Malware Analysis Report

2024-12-08 01:03

Sample ID 231111-ld6y7scg8t
Target 710419d0e6c14d032f33709e9178dd67.exe
SHA256 012f273e7823dd960ded3b000bbf19481f738cb7f92b1e602fca49038c7f17aa
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

012f273e7823dd960ded3b000bbf19481f738cb7f92b1e602fca49038c7f17aa

Threat Level: Known bad

The file 710419d0e6c14d032f33709e9178dd67.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

RedLine

Detect Mystic stealer payload

Mystic

RedLine payload

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Detected potential entity reuse from brand paypal.

AutoIT Executable

Suspicious use of SetThreadContext

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 09:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 09:26

Reported

2023-11-11 09:28

Platform

win10v2004-20231023-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\710419d0e6c14d032f33709e9178dd67.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ZH5MN77.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\710419d0e6c14d032f33709e9178dd67.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\gQ6lY95.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2308 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\710419d0e6c14d032f33709e9178dd67.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\gQ6lY95.exe
PID 2308 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\710419d0e6c14d032f33709e9178dd67.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\gQ6lY95.exe
PID 2308 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\710419d0e6c14d032f33709e9178dd67.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\gQ6lY95.exe
PID 4308 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\gQ6lY95.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ZH5MN77.exe
PID 4308 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\gQ6lY95.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ZH5MN77.exe
PID 4308 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\gQ6lY95.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ZH5MN77.exe
PID 1016 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ZH5MN77.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe
PID 1016 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ZH5MN77.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe
PID 1016 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ZH5MN77.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe
PID 568 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1596 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1596 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 716 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 716 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 716 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 716 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4432 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4432 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 904 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 904 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\710419d0e6c14d032f33709e9178dd67.exe

"C:\Users\Admin\AppData\Local\Temp\710419d0e6c14d032f33709e9178dd67.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\gQ6lY95.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\gQ6lY95.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ZH5MN77.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ZH5MN77.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff8e96446f8,0x7ff8e9644708,0x7ff8e9644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8e96446f8,0x7ff8e9644708,0x7ff8e9644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8e96446f8,0x7ff8e9644708,0x7ff8e9644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8e96446f8,0x7ff8e9644708,0x7ff8e9644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8e96446f8,0x7ff8e9644708,0x7ff8e9644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8e96446f8,0x7ff8e9644708,0x7ff8e9644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,8431809799742964975,10977071507620645566,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8e96446f8,0x7ff8e9644708,0x7ff8e9644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,8431809799742964975,10977071507620645566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1480,6877196715631910116,16820266367297563108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8068615421132989267,7312574040392778460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8068615421132989267,7312574040392778460,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x7ff8e96446f8,0x7ff8e9644708,0x7ff8e9644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,14079754724190178637,17887037128075078080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8e96446f8,0x7ff8e9644708,0x7ff8e9644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,6822980226801301402,7567222343613908287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8e96446f8,0x7ff8e9644708,0x7ff8e9644718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Mi1Fy8.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Mi1Fy8.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7440 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7440 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Bi73IN.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Bi73IN.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5488 -ip 5488

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Kg019.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Kg019.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5000 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10134546509192213635,6525998333189693359,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5800 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.epicgames.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 3.227.115.152:443 www.epicgames.com tcp
US 3.227.115.152:443 www.epicgames.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 104.244.42.193:443 twitter.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 152.115.227.3.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.150:443 i.ytimg.com tcp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 192.229.233.50:443 pbs.twimg.com tcp
US 8.8.8.8:53 t.co udp
NL 199.232.148.159:443 abs.twimg.com tcp
US 192.229.220.133:443 video.twimg.com tcp
US 104.244.42.197:443 t.co tcp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 65.252.72.23.in-addr.arpa udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.208.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 98.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 204.79.197.200:443 g.bing.com tcp
GB 216.58.208.98:443 googleads.g.doubleclick.net udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 rr5---sn-q4flrn7r.googlevideo.com udp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 8.8.8.8:53 login.steampowered.com udp
US 8.8.8.8:53 106.165.85.209.in-addr.arpa udp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.21.53.57:80 killredls.pw tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 204.79.197.200:443 g.bing.com tcp
US 204.79.197.200:443 g.bing.com tcp
US 204.79.197.200:443 g.bing.com tcp
US 204.79.197.200:443 g.bing.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 126.177.238.8.in-addr.arpa udp
US 8.8.8.8:53 73.239.69.13.in-addr.arpa udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\gQ6lY95.exe

MD5 c744781ee8f7f58d10d663811f088300
SHA1 165ec0796edb98a1a4870a3c9c99fc8447294ae6
SHA256 09a19d580b8503dc5b5e2ca95e2917eee4db1b0859007f680b6fcf9e6b9ce2c9
SHA512 1a71795cda52d879ab105e8d513bae5f9ae69f0dcaf5db9f96e32b946d6be02676743b57d1781e7b80dbb04781d1150872f63bbc5501003b8116908bd5b6e5b7

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\gQ6lY95.exe

MD5 c744781ee8f7f58d10d663811f088300
SHA1 165ec0796edb98a1a4870a3c9c99fc8447294ae6
SHA256 09a19d580b8503dc5b5e2ca95e2917eee4db1b0859007f680b6fcf9e6b9ce2c9
SHA512 1a71795cda52d879ab105e8d513bae5f9ae69f0dcaf5db9f96e32b946d6be02676743b57d1781e7b80dbb04781d1150872f63bbc5501003b8116908bd5b6e5b7

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ZH5MN77.exe

MD5 61e30bf7296cd4888734a2c82f35d870
SHA1 22c2fb653f00524920f1428e451c6035eb3ea780
SHA256 ef957b7f9fe2be616112d34b25f49ea5874385ce738553ea0413a90dcf857c57
SHA512 22b7c7daf11b559cf891afbe032d63a747993add6024db8e5f6552be531b51fe075950a0d307c9dc909aa21a334b7030632324d4d9646c42c8536d9f656b3613

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ZH5MN77.exe

MD5 61e30bf7296cd4888734a2c82f35d870
SHA1 22c2fb653f00524920f1428e451c6035eb3ea780
SHA256 ef957b7f9fe2be616112d34b25f49ea5874385ce738553ea0413a90dcf857c57
SHA512 22b7c7daf11b559cf891afbe032d63a747993add6024db8e5f6552be531b51fe075950a0d307c9dc909aa21a334b7030632324d4d9646c42c8536d9f656b3613

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe

MD5 cc92f4aeb00d26dcb5b96290069749df
SHA1 3a4525f7eb1c1b4b1a46c20dd040f04b1c7a60e8
SHA256 8df2b018f5735652e3b24f6d8cf4a9cb3df74e103235b7ecd582de1453003705
SHA512 63534a0a64b549e56d6036d210beef832c178df40899468d784524f4496de8aa44f4841821b68c8d4519a0fc087004bd3d505841f0311fe00479ef5bbe003ccf

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3aW962YY.exe

MD5 cc92f4aeb00d26dcb5b96290069749df
SHA1 3a4525f7eb1c1b4b1a46c20dd040f04b1c7a60e8
SHA256 8df2b018f5735652e3b24f6d8cf4a9cb3df74e103235b7ecd582de1453003705
SHA512 63534a0a64b549e56d6036d210beef832c178df40899468d784524f4496de8aa44f4841821b68c8d4519a0fc087004bd3d505841f0311fe00479ef5bbe003ccf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_1596_XSZMLENTNXHIGKLI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1964_MFZSRSNHXRULORZF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 572e0c31e06dbb46725d6d7e055c84c2
SHA1 3b423612d83cc146a92214312004ec22158255b3
SHA256 63538ba38a33a06d4c5576b2654e2f2c213a06ee7d694d5070b1660bb470478a
SHA512 f3ab26a790f911eb736b713bf5a9d209fb7b800fafd6dda7abfa8880ddbeda3dcc59e8cb0feb3b3da5242043ef93f866928b86a28d422b7c44ad5693bc690c01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 096c1ad02d5524c2f36c0a74bb6f57fe
SHA1 153ce1bb73d7e33cd470664c7d5d22ffe552e50a
SHA256 6ce5acdd0e9ac0bcbdf7f2f44093956bb2a885e742d6b0f0f68ae1a4dfa5c6f9
SHA512 a4b246b02118c0a82ebe5d52acabab6ceae6ad6ae144965ffda83e493db9ec64134c66a4c38b89418d00ad1b8de9fbe52005227330def47cb3bce9626823ca5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 096c1ad02d5524c2f36c0a74bb6f57fe
SHA1 153ce1bb73d7e33cd470664c7d5d22ffe552e50a
SHA256 6ce5acdd0e9ac0bcbdf7f2f44093956bb2a885e742d6b0f0f68ae1a4dfa5c6f9
SHA512 a4b246b02118c0a82ebe5d52acabab6ceae6ad6ae144965ffda83e493db9ec64134c66a4c38b89418d00ad1b8de9fbe52005227330def47cb3bce9626823ca5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e2f1b2a2c33868d6d92aec506988b50
SHA1 6da2bf334666fe0918405c8f96785fc255eaf313
SHA256 949bd46d099f294099d035a5cbc98b905651342268d4ce481d31d73541947764
SHA512 81e2ba53363b24447a53456913c4259b05d2f6a17edd304a8d65ede4d7a0c4f779b65cdd171788e39695fe9336951c852cb7b15c12809a1a96183bf8aa77fcf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 572e0c31e06dbb46725d6d7e055c84c2
SHA1 3b423612d83cc146a92214312004ec22158255b3
SHA256 63538ba38a33a06d4c5576b2654e2f2c213a06ee7d694d5070b1660bb470478a
SHA512 f3ab26a790f911eb736b713bf5a9d209fb7b800fafd6dda7abfa8880ddbeda3dcc59e8cb0feb3b3da5242043ef93f866928b86a28d422b7c44ad5693bc690c01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4b00a2a6-9c6d-4a84-bae1-c864de3acc81.tmp

MD5 a299c7c34ded1bd76c278258a8768be3
SHA1 da445c41eae98e1da496db2ab58847ca4946864e
SHA256 08b46c54e1859d1bd448e1ea4e34fb077157aa798824605be6948af94b42374d
SHA512 71124a341ee6ac67b253026e68f269f2f13dbc6734b08fb113f93f9a7b56fc42b9e19f9f7c80a625b45fd1e3db5fac8b17d30a287ae830f1efdad2fc39081fdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dc6120c64fe4300d837dd84447c7e883
SHA1 9fcae92bde9ddffcdee0aa495b35ed371cdebda6
SHA256 2b89f9f36e427c89f4f0e1607287d9a152902b658041eec9dae27827fc0db293
SHA512 7f4d2b58124f855e6264d76add141b4601a29ff8c84368885fda7464ec286dfbdd098e5338543bf262df42f41760ff9eefa30c27f737ccb8135a9ad7b9079e64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dc6120c64fe4300d837dd84447c7e883
SHA1 9fcae92bde9ddffcdee0aa495b35ed371cdebda6
SHA256 2b89f9f36e427c89f4f0e1607287d9a152902b658041eec9dae27827fc0db293
SHA512 7f4d2b58124f855e6264d76add141b4601a29ff8c84368885fda7464ec286dfbdd098e5338543bf262df42f41760ff9eefa30c27f737ccb8135a9ad7b9079e64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6b498d2218d032617a3d9e39cf7411d5
SHA1 cc44a406bf91a9065ab4eb77a808dcca493b6ca9
SHA256 a502b650a97fd0e53fe6de6f48fe092178ab5dd96e4c5dc7ff609ee04ad5112c
SHA512 7a8835cfd923b7a451c7e4e51b06ff15eb6830d5c69a51f08b2d2440a4028620eca0dcddf6f16d4f45aff6ceb5844b9b907f5c4caab5a8464c128801dd713a00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 096c1ad02d5524c2f36c0a74bb6f57fe
SHA1 153ce1bb73d7e33cd470664c7d5d22ffe552e50a
SHA256 6ce5acdd0e9ac0bcbdf7f2f44093956bb2a885e742d6b0f0f68ae1a4dfa5c6f9
SHA512 a4b246b02118c0a82ebe5d52acabab6ceae6ad6ae144965ffda83e493db9ec64134c66a4c38b89418d00ad1b8de9fbe52005227330def47cb3bce9626823ca5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e2f1b2a2c33868d6d92aec506988b50
SHA1 6da2bf334666fe0918405c8f96785fc255eaf313
SHA256 949bd46d099f294099d035a5cbc98b905651342268d4ce481d31d73541947764
SHA512 81e2ba53363b24447a53456913c4259b05d2f6a17edd304a8d65ede4d7a0c4f779b65cdd171788e39695fe9336951c852cb7b15c12809a1a96183bf8aa77fcf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6b498d2218d032617a3d9e39cf7411d5
SHA1 cc44a406bf91a9065ab4eb77a808dcca493b6ca9
SHA256 a502b650a97fd0e53fe6de6f48fe092178ab5dd96e4c5dc7ff609ee04ad5112c
SHA512 7a8835cfd923b7a451c7e4e51b06ff15eb6830d5c69a51f08b2d2440a4028620eca0dcddf6f16d4f45aff6ceb5844b9b907f5c4caab5a8464c128801dd713a00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e2f1b2a2c33868d6d92aec506988b50
SHA1 6da2bf334666fe0918405c8f96785fc255eaf313
SHA256 949bd46d099f294099d035a5cbc98b905651342268d4ce481d31d73541947764
SHA512 81e2ba53363b24447a53456913c4259b05d2f6a17edd304a8d65ede4d7a0c4f779b65cdd171788e39695fe9336951c852cb7b15c12809a1a96183bf8aa77fcf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Mi1Fy8.exe

MD5 282465cb811ac438486718a3742468a4
SHA1 a16f9f0c7dc09f503d1dab05c7c330ca262ee6ec
SHA256 7ebfde5acfde866ce50d249768530ed8633999e87bb4b9e6af7398c68abe98f1
SHA512 15e4070de11588757ca7092319e47282349faf4601bdc53b8343c55cce7731f4ce60fb9474b8abb6507c69ddbbd185c21bbc573484edf5b45ae38cab7c72e93e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 572e0c31e06dbb46725d6d7e055c84c2
SHA1 3b423612d83cc146a92214312004ec22158255b3
SHA256 63538ba38a33a06d4c5576b2654e2f2c213a06ee7d694d5070b1660bb470478a
SHA512 f3ab26a790f911eb736b713bf5a9d209fb7b800fafd6dda7abfa8880ddbeda3dcc59e8cb0feb3b3da5242043ef93f866928b86a28d422b7c44ad5693bc690c01

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Mi1Fy8.exe

MD5 282465cb811ac438486718a3742468a4
SHA1 a16f9f0c7dc09f503d1dab05c7c330ca262ee6ec
SHA256 7ebfde5acfde866ce50d249768530ed8633999e87bb4b9e6af7398c68abe98f1
SHA512 15e4070de11588757ca7092319e47282349faf4601bdc53b8343c55cce7731f4ce60fb9474b8abb6507c69ddbbd185c21bbc573484edf5b45ae38cab7c72e93e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 511430189cdf56584cc308af33e73141
SHA1 365b2bf177993d7597a683eed4bb438074268c4b
SHA256 2c8939d9fd48e9a1e69022fcf25755c298705efc2335ffc81f43772c21b65c49
SHA512 05d4a456c770e82a883ee02abeea4a757c644ad5686922254b5b868f971bf4d6da38593721fbafdec90d56b99fba7d69e03130812e7d277f46259129c89041b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dc6120c64fe4300d837dd84447c7e883
SHA1 9fcae92bde9ddffcdee0aa495b35ed371cdebda6
SHA256 2b89f9f36e427c89f4f0e1607287d9a152902b658041eec9dae27827fc0db293
SHA512 7f4d2b58124f855e6264d76add141b4601a29ff8c84368885fda7464ec286dfbdd098e5338543bf262df42f41760ff9eefa30c27f737ccb8135a9ad7b9079e64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/5488-263-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5488-264-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5488-265-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5488-267-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Bi73IN.exe

MD5 28d072c3e03f39c936617dc6d94000f5
SHA1 f7a5324903fd8be099f1daf55948b12c841f37d9
SHA256 f409dfdbe841643ab470926ad4b87359418c56ec167867f11d660983e9c1d6d9
SHA512 a2cd83fff3950ec6ad6cb83a8e3d395b771ea3475aa6780b574548789601eac05201670f8b9b27ddcea12a915fca581adbf75a25e9a5eb795cb05482ffb0bf9a

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Bi73IN.exe

MD5 28d072c3e03f39c936617dc6d94000f5
SHA1 f7a5324903fd8be099f1daf55948b12c841f37d9
SHA256 f409dfdbe841643ab470926ad4b87359418c56ec167867f11d660983e9c1d6d9
SHA512 a2cd83fff3950ec6ad6cb83a8e3d395b771ea3475aa6780b574548789601eac05201670f8b9b27ddcea12a915fca581adbf75a25e9a5eb795cb05482ffb0bf9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 918b60955465b4e1955cd10f14c39ced
SHA1 84dad0d848744e5ac45e27bf8b274a17e410cb1a
SHA256 8436c80cba79f67dca2187934f18e56e455a4885c6357b0dac2a694251b068ff
SHA512 6137c5a15dcbee3d94e6d9d32bf6cdb83ab249516d708d23ff1df896a54d17bfc5a2ce9083ab3d98a04de4b12055fcdb4d78ec5e1c99ef8cbb3f43a4cdb68d4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 0b8abe9b2d273da395ec7c5c0f376f32
SHA1 d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec
SHA256 3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99
SHA512 3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

memory/7604-326-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Kg019.exe

MD5 cfa3da6c69ff6f176c2c3d08072db258
SHA1 7e7884daa427e39591e1e18a3500232e2866f551
SHA256 09967c60e38b7de30828f102018afe51228269ed5ec114af959e309a28096acd
SHA512 04122e7892efd262d90c047c7cfcaba6128a4b0de1958505a4ee230a190b38c8e26e940333ed9daa4aaa99a4758d55b7e4357b914bd3a959b84f4870a829a0c5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Kg019.exe

MD5 cfa3da6c69ff6f176c2c3d08072db258
SHA1 7e7884daa427e39591e1e18a3500232e2866f551
SHA256 09967c60e38b7de30828f102018afe51228269ed5ec114af959e309a28096acd
SHA512 04122e7892efd262d90c047c7cfcaba6128a4b0de1958505a4ee230a190b38c8e26e940333ed9daa4aaa99a4758d55b7e4357b914bd3a959b84f4870a829a0c5

memory/7604-339-0x0000000073EA0000-0x0000000074650000-memory.dmp

memory/7604-340-0x0000000007A20000-0x0000000007FC4000-memory.dmp

memory/7604-341-0x0000000007520000-0x00000000075B2000-memory.dmp

memory/7604-343-0x00000000076A0000-0x00000000076B0000-memory.dmp

memory/7604-347-0x00000000075E0000-0x00000000075EA000-memory.dmp

memory/7604-357-0x00000000085F0000-0x0000000008C08000-memory.dmp

memory/7604-358-0x0000000007FD0000-0x00000000080DA000-memory.dmp

memory/7604-359-0x00000000076D0000-0x00000000076E2000-memory.dmp

memory/7604-360-0x0000000007730000-0x000000000776C000-memory.dmp

memory/7604-363-0x0000000007890000-0x00000000078DC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c76b7623f974d7f2fd214e81cc509b67
SHA1 9f225014479487182f9b9ea03f92844adb7e72d6
SHA256 a717d96546a12b193f76e0291e44d0aa8d7563ae85d7e01b8d80385ea380ee5b
SHA512 c6eb08a06d4ed89c172fd9c2b816a197fe46b66450136b9dd4a1839a48f43789f3366b91bebe57772071fa4f7193cf53049f3dd8499250499bb82118c465442d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584409.TMP

MD5 3c9b9af96a3c06579d34916983b8b5be
SHA1 4ed1c5e4e079f30f15fff7d98195fb079f35685c
SHA256 3b958638abef76b9b3b7a6601e4d0dafd289c0d5737582b1bdc585162712b5e1
SHA512 9b9650fba11e2cdd1d61a52253eabe0e5968c5cd63a12a50c0045d8c80116972ac9687a75fceae62ae0c7443d8bc25831b7a8004e5af1f47f41df0b72ab64ec0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b6b68bb7771e4b89741c19d337835289
SHA1 a821efeb2d9849eefaf73bd9d469edc0a66211f8
SHA256 8ed7bc1d3be2cca4dd90be90299a0456512ae11383fd99595a8c0c9e57bb9b00
SHA512 f598ad9a66fccbdc9fc30090feb0d3f3cf8b2e245eb4f24cc0a52203fa93dd1aa6377f4fe812bf5ec3ba7121e0965c04be0d3a125a5c885857c0e3363fc50884

memory/3580-582-0x0000000000400000-0x0000000000488000-memory.dmp

memory/3580-583-0x0000000000400000-0x0000000000488000-memory.dmp

memory/3580-584-0x0000000000400000-0x0000000000488000-memory.dmp

memory/3580-586-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 35573ce097eb2fad661987a8ca71bb73
SHA1 34f1dbc0f566f282941691be763f5ac3d4f30387
SHA256 b9ea09f7de6c1af129b0b8e18e9733c33f90c06625fc19b9814dcbe1d15900b3
SHA512 2ab2237fd9f1437a232836f64b0ab73e4fd968c2807e1de2f0373852765c4690f8ad4d5fa7a865b5023f050428fa34a600fc3b3d57d918571032b12c13e3900d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe586c23.TMP

MD5 5fb73ac81a29e145a31fe3fa526a7d9d
SHA1 a5be244380eb0cd95e4b1dec09d4eafafafcf6e5
SHA256 c9993f5c23f0fe82d241ef484df8d6dc4512716ec54966ca9ef66a462dbee09c
SHA512 abd998d3463bedbf8d53705b134a8c9080dfe21ceacf87c775735f2f4fba8de1677fbfd0a23976845b35c9f2512b12ade1b94edfe4f488173b4d4c609924b7a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e6154bef-f2b6-484d-97d2-50662ac46c4b\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5024cadabcee65a133477f425152bf99
SHA1 9d44e6c387ecab588f119ef749f182e050036fca
SHA256 9b27644769117db427f3ce8ed4ae6a8856ed5d8773040405cecd7f7084b9bb8b
SHA512 928f3681c11b3cf2dcbcb24d2ba5e3424e7a98341bb2f57e7664c575c1a7ea4e317aafb4e554d01b1616b61bf645f8aec8af10dcbd5b96687b8f9b3c1874c6d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5874cd.TMP

MD5 fb3f00710ee1b7021fdbb5f6d318be6c
SHA1 559d6e30858c0f069c3aff9a15c8dc84dccbe03b
SHA256 6ef63d25cf5bfee80dad15d3a74fe40eb04a16c83a33121d41939d76070f6330
SHA512 81f2b93e266b34ce6bb4a5b86c36fbecbb1b5657261ebf70ace222e257982d7cb149c16d2da9321fa14d091fc2fe6a602f5c4d2ad3134d89c15c0484b6f8f415

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1ce063c824d1a513a24d8aa11d1dd2e4
SHA1 68c31881bcf5abf02d43e5aadd186488b5b97f59
SHA256 e5336f07fb2b02c63f768b266f4ec9dbf7450654706023698c374a7dd3dfc955
SHA512 8a70461321c6fa1c1b09f4a4aec5c84ab5eb9345a64942f3f75f0c3d6b40784cfe9e59500034edd18159308481b8ee6e8bde573fbc59bc99c0fd220e4d9453e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5b5268cfffb5e075145a26c141321b03
SHA1 0aebad56171014cc49078e379f586b002b9d17c9
SHA256 cb3477c0ed1bde8dbb04bcc1aa33bbb47d8f7ac7db2605cd430500c634cbe782
SHA512 79f9c2f8b485dcf01bf0c10a31570360c495a49cd8ba47c29e7e0549f57307ec59b814feba96afc715151bdda1c99f9919b440fc65393f04f0a17ae837515937

memory/7604-950-0x0000000073EA0000-0x0000000074650000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2b6c061520dc2d7b1a18eb7219cd5f57
SHA1 73963730194acbcf5d21fe1ff2b31564352d370a
SHA256 c3022b8a2afc67e9f1f850e49e7121be35728f15028726f65164a824d3e5eca9
SHA512 d39596e40c202c039f91d7cb6759d02578e9428ee2eb03c34fc74d7236924f3b587be1591319ae2cc79ec4628630f951e689ca18ba4868f806ef8ffbbdbb165a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2b5c7176bea5b214a58e50caa09f3147
SHA1 2b60612b499bc3d9577638273f91c795826a917d
SHA256 464d71b235c1a962cdd08aede7f0f7602004a3269ece5ce6664633928ec695b6
SHA512 ceb4452ca26ec8747e251c243d84a7adae4dfb93a92dd0564477683014259ba7144170b8ec2c357734745ba0735c36a26f42fc931a26eeed82ced5a071b9bd80

memory/7604-1064-0x00000000076A0000-0x00000000076B0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 263dd0b6ac5a5764eb5714ba8fe07431
SHA1 057eab30cb158f89ac04fba8799ba5b35946821c
SHA256 155156efeb6029c4abe8adfa4f6bbed034296163c36f7bd847b01dbe8bda95f7
SHA512 321b2234e9ca91278bf3793ab2fae62ac9e9434a891bb8e0e29494c64fc9bac665172be216254f70e93bf1e370bfb55766880a0e357a7e78447519cf43e057e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\4a1c2496-4664-421d-89f0-fe99ce62923a\index-dir\the-real-index

MD5 f1218bdcd856e810a5eb43a2dc43ba6e
SHA1 357c735d2eebf7ed5e0f2fb1cc4ddab4435c511c
SHA256 d7aa474e5c6fa7185a508b31cfa2af0ab97472f79f1fcceefa6fb8c2adb3f484
SHA512 1862c79900bb348594fd88c89a77c755397d447d2abaa2c719dd231b711e0dfd58382650f3ba83683866f4bf6baf882eec291757c24df307127e6de6e618c9c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\4a1c2496-4664-421d-89f0-fe99ce62923a\index-dir\the-real-index~RFe58be88.TMP

MD5 7a2bc1849c2f039c3e68726d0f0d3316
SHA1 6c02129a076462107ac9426d278b59cb554aa26b
SHA256 fb37a6bc1947643319557a74fd15df8159d5a602487f4180418a12690a418c94
SHA512 2ca8fabe8c659235be68e098d7f778e6b829d4c2e4a78aa5dcf82b75ed4932e83dbf28c8f5c329ac4f9520021a06dc8d6d4cae5bd82545e9184cec2017dd9f3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a7f94de32634eabbc7f6c4d239eddb22
SHA1 ce3fd6172a22c84cc81b57acf97ef78889be2f7e
SHA256 27311cddc829baa2ac222bdde809321e03ca9cbcffbdc0e67c38b36fb15897cc
SHA512 df22bd363b3030d233ee447375fbd0e2202d1d986dc502c6f401b27d4a2f1cd57fbf056ded25ded0674bc8bab6aaca3b44537fe73368a7cd7ddb1722d0a06681

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58dc32.TMP

MD5 e8e3ba466803ce7cfdf5280911168fa9
SHA1 b1f46b860fc8c78f561ca658401912cfb34c792b
SHA256 064eaee15c2bdf1f96c34fcc74f3bd5098324a01c43a887b00d29c4e765af985
SHA512 c18cba94b97263fc3570225ab8c45aec0fedd7fcdad9449345f7516bed5f51a4857b91f5f2ef21b4b269957fa6748be45765701e0f59a1624c71cd0db2ebc77d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 93eb12dbfe6830d7c6f22b6f8faf1532
SHA1 e547b18252572b16ef44fe491dc1c7e8c6d66671
SHA256 b05c0369a123bdcca57a1a4e15ef5ad89a862eec570819647a49e5c9285332d2
SHA512 293a40813dc5261766c7e632815a9f0b3acb95c9e3f536a2de610c1704da227d108e71758b329bae5f7c5c7c356fb7eb47cd4f08c4376ab9d787789aa8ee8d1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 162360a5aec18a28f3ecdc5163acc2d1
SHA1 30a54a2769847b1905e496e2fcdb4e31f7e7cde7
SHA256 b5bcf38cb7ded84cb4b210d90c22d174bdabb7ad7eda8075b49b0b5cbfcffc45
SHA512 e6bc059006fbf75bbde3a1fa30ac966b07983782c98b93b21c00f93daca8cdeff9c05b068019eaf0c76061de3bacfa8252b66db80e7e883107fb9399c64ac59c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3d544e34-60aa-437f-aa7d-bb417743d3b8\index-dir\the-real-index~RFe58e838.TMP

MD5 2405fadb4721d03f71ea41764fdb8944
SHA1 4115989df9ce6885f0a56ab41dda4abd4c63514a
SHA256 61d2823682a8065c3bf78ab26b9454da041743bd41de518ae32bfa22dc4056e0
SHA512 2a40d337a8e632b4c772106ba06d414b92313a8b47b62c381c67d29942d8ac88bf914870b592521e9b5920b1e957a57584772bb05dd4aff098490ebeaeb18be6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3d544e34-60aa-437f-aa7d-bb417743d3b8\index-dir\the-real-index

MD5 7e8910ae4793be3f9388401a2e3fb918
SHA1 c3e432cf6c25f3aca21d05a0f89bde342cde0c17
SHA256 444cfc3b13f49fa1308c6610d86c2735b880408823db0dbec6e53dfcc0613648
SHA512 eda897e6fb9b1be6cbe7e651618fb9e112f1301074eec96c5162ae84590a41aaf834abc378013e12b6ede53cfccce3d2ba1a91958b298a9ec46286984175a4b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e092146166f9b3a60c8cbb9be9b24ead
SHA1 3db1ff21d4b20db79130541b057d808221ea3e6d
SHA256 6ccfe6dd8e80ec439c8a4e5bf3b73e797b4d0345e2957d21e139ae78cf0fa4c1
SHA512 982bec1c85d899b4a1403a04427e140884912a9631d73b7ac68bd928709d8f9cf3685ea70cb8d6f9faa46079707877d5e3a470192bc5d1f5bf31f36327129f4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ca045e1fd34cb07e92d71dc8ee2df8f9
SHA1 75a1689459b307644fd5b6450e85ede48141381e
SHA256 98959d973c2a8bc0f8a13866b39e2789e58a794a39c0e2de06e20391e484d900
SHA512 d50db59087297fcc933d3d1e91398c70515ec469588fc8f753d75f1ad954801127aa6e5ab99ffcb7c11b8814b45382dc907ef1a43290997ffda1c6cf4d563934

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e79f3880e6d9e510246d4dde7edde961
SHA1 57275c2a858d9305407f0155efc1b85a08485094
SHA256 9a26563c6f840acf0845a7cc7396973452a55b2396dc4501d8bcf14997a0a6cd
SHA512 ea22af9c84420d4b1c88e66a47340b267dec1c4f4b21a3bc555eafe789f5d2fccb0de4bcaf4c5f43c77f85f51230b522e8b99c7b9632ebccd232a178e0550f23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a3c883da-fd13-42a1-9028-e76dbd3619e5\index-dir\the-real-index~RFe592040.TMP

MD5 3fb9e1c0dd7779e8ac82bc22080e34d0
SHA1 a011e88796e5b4c6691a56bc43883386f7bff7a3
SHA256 8a1e670b1ec3339bac8c4882c82de60ab1b7db5c50460cc9cf46073be16a9826
SHA512 911da281d33a2feffaa0f68204b62b6199bcf55112dd168abcad02d12539860b6e49cfebcf09c22a0c1ecf50c59062c509da08472d8e64f60da3a81d58e9ef34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a3c883da-fd13-42a1-9028-e76dbd3619e5\index-dir\the-real-index

MD5 df80406a978829086a48d7d879dc0825
SHA1 7523a9f7a0c5d6b95c2595f50235f00f299d2502
SHA256 2959b05caa7f10d353d36e2ad2a1138a4d6684515a60927b405229415f11bdb5
SHA512 0c6fbf559da2a257a0839d7626313397f8101ec6d510882e475841a77b9187d9f1528bc20005a680106d1446a57e46e2df2c7457b851bdc2a0e0ebb20b8f406e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 68e86b5d13b003a6f000797e57ec6b31
SHA1 4d61c031d0ab3b1cd9ae2ae895c9a061efca15f1
SHA256 b4a58c551978160668f6588e1c842d3720c41a6456d38f770793dd0214daf261
SHA512 94f2acc93c32bcbd068a6a880858b948f928b7e1734c713eab198d97cdb7434028477749b4c429761d288b66b8938848ed236b104ba9bd597a4b49ac9f08231b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 371e08a48e548d973cbc9fad2251108d
SHA1 5d4f7db511a48a1f1e7cdf0662ffbae293319088
SHA256 fb5920a676e6b6d2dd69176274185c8a7703d892fe934cccf359226d4ee24f7c
SHA512 5ecb8bb44b8e08b4968c33dd40acb4c2a62018d81763380f4114d3d86883446671fd4a75c81aeabf279b559f4a65cb9ce1b5b95be31a3fce488d39c7eb27f640

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 21a993b8f4ee754b9862162ff6bc83d1
SHA1 f48045a88ab735366502460425fa3422337acd9e
SHA256 391f14c8628ec53c1a58df2e88e3fa69eee7b49147f7b3f4ad12821112545869
SHA512 eacaa126c5e7784639320cb62a50237a2984ad44fc2dbc637f97d1da241605e06f76419a1120ea4049153cfe5024360000eaf9f4ed1e8ed15e240c8c57b760b3