda5a6b2329e84a2c62e5382
SHA256 c80b3fbf7838fd6853008229c56d60eaca1c5953411139809c18086579c465d6
SHA512 a1df66bc4071d04e9f960e5465caca51e55e6c971bf8f90ae97b82ca763b87d68cae43cd9ea71ab0300835b09ce317e5c36bc05126fdb447b99745e04bf32aca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5e13ef7e2235a1e596ceeb0f76d368ff
SHA1 64857541651b1dcb682baddd0a1e7c94ffe4143c
SHA256 44947faa3480d263faed1a9ecc6bdf8294458ecdb76ef06eda469e6a7197c512
SHA512 65b9fe88e9d040653036cb54c3dda9a74bb0b3f1de8a128a4aebaf66cf41520ef9dd24483c9f7ba77014ae9e68c909db7d3fdec777b67b53077c1b887b09ce9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\14fe0722-b0f5-4960-b5c4-dc399be33626\index-dir\the-real-index~RFe58beb7.TMP

MD5 10432f45f57308b6c553db81c3b99f60
SHA1 c7fac734577ef1748ab617928acd2cdec7b6cb85
SHA256 c9a39171c9840e44bd24faeaaef8c4cec705d308b53dcee8cf5fe345e1ca0c82
SHA512 22faa98fd2dcbb9952e3ca34d0230669deafe3003ad82159a5b4b9f715ef8f2df73775efa21e9ac78992e8039d196ab7ce0497bf27f98682ac85320a30b17e3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\14fe0722-b0f5-4960-b5c4-dc399be33626\index-dir\the-real-index

MD5 b8f1f6aaf1184c46ad1891f409175b52
SHA1 5b1fb97d2fa06ad432e217f72a95defb333729e7
SHA256 919a30280d69903a409810a6c96760fa9fa3d63f340122bd4d910078a4b6aa1c
SHA512 a1aa6e7f8bbb9608362899418c639f87cc1659e78a4b2c0b0f85c883e323e26cc324fc7a2f41a24f7cf9d600df00fe99693ba660e332ef91e70fb4bcf19ee0b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 80202a368ffc6cd968b560a693baaf45
SHA1 cffacbed8531aad7b3fcb7c6662685d07b14f3fe
SHA256 c689092956834453442c42649f4cdf5bbee077f9c82e44c4681f451f38274801
SHA512 17a1de7126aa38bb063a19f783a9020c56ad5bab2553d3cecd02223369013d90299b73a76afeff4e9024b2238ab501513a5b51b92e410a4227341cda71d36996

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9060815819d2bf6a9574daceef350c09
SHA1 f34b8b1b9b83b6373fdda7be7ba326d307729b7e
SHA256 9137992c08097fe0c57d78d14c7b526eef1b92be0687cc0056720317a6a312ec
SHA512 af6f8ef8d7d1989a50f66decdf571dc987ce5584e00a073ecd102eac350f3e927db1f66767f99a5f56285a549a3a2a9018d76bf369242c324b3c5c76b890b11d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6f836fbfd33a219b54c5be9af7b06276
SHA1 ec2754a921b44464cb004159f6ce96e88f75d366
SHA256 543bd8779bca65e932df752848b28e541a1cf7e5d6ffbd6df80333fc6fb96b69
SHA512 f478e0d3ce0fc4804379d2da8baf8b21ff505372d9e3fc27913aa396401d0fb3f82ef3d831d7c3b5078a585c87096c9b959188e8fa99775351fdac7b51ccfc05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d973.TMP

MD5 584e344f3dc06166595861d7cdeb386b
SHA1 7d009040279d465fbeaec19917f52c90c2a3f4f7
SHA256 fa9561c97fcc14a7f9006aaaf179e3b36dd651f9f3577dbc961ddb38914d9b74
SHA512 4969df32ec53db0a40bd48248f803509f356dce0074393feb1aff7cf757089dea81e14c4c6319dede1a701291c2be8597265366541306b6f6d00ceb67259835e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1b27526d9ff7f1f5324889d83b3adbb5
SHA1 29d29c37e0b7c81fc9603e64bac329747f3c212f
SHA256 a6291111edd35104f52e90f77f1d9f17675fb2f1b41b6d7d33c80e19db3ebffc
SHA512 f54fd32f3dcf4912899b3795868b558ae4141f4be316e8f5d5de01a2ac1a81ed6745b698635763fe33783d8baac64e1adc9195f5a101c13f1dbd5d01243728b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d54dc263-226c-40ef-ba0b-2475f724d046\index-dir\the-real-index~RFe58e663.TMP

MD5 9dd51b4b5fbebc45250fc7b0c4023934
SHA1 18df14d1c9b3d63dbd0058bedeb8fae878e0269b
SHA256 c679776b20f5156fccb9c20e4263f260657502d597e0ba2ee9137cfeee93afe7
SHA512 40c1ca34d9f329006cdf347aeaaab3f4a61bde771933c28b8aa0697f15247afc95f46280b19c89f8a44953b15dda7401d697751a471b2f6f1fb5d1647fd9b636

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d54dc263-226c-40ef-ba0b-2475f724d046\index-dir\the-real-index

MD5 97f7344c06929cb4e787c2df016a1d66
SHA1 097c5f1bea1674a565b70feaba3e90eee3a9921d
SHA256 c4e53940f9bf19d8a6af6c3af4467ba59cf5863cd6da5d6d18afb771015049e3
SHA512 e0a6f086e4b4b678853cff293b53cd5c36e8260521bb3e0bfbeb76d5563b68e803a0e54124986ec8a0f8aa6317abd614624b0d62268b87b5992d1494883edcbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 206cac28a9799861dd13b56de14ae10d
SHA1 7a893ec36c38803b2706c21bbd6fd99b2f608bb6
SHA256 2c5b7c9a5333b27c586c46ec13cddc95b00ff7a7b49898e6700a38604227c8bc
SHA512 31d9e4b069a275ac4d41ea809f06a797132b185700155914c22d8438a2a8040ccd6b3a050e1b5bb4786ae4aca608423207fcc0b5ec42cce591f6a3ecc7bb2982

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 13fef8d33d2051f3ad75eab50ff31bbc
SHA1 ba4ea27d62b10bcf485318bb275f4f969b8b9493
SHA256 bf8cf074317600bc245593399c606128864ba59c946c66d5369f9e084852041f
SHA512 aaa3c00548d3255319493a15cbff83f8e3105fe85b6260f951a919c1bebcacdde4324c1b2419c93e7a45409efd8989da45aa1ab3ceda8b822ad5b207a1d1a319

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4ffecc41005c69b01e192a673af4c895
SHA1 a77618ac70698837bfb606ed27b155aa8c0395e4
SHA256 16827baaa69895a571119c5cd25f028af097f41c8c8289daf459fbe1379dfc82
SHA512 1c0cde974f0492d883c707b662f53bb194b82be4cee6cfcbecd8c6cacf38fd98a071c6d4a33c8f57b08642afbfdbbd348d6b167870b79d1c3eacea91aa38bfb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\914a4393-b24f-4bf2-95ab-881ff33bf3ae\index-dir\the-real-index~RFe59300f.TMP

MD5 48d6f27ae129e26316e51dabe9d6e60a
SHA1 3cbea03bbc2bc5ebbc9898a114c639a842f927c6
SHA256 e211b1d32768826ff3878588da2101193af03b7f1b5e1b641664285392de7062
SHA512 5cd5252c7134b3c20749ccbc3d3681adb1662ff4cc89b9fe49a119d26c7bb2ce62818f981c1bb9c52261cb06f69a21cdf75395a7195d72591239591573873be7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\914a4393-b24f-4bf2-95ab-881ff33bf3ae\index-dir\the-real-index

MD5 68f81debab3af3103e53201951498765
SHA1 c6f8b257822c8f813f866dc181faf7d359b16e8a
SHA256 ad1909e9c79cdf3aae8e15af397eb29ba911359fd8ee8da231ced185737336f3
SHA512 6c43babdd178135b2bb6aa12b53f265b93ad5331d85d9722c5412745d34afdcb705b751a95f4b1dee65cfb15054fad28acbf599faaaa8bda19e8005e137aa8b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 941da6ff1ce7833b5179fca23e264aa1
SHA1 efba29194fa7b5f46f56e0a6d6f183be648e7c2b
SHA256 dae015aed28760507a84845a6824abf1ddaba73c397e40370a2a6f6e8689b80e
SHA512 199b7bcf6f724fe8649410341b9f8776d6a9ba0fc5cc18f69bc9c09d50e78943b2b36bbaa815734ce43caef97f870719f86146d8f24a6f26c6fd47301b420125

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 190340d5da9001e202c7e1d31f45cf71
SHA1 d9d11fb53c9272ec18e1688fd722861961d917ee
SHA256 c30829575ffc5406ff4b39ffca29d31acaafba0f258343b026800463e005a50b
SHA512 9aa8802a55decab7ac23e04661a65d7e7634f25fd3385e63d11973e30cb11f2bbba39388590f725ee6b3d54b6376c9e52bbca1c1019a483bfb42e57e20350755

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f5dd7a888686596d74798b9d62e8cc32
SHA1 f836f3260c8714f8844cfa7975fddf71fe9e74c2
SHA256 7ae535ccb9067a540cec2e94a4e94af37247fe11b3e9f62d7efdbe309f988339
SHA512 8dbd3d7bfb55e6ca28e35285c51d7ff27959f1c90748b59617c045b04298a08199a473277c938b382f1384fc83c6ebc6a3af5eb59c28bd0957825521c1ee66d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c6f4a6637a25d263b9ffd99d7789d831
SHA1 328a8f4a567d7dea92c3c3c43a23585363a8c4bd
SHA256 59dbdde520b67b99797e2d6a6eb0b4879764d1965740dd760d80ba62bb555d46
SHA512 f093c65e036302cf528ea2e678705b57575aa20045473be4507d5f5b88e1fc57161e15095f9bcaa9e5e0db1341ca7e2f70822d404733629438cbc94592e985a3