Malware Analysis Report

2025-01-02 05:02

Sample ID 231111-lpzn9sch3v
Target 8f626b7c10b35d18a1d6a002a86aad43acb1eaa0841b840000ee92c077ed64eb
SHA256 8f626b7c10b35d18a1d6a002a86aad43acb1eaa0841b840000ee92c077ed64eb
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8f626b7c10b35d18a1d6a002a86aad43acb1eaa0841b840000ee92c077ed64eb

Threat Level: Known bad

The file 8f626b7c10b35d18a1d6a002a86aad43acb1eaa0841b840000ee92c077ed64eb was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

RedLine

Mystic

Detect Mystic stealer payload

RedLine payload

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

AutoIT Executable

Unsigned PE

Enumerates physical storage devices

Program crash

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 09:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 09:43

Reported

2023-11-11 09:45

Platform

win10v2004-20231020-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8f626b7c10b35d18a1d6a002a86aad43acb1eaa0841b840000ee92c077ed64eb.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cu5tt39.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG4Eu01.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\8f626b7c10b35d18a1d6a002a86aad43acb1eaa0841b840000ee92c077ed64eb.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4708 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\8f626b7c10b35d18a1d6a002a86aad43acb1eaa0841b840000ee92c077ed64eb.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cu5tt39.exe
PID 4708 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\8f626b7c10b35d18a1d6a002a86aad43acb1eaa0841b840000ee92c077ed64eb.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cu5tt39.exe
PID 4708 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\8f626b7c10b35d18a1d6a002a86aad43acb1eaa0841b840000ee92c077ed64eb.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cu5tt39.exe
PID 4168 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cu5tt39.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG4Eu01.exe
PID 4168 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cu5tt39.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG4Eu01.exe
PID 4168 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cu5tt39.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG4Eu01.exe
PID 2316 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG4Eu01.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe
PID 2316 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG4Eu01.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe
PID 2316 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG4Eu01.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe
PID 2116 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2500 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2500 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1992 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1992 wrote to memory of 2548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3996 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3996 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 5156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2892 wrote to memory of 5156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 5288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8f626b7c10b35d18a1d6a002a86aad43acb1eaa0841b840000ee92c077ed64eb.exe

"C:\Users\Admin\AppData\Local\Temp\8f626b7c10b35d18a1d6a002a86aad43acb1eaa0841b840000ee92c077ed64eb.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cu5tt39.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cu5tt39.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG4Eu01.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG4Eu01.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9683d46f8,0x7ff9683d4708,0x7ff9683d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff9683d46f8,0x7ff9683d4708,0x7ff9683d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ff9683d46f8,0x7ff9683d4708,0x7ff9683d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9683d46f8,0x7ff9683d4708,0x7ff9683d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9683d46f8,0x7ff9683d4708,0x7ff9683d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9683d46f8,0x7ff9683d4708,0x7ff9683d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9683d46f8,0x7ff9683d4708,0x7ff9683d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9683d46f8,0x7ff9683d4708,0x7ff9683d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,4690109103379732501,1995206018297448382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,12130910045106847988,17564226803397106299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,12130910045106847988,17564226803397106299,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,12986723332519558456,2125378112106185851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12986723332519558456,2125378112106185851,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,4690109103379732501,1995206018297448382,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9683d46f8,0x7ff9683d4708,0x7ff9683d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,16933667368005986413,4847405447084241282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,16933667368005986413,4847405447084241282,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9683d46f8,0x7ff9683d4708,0x7ff9683d4718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4fV5jo8.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4fV5jo8.exe

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,3039387902351014025,10783459898774891597,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,3039387902351014025,10783459898774891597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,4147980331425044837,15022192900285220545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,2200626005614212729,14766033792451726534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5oR26Ox.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5oR26Ox.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 7300 -ip 7300

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7664 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7664 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6NP923.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6NP923.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,17394586540325223701,8179398672338171426,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4500 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 twitter.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 104.244.42.65:443 twitter.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.epicgames.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 3.215.51.251:443 www.epicgames.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 251.51.215.3.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.150:443 i.ytimg.com tcp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 25.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
NL 199.232.148.159:443 abs.twimg.com tcp
NL 199.232.148.159:443 abs.twimg.com tcp
US 192.229.233.50:443 pbs.twimg.com tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 8.8.8.8:53 t.co udp
NL 199.232.148.159:443 abs.twimg.com tcp
US 104.244.42.5:443 t.co tcp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
NL 172.217.168.227:443 www.recaptcha.net udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 login.steampowered.com udp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
NL 23.222.49.98:443 login.steampowered.com tcp
NL 23.222.49.98:443 login.steampowered.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 104.244.42.130:443 api.twitter.com tcp
US 104.244.42.130:443 api.twitter.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.39.98:443 googleads.g.doubleclick.net tcp
US 172.67.209.38:80 killredls.pw tcp
NL 142.251.39.98:443 googleads.g.doubleclick.net udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 play.google.com udp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
NL 142.250.179.141:443 accounts.google.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.138:443 jnn-pa.googleapis.com tcp
NL 142.250.179.138:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cu5tt39.exe

MD5 83911e117a8f4532940ad05d3da52369
SHA1 ecc1f2fc205ec1fb31b411ab73612b655889d123
SHA256 6243268c17bfcf29dfc73be1baf5d49299bdb66aa5779bf17869da15b80da6f0
SHA512 c963378a1eee27419d193754824bf95a297ee1154ef0fd715d03e069a03fb7daeacb1db1e58138aab5a7d057a33d2c37c9d835aa4fd64220bb1defd8cdd31f98

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cu5tt39.exe

MD5 83911e117a8f4532940ad05d3da52369
SHA1 ecc1f2fc205ec1fb31b411ab73612b655889d123
SHA256 6243268c17bfcf29dfc73be1baf5d49299bdb66aa5779bf17869da15b80da6f0
SHA512 c963378a1eee27419d193754824bf95a297ee1154ef0fd715d03e069a03fb7daeacb1db1e58138aab5a7d057a33d2c37c9d835aa4fd64220bb1defd8cdd31f98

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG4Eu01.exe

MD5 205b852f2b907b6e7095ffa566c3bddf
SHA1 9bc21fa588fb8ad7575ad09465b7ec4ec6d4c8a5
SHA256 dfb7af4b363dfe3e49953d099029417ed6c2bb7caaaaeacdbca9c824820f5445
SHA512 1e343d7d4cc310930fba14492502b179484f1cb3ed74680cee44f43a739cac58c00dc0be7b50abaf14854bc3e11a69ed50eb3d921e0fbf34a543363ea6f4a3c8

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG4Eu01.exe

MD5 205b852f2b907b6e7095ffa566c3bddf
SHA1 9bc21fa588fb8ad7575ad09465b7ec4ec6d4c8a5
SHA256 dfb7af4b363dfe3e49953d099029417ed6c2bb7caaaaeacdbca9c824820f5445
SHA512 1e343d7d4cc310930fba14492502b179484f1cb3ed74680cee44f43a739cac58c00dc0be7b50abaf14854bc3e11a69ed50eb3d921e0fbf34a543363ea6f4a3c8

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe

MD5 fa07cabd28cf509834aca34434096196
SHA1 3f56351dcb3ae570a76e6be6822f2218d0d29cf4
SHA256 15234b48aa50ab7df8cde5e53267812cf45c85984fc450fe7e94e83a65f1b3d0
SHA512 e847cfb4ca92e42e315eeef0480e095066ce09a90ae02526dbf46a11e36032aea7ea7a891b9ec9a6defa2c3a8529889ece10366f7147be0904ca23d568d7f8d4

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ja745Sx.exe

MD5 fa07cabd28cf509834aca34434096196
SHA1 3f56351dcb3ae570a76e6be6822f2218d0d29cf4
SHA256 15234b48aa50ab7df8cde5e53267812cf45c85984fc450fe7e94e83a65f1b3d0
SHA512 e847cfb4ca92e42e315eeef0480e095066ce09a90ae02526dbf46a11e36032aea7ea7a891b9ec9a6defa2c3a8529889ece10366f7147be0904ca23d568d7f8d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_2360_VPFRFQERQRTCQYXI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_4480_BAFMNIPRTWAKPCEM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2500_GBVRXRDWKCYXCCLY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2768_TWBZMSEEZHVSSZTY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3044_ODIUJJMPRSFZVOHW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4fV5jo8.exe

MD5 d8426db33bc5acd752c917b8bd9aeb87
SHA1 0cc4f0b668b917b8bb57aeb4d32cbd6e6fdbf945
SHA256 1629a6920bef637bad4b6c074ea89c25cacf7e1740ca4426cbfc495a691a0a24
SHA512 d83233ef5ec90b675deeede182983076020a064363592808f30819883804d8f50700f5efcfe85ce43888511753f29de50340329c246ffe747b3a1d12a9bcba10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 390793ab5712109cdee50f943fbab88a
SHA1 86ce19399dbeecf583851c10ec6f4afbf8dcaec4
SHA256 853f80b4b770d0b973cb970738310d629bbfa6bc0a7b6b3e179b2f43a01add8d
SHA512 530bd0a34d8c127a70d23c2cb45cb365c54cf1dc22128dab7aaba731d93ada42a44912eb3c64121fea5232e3285f4c0f6f88c9b9e1a6d15711dd895f670aa91b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7f92c513-d585-47f9-a304-84bf19478ba6.tmp

MD5 fad459462211627ab5e41695b2d8fcac
SHA1 ffa03f9c8ff82a581256d8b5dbf6c26bbd7ecc56
SHA256 b75672b683ca56b6e669fb1398a2cf260008fb8632967b1e3d61651585e2ee00
SHA512 b6abd2b61dc85c66eca8e88b92915e1fb46dfe5b162a69718bcebdd99e48c2e0c4e52b987ab57e1ab2bf942bc9b01e47d2c1c57ddafda99e9f896cab4c5d4068

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 390793ab5712109cdee50f943fbab88a
SHA1 86ce19399dbeecf583851c10ec6f4afbf8dcaec4
SHA256 853f80b4b770d0b973cb970738310d629bbfa6bc0a7b6b3e179b2f43a01add8d
SHA512 530bd0a34d8c127a70d23c2cb45cb365c54cf1dc22128dab7aaba731d93ada42a44912eb3c64121fea5232e3285f4c0f6f88c9b9e1a6d15711dd895f670aa91b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7853ea43d05754c714eb3fe7e348c64c
SHA1 9d32b3304723fd3ecbb6874fd181d8cd7b833d60
SHA256 8be10d23af431c62d1c9902350c59766f01a7679012fdb8ad346d98d28665aa8
SHA512 cda32c13730e70d72d2e0173d2afa136c2cdf5ebc611d0968d14d693bb9e8a605d38ba9248234c1c360cca59d7daa7d2f27ff3d590d58eac1bc4914f30c3772b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7853ea43d05754c714eb3fe7e348c64c
SHA1 9d32b3304723fd3ecbb6874fd181d8cd7b833d60
SHA256 8be10d23af431c62d1c9902350c59766f01a7679012fdb8ad346d98d28665aa8
SHA512 cda32c13730e70d72d2e0173d2afa136c2cdf5ebc611d0968d14d693bb9e8a605d38ba9248234c1c360cca59d7daa7d2f27ff3d590d58eac1bc4914f30c3772b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e4393d2716d01a4f4c489cc15e95911
SHA1 ad4e731dd4b9dbba504dd81fde2795504424363e
SHA256 8024a3723927b77b31ade2713db49b1082873efd5b8099e767cd4ce47b57a007
SHA512 c8452cc2645923f2c2b9e84a989cb77c1ebbb30b192fc9d81dc3861bf0738ff149cb426cf7ddcce14674c421cf8391f035c05fc153b9b36937efd1032fd0d21e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fad459462211627ab5e41695b2d8fcac
SHA1 ffa03f9c8ff82a581256d8b5dbf6c26bbd7ecc56
SHA256 b75672b683ca56b6e669fb1398a2cf260008fb8632967b1e3d61651585e2ee00
SHA512 b6abd2b61dc85c66eca8e88b92915e1fb46dfe5b162a69718bcebdd99e48c2e0c4e52b987ab57e1ab2bf942bc9b01e47d2c1c57ddafda99e9f896cab4c5d4068

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d19d0c99-b751-41dc-ae02-2a4900f8517c.tmp

MD5 f899a845e2bd85890a35461efc285cce
SHA1 a3a700fa4c1aae295b8e8700cbe45a4ca69cfcbb
SHA256 77234970e94fa673662343625a45d846b601b9b33667caa45fb2226b2b635e4f
SHA512 e93b1a511e3444e63b0fbc06510f7a7cb6b2fb52cef7dca7e872ed9312e517b10a887fd2489e6a41f3d92e84189d4f60d7b511b0a8ebb806be7514ecaeb95fb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e4393d2716d01a4f4c489cc15e95911
SHA1 ad4e731dd4b9dbba504dd81fde2795504424363e
SHA256 8024a3723927b77b31ade2713db49b1082873efd5b8099e767cd4ce47b57a007
SHA512 c8452cc2645923f2c2b9e84a989cb77c1ebbb30b192fc9d81dc3861bf0738ff149cb426cf7ddcce14674c421cf8391f035c05fc153b9b36937efd1032fd0d21e

\??\pipe\LOCAL\crashpad_4268_CDAREYFBMGPQGSBM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 722a550413118e68717eab3c2229ebdc
SHA1 dae9713bc2d4b5efbf0542206726a32dc5ef2102
SHA256 71b05fc539ff413d761f5046607aa188a7695a2a14e4e9947d3ccff8f6e1b733
SHA512 8f10a73301122201b350f98d7b5ba0e8b08e517517793fd8ebfef200d3daa1194f7169b59f9d5c238c36597ea5a97a3d10e9a8cf8d4c7b99f8dbbab88ab834ec

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4fV5jo8.exe

MD5 d8426db33bc5acd752c917b8bd9aeb87
SHA1 0cc4f0b668b917b8bb57aeb4d32cbd6e6fdbf945
SHA256 1629a6920bef637bad4b6c074ea89c25cacf7e1740ca4426cbfc495a691a0a24
SHA512 d83233ef5ec90b675deeede182983076020a064363592808f30819883804d8f50700f5efcfe85ce43888511753f29de50340329c246ffe747b3a1d12a9bcba10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f899a845e2bd85890a35461efc285cce
SHA1 a3a700fa4c1aae295b8e8700cbe45a4ca69cfcbb
SHA256 77234970e94fa673662343625a45d846b601b9b33667caa45fb2226b2b635e4f
SHA512 e93b1a511e3444e63b0fbc06510f7a7cb6b2fb52cef7dca7e872ed9312e517b10a887fd2489e6a41f3d92e84189d4f60d7b511b0a8ebb806be7514ecaeb95fb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 722a550413118e68717eab3c2229ebdc
SHA1 dae9713bc2d4b5efbf0542206726a32dc5ef2102
SHA256 71b05fc539ff413d761f5046607aa188a7695a2a14e4e9947d3ccff8f6e1b733
SHA512 8f10a73301122201b350f98d7b5ba0e8b08e517517793fd8ebfef200d3daa1194f7169b59f9d5c238c36597ea5a97a3d10e9a8cf8d4c7b99f8dbbab88ab834ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d036a752d794db9b1f98a4612bc9595a
SHA1 2a1388a1e4415a5e58c39557004fc254e87b9e6d
SHA256 b6a2141576d0b740db015b7af56cc8368c4c486d817f88267dec47f674e35141
SHA512 ed24f9bcecf3af1b3d676541807b5780d81c1b675ebe118901fc2c1c575a6bed40ea2c80703d5fd45b792697d6b69a9a35084e45793c35af9e00b91738d4b109

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fad459462211627ab5e41695b2d8fcac
SHA1 ffa03f9c8ff82a581256d8b5dbf6c26bbd7ecc56
SHA256 b75672b683ca56b6e669fb1398a2cf260008fb8632967b1e3d61651585e2ee00
SHA512 b6abd2b61dc85c66eca8e88b92915e1fb46dfe5b162a69718bcebdd99e48c2e0c4e52b987ab57e1ab2bf942bc9b01e47d2c1c57ddafda99e9f896cab4c5d4068

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7853ea43d05754c714eb3fe7e348c64c
SHA1 9d32b3304723fd3ecbb6874fd181d8cd7b833d60
SHA256 8be10d23af431c62d1c9902350c59766f01a7679012fdb8ad346d98d28665aa8
SHA512 cda32c13730e70d72d2e0173d2afa136c2cdf5ebc611d0968d14d693bb9e8a605d38ba9248234c1c360cca59d7daa7d2f27ff3d590d58eac1bc4914f30c3772b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d036a752d794db9b1f98a4612bc9595a
SHA1 2a1388a1e4415a5e58c39557004fc254e87b9e6d
SHA256 b6a2141576d0b740db015b7af56cc8368c4c486d817f88267dec47f674e35141
SHA512 ed24f9bcecf3af1b3d676541807b5780d81c1b675ebe118901fc2c1c575a6bed40ea2c80703d5fd45b792697d6b69a9a35084e45793c35af9e00b91738d4b109

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 722a550413118e68717eab3c2229ebdc
SHA1 dae9713bc2d4b5efbf0542206726a32dc5ef2102
SHA256 71b05fc539ff413d761f5046607aa188a7695a2a14e4e9947d3ccff8f6e1b733
SHA512 8f10a73301122201b350f98d7b5ba0e8b08e517517793fd8ebfef200d3daa1194f7169b59f9d5c238c36597ea5a97a3d10e9a8cf8d4c7b99f8dbbab88ab834ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 390793ab5712109cdee50f943fbab88a
SHA1 86ce19399dbeecf583851c10ec6f4afbf8dcaec4
SHA256 853f80b4b770d0b973cb970738310d629bbfa6bc0a7b6b3e179b2f43a01add8d
SHA512 530bd0a34d8c127a70d23c2cb45cb365c54cf1dc22128dab7aaba731d93ada42a44912eb3c64121fea5232e3285f4c0f6f88c9b9e1a6d15711dd895f670aa91b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 22682c87fb7a29ce676c543d74a35037
SHA1 de767c615c722b34be0ebc599c4d28daa5738035
SHA256 d3c40ee4ffbba90d09c750819f61d0058215b5a9fcb367508a609484fd005f5a
SHA512 842be7524b72ec923980aec5d409ae8b91596230776707c5b24c918263d664555f79f087f633c9f945cae6595431b5f0c226e80b07fb1e6ee00c8478f4f1622b

memory/7300-296-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7300-297-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7300-299-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7300-301-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3a7091841c247afd4b96ec80ba0749ce
SHA1 b2b8871c8f12bc8742e65e73fcf6498396fb49bb
SHA256 0fd52d559195ce054a26406e211b26ba2f09353450be3ebb23be3a72e61bdba5
SHA512 34b7c38b6f29a459e286f1f30c0d16120df2731b48c4ebc9e9aa2a87752d8c49d6708cfe3c236ba1f9bb9ee7bec19ada69181f0fd999d66c80408e99378c5de4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f0801aea17bc29f3f2f01a30fe0ad2fb
SHA1 2733fbee0a9c0c303f4c464dc5768a74340c7dfd
SHA256 7c2f3a29852e8299788813805b520890073e593bcb372f3b3516f32682885e81
SHA512 836710359f3cf0709c26ba2231f214f483705f06aa31b3243e8991b7a89c281c428144ac1f6f2c2653ceb7c565296e886274ca1f5da48b6fd26bd3cb8b9a3888

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1c706d53e85fb5321a8396d197051531
SHA1 0d92aa8524fb1d47e7ee5d614e58a398c06141a4
SHA256 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932
SHA512 d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/7160-380-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7160-382-0x0000000074B00000-0x00000000752B0000-memory.dmp

memory/7160-383-0x00000000082A0000-0x0000000008844000-memory.dmp

memory/7160-384-0x0000000007D90000-0x0000000007E22000-memory.dmp

memory/7160-390-0x0000000005820000-0x0000000005830000-memory.dmp

memory/7160-395-0x0000000007F20000-0x0000000007F2A000-memory.dmp

memory/7160-400-0x0000000008E70000-0x0000000009488000-memory.dmp

memory/7160-401-0x00000000080E0000-0x00000000081EA000-memory.dmp

memory/7160-402-0x0000000008000000-0x0000000008012000-memory.dmp

memory/7160-403-0x0000000008060000-0x000000000809C000-memory.dmp

memory/7160-404-0x00000000081F0000-0x000000000823C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 90f73771730f61379e5361f0f4cfc818
SHA1 4b22bd1ec2865a8d77a56995c6e11784c95d3830
SHA256 fc567eea196c0eb9d7d64872a22744a62a18eeae187f58b52bd5b1d8f80d4779
SHA512 89e511d554314ab19eff4e1510714b81c22b09fa4cd27170e2e32ec5eafb557f3f9932109fe66696a428e3d76a20f679045dcf38df6a9c45636aa8dcfa2561b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582d35.TMP

MD5 feabcba3710812a9c66bf43af058fd97
SHA1 98e8ebd3595e4dad724b5ac9cfcf45673bf79789
SHA256 17777f7dcea6dd9d2074b74c1ed354075a4937e7965cb35188d393b4c39b5f5e
SHA512 7e3e1c5dd745b83ef84e8c54eb8e10077c175143def3cddc8dd987c5e40605f0b41fdd1478971107e2dbe75bd33c2f2ac006ca15b8c0784bbd9b20871596ccde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 562cfa1c300644864ba1e11617f82be2
SHA1 9c14245a8731067aef7e19677edc6b9ebd609a46
SHA256 5446f106089ce5c383b3b9e251ba6b162227e2771e6a04ac17656f93f171d2e6
SHA512 3d7d94a6d3d195b6c078b0b1ffe6d5a5a86a4c226360a6d6852db81e12cebf2c46a7e1f3d4e37200b1b8bd7daab2b1a11eef889e766d5c89234696f0bcd11f95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 6a42944023566ec0c278574b5d752fc6
SHA1 0ee11c34a0e0d537994a133a2e27b73756536e3c
SHA256 f0ac3833cdb8606be1942cf8f98b4112b7bfd01e8a427720b84d91bdc00dde65
SHA512 5ebdf0d7ec105800059c45ece883ce254f21c39f0e0a12d1992277fe11ef485de75d05827fbbabb4faf0af70b70776c02457873e415ade2df16b8ba726322935

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

memory/5736-596-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5736-603-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5736-604-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5736-608-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 52963386ec05c3339a6dc44389f0975e
SHA1 9dd59bef70dd5e2fbcdc40e34ca3a5f3ab2f08c5
SHA256 cd1ace9bdaddfc70ded6a6195e595de6a8197d67e32f38a5e9669c2b203ac3c3
SHA512 78371912e4f2806e18854f93f7f69406932c98428395a5e2f74af83bb17f2d915f8696748498fc59a812ca4b47e1fb98a9b91ceadb19ad322a23edc0544b5a6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 37e0896aeb6737624b75c47c7acacddb
SHA1 3d1f6faa92beb82841784a3115fb905756821549
SHA256 89e66ef60b459a03ddcd79ad942692d2fce8e794fee59bff8866a8ce5e54befd
SHA512 cbc4dca85899b242458a290035bf9bc43d6d2e8e035918f9ac4a018210edc72fb79a12d996744297b4d4e9562a401278d5f519f5f6a0d002a865d7828b576050

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe58702a.TMP

MD5 fa54b4b0459c90247ddea314c915fd45
SHA1 da88849d1f1f2c14ec270a474ccfe88f672cf4f8
SHA256 3a3b082c8ff3e4901812803b5116c9dcee7b27accab501a2a33a78d717e993fc
SHA512 8874575a885f92d740f6826e90a83267440701b6c5f456e3ad0c6c9ae5a0e59e4866c0300e4862a1f39c86ae647e18f0fd2ef0e4e072ab4901ece15ad1cf78c8

memory/7160-938-0x0000000074B00000-0x00000000752B0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b21bde61f1c30e2e1b2e2f2c96883393
SHA1 38d3c941b0e2b82c4acd52488c2593b7082cd094
SHA256 1365ea8e857a16a6a676cde1cf534c5576de6d7d1c32123fe8c5c1ef43a9bf0e
SHA512 33fc6438963e79de721ae50fdc68433ecff9290e84afa31d8d08b18100bbe10bdc02dacb73db28e5a16d79f1ef26b40cd454da188c3f3e0220cd565385f6c43c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b93b46bd-8c13-4451-bf8e-11f0f49dc698\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 dbb4b395fcea9520ddfc82c8a24be8d6
SHA1 a3458e9347a1abef04533c3b17bbb37a2d89b274
SHA256 87610175cd52290c3ce1ad5da0f8f403c4f0c8585f3418f093bc3be6ffabe2e2
SHA512 d507f76998a03023fc70736f2a5c3efafe1520a18dd0f70e9e058dfabfda1372b61e5e5751bc48c244c5c3bb8d20c80d6d2633e7f4082d3acd45a40b4f8fb299

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 994ebd4c5d92291f7cd281dbaaf6140a
SHA1 28b3e6acd4f345e5e2cb8598a237f820b0995459
SHA256 88a2da54d9b64b77983bf2f90da48fb6d9c266b9168e9fe7f7df621632a9a62c
SHA512 1ef190e653c51ddfd64e6002fab66db99e18dc226011fec014363d227f89e2fa51ba3224c2ae1bf94911fe33dc99a1a6afbf2ed60f6e3ddb5c137aeab7d1a60d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9ced014e7dd01c9cca7114594489e0a6
SHA1 38572f1416ed37b9183f250b5f01bf871a46c8c5
SHA256 162aa428877b529625d24eb14176f81c09b7818ddd6c7cdb76df24329ec200a4
SHA512 d73dcf7825610e0f88e6044a94c21df8fff7ed4fbef8886a127be8f55b161b18f0bdd31ba453a8c60aa1d1c2cf689f563c684be302b8d2a626a68820d4897317

memory/7160-1061-0x0000000005820000-0x0000000005830000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ed335ccc4126ec858275595a166cdabd
SHA1 c7f9cffaea89189eddec31dcd36817c58393f469
SHA256 4edcad504667bdb70070a9ab16ed49c56ce03d8f202e4b3abfc648c8e24400b7
SHA512 a42794e1610177b9bc62a0692a2c0eecf1044b0d3926d5fd630cc2cc5ae4c41681a21fb29398dfd8638b25b95b21cadbb02a1e7bdbb268cc0a9ac7f36c58f799

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 99d2ae05982eae1cb9b0593d280699e1
SHA1 0f849fd8ffc10e8f9cc4b97a6ed94008ab75d98d
SHA256 10f87f21de6c823dc7f87679be99407dbae01127edbff3508ef6694f3ec982f8
SHA512 5bc2c04cd317c1d6c203fe2a8a93f1fef49faa5c571a752bb2be0d263150fc5827f9c04199ce33fc520d8223b050871ae2b55cb080b2986fb54f8537fad8b054

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f2de8641f84f9c1176e8d9cf72919dd1
SHA1 f14ff5b4d7680be403509d3219243d1a37a4bc15
SHA256 2f29d48f2282fff10ef40bdf0fc165f46e9a161fcfb9f0baf653eef7c08647d0
SHA512 719451a48c5d3c7eca76e7aacdd6c353d4a059fec44dee430559b89d83a4bbad6617e8c2117d5244b018489e1884bc95cdc057ba2007948e18885f2485d8fe2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\fa755384-5372-4f5c-ac1b-4d9a28f70af4\index-dir\the-real-index

MD5 906bc7965d0e327cd339b3ce81dab882
SHA1 e47683d379a64b59eed2c15c818fe05ff3f0cb7a
SHA256 03d8785a5beb3f94feb09cbe34596724d6bed796001aea53dcc3fcdcffc11f5f
SHA512 777517975c3ad349ec36d4e1f3bc859bf861275a739659da726160fdb76103356d67a21fa14b4cee6820c4b8754d4fc1ad29bb132388f843845233df610e3501

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\fa755384-5372-4f5c-ac1b-4d9a28f70af4\index-dir\the-real-index~RFe58c109.TMP

MD5 b90dbf37b52bef0ac124048baf09447c
SHA1 11851b211bc8dd7fe47616d2e263c9f6ae73e77d
SHA256 d21862e0ce25b3a131e20b113271db5af3cd0c90a943167541e97acfdb861798
SHA512 171c8c54399469731cfca2f7a0db50bbc86f61ff9430b7a563a15820604668faeeaf75285e1ce53b9c4f9362bc90771fa56c2bca4c6187c9b5b019c15ad5e9fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 683530d8bb9030f816b66c0c056aec2b
SHA1 3d4bceccf259ff474c15392884bcd3f9cf109f85
SHA256 a608145ed4b74f8a6cf65e0555d8b079d878c2c547014d74105ef1d9a570cc98
SHA512 c44ae8c141b3b221538cc554cb796e4541476d1fb34276fd4c31250b91f5fc5ad67290aa5250a9468c9ccb1fcebe6aa4ba416a865f2701f1d147886e0d22810a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1f00ed09be047ec9e31ca7fef083f365
SHA1 eec717b0a7d3d8c4d7400c988bd3294d73f2441f
SHA256 2995a65d2543de2503065c127e43cc210e81666c5a870cdca8f875aa17523ef0
SHA512 0919eb81a61a3da9bba3de3aa737c61bdae70d639d754598a6a47828a8c5d61b2ef5e8ff58b9af10ed79d236bea4a349c9367ea695c3eec305c68f9b8be149d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 982c7425b6fad4c7eebe5f4b20b0d897
SHA1 aa2c4a814290b185d17e94e6c7ab442eb2738bea
SHA256 fc9cb6789c103225208f6319e1c49c41c8112177bbb7759044f47da485c21b51
SHA512 79f68841aa1759066a5f90a134f27481197668fe839c6081f35d1a2503c34e7cba0afe892341043c17edee4a139951ccbfc8a3c5155cab971ed05da1d9c0dd74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d9e0.TMP

MD5 7d4c7076347fed07ef4441784bfff8b1
SHA1 0956ab4fffe107fd0188d9fb53b7e5b9d9056726
SHA256 66ca8ba8f5c9d5e6e974c2f7997261ec25360f10d80f6f328bdff1ea5946dde7
SHA512 f69c8cca568b56a5612f5900313d2b65ae30be0d1f203dea84ba8d7a8231c4e23fb47bec29db0f44e8442beaa55e1d6878002bde946247222ede682610e0909a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 161499ec0c9179d1092ff1cc6488ce22
SHA1 1b383e0aa2b601af3823f0ce0db1272252007eec
SHA256 cf2f807d207e4c5b37e6c7ce6e8d2b08fc25a7df999f10299edeb00c271d3c58
SHA512 d58983d9b1a5f8d2805b790e03be303933b298d8f2cbad1cad9e0cecd97518d26623f5d8ef483939c98ad60f224f531c953ae92d1e74c227a64b25e95801e50f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a604c2e0-511b-4aa3-807a-63caa752f840\index-dir\the-real-index~RFe58e50c.TMP

MD5 e8220387d545b71af4ddf9e109cb913e
SHA1 2072998d5f43264a320680df3a01ed26c8e71f7e
SHA256 67d3e064ebf5e747b060021436ac4a08ec49e0479b9c208b54cc1a8191d19f15
SHA512 75c903513c2af5ff4aca92753e59042f76c14f1e7d701474cd87d189a23c1b5f56bc2e960e94ef133d47a988299e474dd76eeb9c3c8fe9e630d3b8ef4969ee09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a604c2e0-511b-4aa3-807a-63caa752f840\index-dir\the-real-index

MD5 f59232dc40fb8a057aa9fcce16356c23
SHA1 77d5f98186f05e8dd1e2aabed3525cb2abdf4507
SHA256 29b0e116bd32379b9b636b71af151bbdfbcd404598b1e7bf9ca9a50f473ab52e
SHA512 568a722495c3f4fd80e9ad0b55d2cb9e943022b39bafa7c52d5e30053aaab75e5b9ada6702231f5b12e3b8c81dc16d5c5f46eaa3a011d9a47e8bfc24f00d3dfc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5487f36b7019dc2096242098e13a220d
SHA1 e920ea60e4bfd3e43bfa4368bb289351264bffd5
SHA256 ffb26dcef52806ceee08c117d193fe56a5c4f07a0be14e05987e4a0cff33d18b
SHA512 7a971ba6b833e8f51ecb7e985a0aecba8190e5f19568c3c7b536d6e8f1e30741fbbf1c9870a69e071d7fac60fe43c6b23799abe3cab67786e45b44ca30ebe1c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d7c51060f89a85b751e1fbde9eeb9fdd
SHA1 b35c2bde2219cec065015dc9a59ad33f5ea721aa
SHA256 4faca606f8f3ed30233a771fd26383be17e7912b1541a8b49335b5927217015d
SHA512 531d1a360c1c48552c6dcdbbfbf967b4b1f5dc21b3a6af0e6664d87b870a7bd6942113f77f346cb465ff773167d871c985e0006d79c8540151060177ec3efac6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e7af8b6fee57fbc961a155488566d50f
SHA1 98a07178835e30a6ff8c23b8c728dfba82766c42
SHA256 debb27a3b98267b71ad130b683935eb27cea738e4ea51cfffc81d5aa2200fb9b
SHA512 aa40c74b8c19962b2d262305f32e24e974d46663d3d003cce0bfec0ea9ab287e07d5156c666effde62761e82c9a29466ae6c403808e91845b4fc56a8b5994185

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\9c110f1f-9aa9-45f9-9249-30902e6921b3\index-dir\the-real-index~RFe592c85.TMP

MD5 4d9476cf176925c23b32db4eb5e39efb
SHA1 7bf8e5d627eb76560b7c859276e0186366c2de6d
SHA256 a02f674ec230da63d7091a7f5c8e80232ad313fb8794377148dc2804714fe524
SHA512 1036d4512f0f1006bc408aeab8a2f356352a448917a408b1d2fefc56258adaa8848ded5448abc9da084f7a5fe0df76020c67bfd1a7f77159d99efb1b20d8bfcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\9c110f1f-9aa9-45f9-9249-30902e6921b3\index-dir\the-real-index

MD5 69dd402139a4ea589a040598d2de7c15
SHA1 9ee9f191d1dfb26eb7981736bfec447e57e8ceda
SHA256 027b3b091e323e909fc39db4feee123803e3055d4c814e09e939f8a8e104fe93
SHA512 b84d3522b7432115af4125cc36403096cc761e925a9e7a9f55deefb8b77d097ad78e6ccd49b785c5563ce6d81f40fe90ecb0868e714e2eb4b9a9d8bb28e964a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 1e8143acda4f2793c588120d99205537
SHA1 0e5e2dadd7b059532149c6aba8e3d633cc1a6b75
SHA256 eb9118c18a71693935630e0b314909b71fe7655b588c5de8234eaacb6d7a38d5
SHA512 de03b3d38152ba82ecee2a02afd86a682f92a62ef7fdb7fc9de12d424e2b835022048aa1bc1a5a0249f723e1f5a01dc9915ea51415c4072b038b324e4e1146c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d7a66731840ab1b279b6aea8ed2d3b03
SHA1 4018ae33092d948c13dc31e10d91b4ae6ef4ccd0
SHA256 9d8ff69735025b8396a14a75672f60ba36bb405a6dc41ff724cc07ba7b50dcb8
SHA512 5a8736c4dde781d08e1087ac8f5b45a7ac88862b87efb2a135c285f94e0753aa563f2907315ac389690229e8618ceecea1f6938f4face35c47ff98c76558d273

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f0e90069113177398cdd34be1673460b
SHA1 7f445209a7cfada976018efe7fb280a8a14ed22f
SHA256 24449e27a919c3b8b8d8c3bee4da9bbcb23eaaec3665ac901d98eb684e20c90d
SHA512 841f5d8433198e7eac4668855c08290316eeda70dee41c4e690b7a954c4e389149e4e38986140ffc4777e751a61153ec2183dd80de82678e69afb26e5a8ae281