Malware Analysis Report

2024-12-08 01:24

Sample ID 231111-m1zn3seh39
Target NEAS.1201bf878caa54aca39c6973c193210786509f098f5b9da23a03258cc278f5e3.exe
SHA256 1201bf878caa54aca39c6973c193210786509f098f5b9da23a03258cc278f5e3
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1201bf878caa54aca39c6973c193210786509f098f5b9da23a03258cc278f5e3

Threat Level: Known bad

The file NEAS.1201bf878caa54aca39c6973c193210786509f098f5b9da23a03258cc278f5e3.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

AutoIT Executable

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:56

Reported

2023-11-11 10:59

Platform

win10v2004-20231023-en

Max time kernel

150s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.1201bf878caa54aca39c6973c193210786509f098f5b9da23a03258cc278f5e3.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.1201bf878caa54aca39c6973c193210786509f098f5b9da23a03258cc278f5e3.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Yh6Of03.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5052 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.1201bf878caa54aca39c6973c193210786509f098f5b9da23a03258cc278f5e3.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Yh6Of03.exe
PID 5052 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.1201bf878caa54aca39c6973c193210786509f098f5b9da23a03258cc278f5e3.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Yh6Of03.exe
PID 5052 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.1201bf878caa54aca39c6973c193210786509f098f5b9da23a03258cc278f5e3.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Yh6Of03.exe
PID 5088 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Yh6Of03.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe
PID 5088 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Yh6Of03.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe
PID 5088 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Yh6Of03.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe
PID 4252 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4100 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4100 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 2304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 2304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4644 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4644 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4996 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4996 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 4668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 4668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 3340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 3340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3112 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3112 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3112 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3112 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1792 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.1201bf878caa54aca39c6973c193210786509f098f5b9da23a03258cc278f5e3.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.1201bf878caa54aca39c6973c193210786509f098f5b9da23a03258cc278f5e3.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Yh6Of03.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Yh6Of03.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x13c,0x174,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x150,0x170,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,11366813893929969020,12061653662945277803,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10663434020185742643,15565253626469748505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10663434020185742643,15565253626469748505,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18243676537074702680,482426940315281056,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,3868178955432265462,2428008039522481525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,3868178955432265462,2428008039522481525,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,11366813893929969020,12061653662945277803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,18243676537074702680,482426940315281056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,6665063359848499883,13726757612348510528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x40,0x16c,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ax6990.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ax6990.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,11346683683925772275,11666175362848063901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6665063359848499883,13726757612348510528,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,15792791429987453413,3221237970375707070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,15792791429987453413,3221237970375707070,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Uw84AE.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Uw84AE.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 7436 -ip 7436

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9204 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17027675684003729026,1883229845413102743,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 44.208.156.246:443 www.epicgames.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 246.156.208.44.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com tcp
US 8.8.8.8:53 22.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 93.184.220.70:443 pbs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
US 68.232.34.217:443 video.twimg.com tcp
US 104.244.42.133:443 t.co tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 25.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api2.hcaptcha.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
NL 142.250.179.141:443 accounts.google.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Yh6Of03.exe

MD5 113546e2fa3eb0f05d783314efcd1a59
SHA1 abebabcfb23f2ed491a07041d15fcfef9a2efdb0
SHA256 c4c77b0698c85e299b4773a43391591756c07f209b0b91e4f15e299be2078f86
SHA512 de147ed2abd6baad0ed338c4e34b80c896138dbc64da51f880cb89db06976cfa85dbc226ff1ea45398d1a2e0049695ef42dbd9897a2e733f45430af9c47b0c41

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Yh6Of03.exe

MD5 113546e2fa3eb0f05d783314efcd1a59
SHA1 abebabcfb23f2ed491a07041d15fcfef9a2efdb0
SHA256 c4c77b0698c85e299b4773a43391591756c07f209b0b91e4f15e299be2078f86
SHA512 de147ed2abd6baad0ed338c4e34b80c896138dbc64da51f880cb89db06976cfa85dbc226ff1ea45398d1a2e0049695ef42dbd9897a2e733f45430af9c47b0c41

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe

MD5 867956ee6b504c4e6a7dde70640d7595
SHA1 f52841cf03e0ac9a0950f20e0b1e23b64b045aee
SHA256 749dab28d89d5cec8709cff0717aa6ef0db2ffffa1d2e621d98095cd19b53408
SHA512 cee8297eb8e156ba29aba88efd082d9956d58c3cb9db8e9607fd6e88b3fc55a87c2a6cd0ef47aadb94721d026e8321ba97c53788291bd300e103d02f02db2fd3

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qQ56PL1.exe

MD5 867956ee6b504c4e6a7dde70640d7595
SHA1 f52841cf03e0ac9a0950f20e0b1e23b64b045aee
SHA256 749dab28d89d5cec8709cff0717aa6ef0db2ffffa1d2e621d98095cd19b53408
SHA512 cee8297eb8e156ba29aba88efd082d9956d58c3cb9db8e9607fd6e88b3fc55a87c2a6cd0ef47aadb94721d026e8321ba97c53788291bd300e103d02f02db2fd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

\??\pipe\LOCAL\crashpad_3836_FQLRUPIHLEMSMWKI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1792_UUDXTLFEUFKEARQG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4100_LLCAONYYVJNGKNOG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4676_XHNKYNZZSRHAEQLT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

\??\pipe\LOCAL\crashpad_4644_TJPBIICIJGIZONNQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2883987284431e3ff357b275bee0d0a4
SHA1 dacf4152d63f4cb83e2e4cbd4f22ab4ca5f979cf
SHA256 7dfae3e4d55940a910d5de1c65ea3a13dc1b1ee1a55902dab9dd3ade28516b3f
SHA512 3c6a4f8a76704ea151b02b56814096c94bfb593ff36a3884646f9ff4b7c27d6ac46b7defac17c6e47d1c4cd7919c56e18f54e26d2fc0bc2e4be78bd60ac393a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a9a3dcc33673383d77e4ad0b6b29ee65
SHA1 e291a52ee8c0e9b147c289e97d963bd1919f9812
SHA256 5440a431524a8842a273be685289ef34d7018c6b39a4dc62d8a264b6a0e413e0
SHA512 b596ee3fcebf302deb3cd9344feffcc8814396bd93663a1dac1e125ef15d336bbc8eca5a3cd1847329550f7f234b537531fd7e9e5cde5c23f58bae330dcf7b44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bfa29cbae2ffbd2be0fc8c1e8acf6b5e
SHA1 9e3bc2e722690590822a942117d47e45fb8b6240
SHA256 135790944fe3ade864e419f41da1f56f16833869bb6a893fb1f4330f80c191a0
SHA512 4229a5e5a5fd2c87ba8b077e2e7c8dc1782c1ae4c285dee85e7c2d22c8e23b08c6b60ec285364e82c5f985971e5e9d4dacbf88217c12f7ed050a0a255dcc37eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 14707790f74c940dcf5a46d59060cf2b
SHA1 15193093315da3544edcb4d570b92c159ee556fa
SHA256 6d16db54680b1e33496a7a5f6bbc224c7baef42ea83b56f81ada0b3e5fbf0ebb
SHA512 016ad175ca68116a2f857172b046fb90d26d83fd7518ef9a27460776d81c88b5386535d13509781cced7e883794a3bcf5b5e62eba1d9f5dacc9d87ee1d0407a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2883987284431e3ff357b275bee0d0a4
SHA1 dacf4152d63f4cb83e2e4cbd4f22ab4ca5f979cf
SHA256 7dfae3e4d55940a910d5de1c65ea3a13dc1b1ee1a55902dab9dd3ade28516b3f
SHA512 3c6a4f8a76704ea151b02b56814096c94bfb593ff36a3884646f9ff4b7c27d6ac46b7defac17c6e47d1c4cd7919c56e18f54e26d2fc0bc2e4be78bd60ac393a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d0c39a2d-543f-4d4c-b2fd-7ca733ccf65f.tmp

MD5 af22d0433373fa41da8acc886b13f2e4
SHA1 bbd9b3138476a5f2ee5566c5139e9c58fb999ed3
SHA256 64c437eb656c81572430aeace3567f9f14abccc8778038f755a416131e7678af
SHA512 c288feb70e9c61b0ca5a6ca091ae5e0c6e432ffb24ed0cc51be5bc7c48e615d35dc7b101b517a80efde49c370af54f2ea37896e632a94951d008abdf89b419f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a9a3dcc33673383d77e4ad0b6b29ee65
SHA1 e291a52ee8c0e9b147c289e97d963bd1919f9812
SHA256 5440a431524a8842a273be685289ef34d7018c6b39a4dc62d8a264b6a0e413e0
SHA512 b596ee3fcebf302deb3cd9344feffcc8814396bd93663a1dac1e125ef15d336bbc8eca5a3cd1847329550f7f234b537531fd7e9e5cde5c23f58bae330dcf7b44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ax6990.exe

MD5 a242751b06478b4cf91870418814a30b
SHA1 ea12da77a35240c060a16287c4e1603da2c7ccf1
SHA256 a31063ac6378a3f940a68c05a79fdbca937e3feb3e1668e6cee87f30f4f70495
SHA512 fbaaae37def4767ebbccff9087f2046a4e4d03dd27cfab1a98b65104643d864d8484f117310798081a075e183ca7707be79e678b087097e1fef1bf0e31f32036

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1c6cfc628d793e0d3ea8b1054f17788b
SHA1 dae04ecfcac913cd5511e3f546e886444c312ed6
SHA256 a01120283711e1c01563445a638e0d0a7e8bf8d2f6eb19e5ae51e4b7025463a7
SHA512 2d3f24c816359795664c4662e2d114a9389da6dd0807b65d9bd90bf8fd1918ab7a5afb17a908b0771589c5daff76bd7755c3e7b489a03f48dc68813ed0eade52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 af22d0433373fa41da8acc886b13f2e4
SHA1 bbd9b3138476a5f2ee5566c5139e9c58fb999ed3
SHA256 64c437eb656c81572430aeace3567f9f14abccc8778038f755a416131e7678af
SHA512 c288feb70e9c61b0ca5a6ca091ae5e0c6e432ffb24ed0cc51be5bc7c48e615d35dc7b101b517a80efde49c370af54f2ea37896e632a94951d008abdf89b419f6

\??\pipe\LOCAL\crashpad_4996_LZQYRYLUVTKMRDMZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 14707790f74c940dcf5a46d59060cf2b
SHA1 15193093315da3544edcb4d570b92c159ee556fa
SHA256 6d16db54680b1e33496a7a5f6bbc224c7baef42ea83b56f81ada0b3e5fbf0ebb
SHA512 016ad175ca68116a2f857172b046fb90d26d83fd7518ef9a27460776d81c88b5386535d13509781cced7e883794a3bcf5b5e62eba1d9f5dacc9d87ee1d0407a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bfa29cbae2ffbd2be0fc8c1e8acf6b5e
SHA1 9e3bc2e722690590822a942117d47e45fb8b6240
SHA256 135790944fe3ade864e419f41da1f56f16833869bb6a893fb1f4330f80c191a0
SHA512 4229a5e5a5fd2c87ba8b077e2e7c8dc1782c1ae4c285dee85e7c2d22c8e23b08c6b60ec285364e82c5f985971e5e9d4dacbf88217c12f7ed050a0a255dcc37eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ax6990.exe

MD5 a242751b06478b4cf91870418814a30b
SHA1 ea12da77a35240c060a16287c4e1603da2c7ccf1
SHA256 a31063ac6378a3f940a68c05a79fdbca937e3feb3e1668e6cee87f30f4f70495
SHA512 fbaaae37def4767ebbccff9087f2046a4e4d03dd27cfab1a98b65104643d864d8484f117310798081a075e183ca7707be79e678b087097e1fef1bf0e31f32036

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 31ce30a87e532769997392e8c8a14813
SHA1 bf7fcd437dd9b2ea986216ecad581021eca5c8c7
SHA256 c345373fbffb99dc2e9e78ff94176fae6098a0ac0f3b26f52f29f55b10db92b5
SHA512 7c85e3af4280ac40b77c3ba0466b39b5bc3ba481474a5a43203893dcc74721696bd38d627a7eaa8caa0c8af842a138c79af2563e0930a7c6c2cab5d3a3860257

\??\pipe\LOCAL\crashpad_4356_YLMUBTFLHYSEAAQC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1c6cfc628d793e0d3ea8b1054f17788b
SHA1 dae04ecfcac913cd5511e3f546e886444c312ed6
SHA256 a01120283711e1c01563445a638e0d0a7e8bf8d2f6eb19e5ae51e4b7025463a7
SHA512 2d3f24c816359795664c4662e2d114a9389da6dd0807b65d9bd90bf8fd1918ab7a5afb17a908b0771589c5daff76bd7755c3e7b489a03f48dc68813ed0eade52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 31ce30a87e532769997392e8c8a14813
SHA1 bf7fcd437dd9b2ea986216ecad581021eca5c8c7
SHA256 c345373fbffb99dc2e9e78ff94176fae6098a0ac0f3b26f52f29f55b10db92b5
SHA512 7c85e3af4280ac40b77c3ba0466b39b5bc3ba481474a5a43203893dcc74721696bd38d627a7eaa8caa0c8af842a138c79af2563e0930a7c6c2cab5d3a3860257

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a9a3dcc33673383d77e4ad0b6b29ee65
SHA1 e291a52ee8c0e9b147c289e97d963bd1919f9812
SHA256 5440a431524a8842a273be685289ef34d7018c6b39a4dc62d8a264b6a0e413e0
SHA512 b596ee3fcebf302deb3cd9344feffcc8814396bd93663a1dac1e125ef15d336bbc8eca5a3cd1847329550f7f234b537531fd7e9e5cde5c23f58bae330dcf7b44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 af22d0433373fa41da8acc886b13f2e4
SHA1 bbd9b3138476a5f2ee5566c5139e9c58fb999ed3
SHA256 64c437eb656c81572430aeace3567f9f14abccc8778038f755a416131e7678af
SHA512 c288feb70e9c61b0ca5a6ca091ae5e0c6e432ffb24ed0cc51be5bc7c48e615d35dc7b101b517a80efde49c370af54f2ea37896e632a94951d008abdf89b419f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 14707790f74c940dcf5a46d59060cf2b
SHA1 15193093315da3544edcb4d570b92c159ee556fa
SHA256 6d16db54680b1e33496a7a5f6bbc224c7baef42ea83b56f81ada0b3e5fbf0ebb
SHA512 016ad175ca68116a2f857172b046fb90d26d83fd7518ef9a27460776d81c88b5386535d13509781cced7e883794a3bcf5b5e62eba1d9f5dacc9d87ee1d0407a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2883987284431e3ff357b275bee0d0a4
SHA1 dacf4152d63f4cb83e2e4cbd4f22ab4ca5f979cf
SHA256 7dfae3e4d55940a910d5de1c65ea3a13dc1b1ee1a55902dab9dd3ade28516b3f
SHA512 3c6a4f8a76704ea151b02b56814096c94bfb593ff36a3884646f9ff4b7c27d6ac46b7defac17c6e47d1c4cd7919c56e18f54e26d2fc0bc2e4be78bd60ac393a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bfa29cbae2ffbd2be0fc8c1e8acf6b5e
SHA1 9e3bc2e722690590822a942117d47e45fb8b6240
SHA256 135790944fe3ade864e419f41da1f56f16833869bb6a893fb1f4330f80c191a0
SHA512 4229a5e5a5fd2c87ba8b077e2e7c8dc1782c1ae4c285dee85e7c2d22c8e23b08c6b60ec285364e82c5f985971e5e9d4dacbf88217c12f7ed050a0a255dcc37eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1c6cfc628d793e0d3ea8b1054f17788b
SHA1 dae04ecfcac913cd5511e3f546e886444c312ed6
SHA256 a01120283711e1c01563445a638e0d0a7e8bf8d2f6eb19e5ae51e4b7025463a7
SHA512 2d3f24c816359795664c4662e2d114a9389da6dd0807b65d9bd90bf8fd1918ab7a5afb17a908b0771589c5daff76bd7755c3e7b489a03f48dc68813ed0eade52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 36583f71225223d3ec1fc900f4d1ebdf
SHA1 c0fa4ef8588b41d1b012ffdc1dec60073d3e3506
SHA256 8628ce6bb3d0ab1499eee3dc5781fbd54a3890a6996d56f7d26c267c5771b33e
SHA512 1bbfbc02b8718eef3714145542c53f0677415dfbaf070cb43857a6cb9f528869e164b50abcc3fbe87039d284e404f20dcd22136dcd1831a4ad819acab09a0fdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fdf77f2b481b2e086f7709882d7eeb7b
SHA1 1f9c2cb9e06101cadd31b3c98e353276c95c3e63
SHA256 55922e43b501ddd1cd9703d50d8a9caca85032d5fc9410d1a8054da8c70ea25b
SHA512 aff31af2d05853a612e4f59aa7b25dcc1406e448ff1a5b7692e964b8186600119429bd81d03c8b46c2b04f3996c38b21e6ad80e0fd740b9865baf8940ff0603b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 933a975f5e8a7035ad15ebe9a7a93e27
SHA1 66de3ad4777c89e171496e98b3b7a25977eb4707
SHA256 2bb591fdfc01cd9f1659160b50f157e505e1814aaeeb84f9832e4910663087a0
SHA512 40b53f219f2107aed18449a8ea5a5a40bd1132efaad1ae336e4dbb2894950137fcf3a209126f2ba84799c9ae088ee107363e5a87e57831c4cf09f64f13618357

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 f1881400134252667af6731236741098
SHA1 6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458
SHA256 d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75
SHA512 18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450

memory/7436-342-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7436-345-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7436-346-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7436-348-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 10e2f194782459f1088bbca58016a4f4
SHA1 6b53f2720fda5d69d07682d5fcb526cd43f19e36
SHA256 c2bf31b0ce6c772ce573f383740b5116426dce82379c0c296a9f15cb4cb03416
SHA512 fbbd8a8f957feda58b2df6453c8b8c2c09c04ab1905161283fcc125dca43f62cffcca8d782e17130357265c0c782af04dd325a1978e7c4f06ef2f90c5ddce0c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585c34.TMP

MD5 a6988e785dd0b59a509823c59a2498dd
SHA1 a0284a82f9470e3e8e86db1bc01e133cbafb78f0
SHA256 38a8b0ca1e3970078853944dc8391207b0be874dffed9873a06d1dc041876e45
SHA512 b68f3769fcf77ed5e12b47f0df070236949344461366beb38cbf7722665ea86257d7ee7dcff054fa086846e451a07f4ec771c88f0f26703529b28c0e845ec649

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/7628-419-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7628-420-0x0000000074B90000-0x0000000075340000-memory.dmp

memory/7628-421-0x00000000079E0000-0x0000000007F84000-memory.dmp

memory/7628-428-0x00000000074D0000-0x0000000007562000-memory.dmp

memory/7628-437-0x0000000007750000-0x0000000007760000-memory.dmp

memory/7628-440-0x00000000075A0000-0x00000000075AA000-memory.dmp

memory/7628-444-0x00000000085B0000-0x0000000008BC8000-memory.dmp

memory/7628-450-0x0000000007870000-0x000000000797A000-memory.dmp

memory/7628-451-0x0000000007780000-0x0000000007792000-memory.dmp

memory/7628-460-0x00000000077E0000-0x000000000781C000-memory.dmp

memory/7628-463-0x0000000007820000-0x000000000786C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f280ae6513ca6c974fac6cc559c676f6
SHA1 d3e98c05bf2256471856119c0490d411535ed411
SHA256 f3778b7ae8d6bf52876c7324b81819fb957db63bcd78ff5e2dc542590ee46368
SHA512 40563daea449161f8bca59de9f10d1ba2aa9b35867590191d43dd2116b7756aebf0e216d030873ffefe873558ebe6fb3d339b9a9f044198c2fd5f94b124fcfa2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c4c29041a02f3f497fecf746de94c3c4
SHA1 aa1af93442107f38ddd30bbdadb39dc86146bd92
SHA256 6195699867b31b7b98f879d1e8a286ec41c00f438f4bc741a850acdcf624ce21
SHA512 cc34ada37e3c5c570b4d9990bca214ffd346f9670dcfdfcd9a8615bb995c0b684ef74b98987b783b3e9fe7dd12d3b8422b28ced3d305600141f65fcf4ac7b32a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d35f4e0f2eff25b178fe1562ef6a82e6
SHA1 fa86af47f73bfebfd43e15bb04c338e94fa14217
SHA256 f2fdbb056cd2ef263d719ea1c6cf3bfeb784b7b4218dd99b32451a3cb40f2912
SHA512 133335f0646a989e7ef1a2743bb1079fc9d86238d82ecf8e2d537907fe49d5c2b6e6595be763bae113de02c8c7855227764d3c2d78319d6235608ed8a6b197a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/7628-814-0x0000000074B90000-0x0000000075340000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 a2d32095974b62a400d9772c54e103ec
SHA1 acd26428816a73cc4004eb98c5d3386deb34017e
SHA256 4258f104fe2742ade5473195306394f24493e1d4a0709d3a7d384ee863a9f3ec
SHA512 b03afbc08d9ce4189976635d2b79a8858602484c890f9e008ef2763a6b7aa537c91a88f7a7d81758aea46b1c1c92c7218d33db09b729d4459d3d585d5f0b2f7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe58c8f8.TMP

MD5 05f6f0d8599b3222444cd8701c4c597d
SHA1 b3413eb43c0b329c4dd738ea0a1dc8b49600b9e6
SHA256 0da6944e555a4a6a33e499aeeabe0a1c7b225c23c8c28b771c159a69104ee7cd
SHA512 fd00615ced85ea05c5ae6fe5a1ee1df217bed1d2b3958bf4b4d57ac201c6cf517d5306d6d17bf30f04b9c2180df57688df379b3491378a9baa300c48626cec01

memory/7628-928-0x0000000007750000-0x0000000007760000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7ab91e54e87bef38e1536609fdf42829
SHA1 526691f6d7b58030aaa72f5df6bc060cf6b1286f
SHA256 b9d99ed0d67d5dbfb566b15f58b46affa71728da3b64657d7f49e6507d32b2f7
SHA512 309e36372719e9eadb2f8d50784613f880831222c8cd176121212d6626cb758628e3f75f89bb40c584c36ec5ff46a5d330c01f8bc2beb50c4ea74daab30e4c69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 223bb664c86bfea994b5cf3ebcfe8813
SHA1 129933132ec0a877e914186b77f6bfaf3bc0d04b
SHA256 d07da586336cff276c8f31f1040734400610c54bb185c229b4b67e8e81f5ed86
SHA512 55e6fbda9779c53ee4b0d0f3fdeca347c61f49602a566b3a0800771f57f1d50cb495f1c941ff0cb4675033d368e9f9ba0af5304072801b4c2112528f6c48adc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\210da1eb-8c85-4789-9704-a0baa62017c3\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6cebf527d8ef4530a322c0e341d65934
SHA1 d16be8a1e5c5c57e2a0b2d3831c8ea4ff9080d12
SHA256 8101fff81e7046b010d1116a6edd425989c63d565aa82892a8c2d38aecc09574
SHA512 0e101ee15898c9ffa999bbfe22dfbb8b4eb656cf5daa1ea38e540b184e017146de99ae2aa46e41fbdd2a443e9647b4368af6e061668992b0fbc4d9bef99eae23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d21aaeb7f8ccd9db89a7fce773109f99
SHA1 e852f8849dd3a06474aedbc36247d9408aabe3b3
SHA256 60ef33676ec2873a9210ff559c5cc97f44a2d4d273f627b3c2dcaaa32921a42c
SHA512 b8927f7eb460a1f6f4fb7711cb0c686cc8517eb7d341fc13eb8023fd4a90174f5612e674ef8c2a0014de430fc3bee593ade70c95ed7438e4e0edbbdb40fb1b19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ecbdb49657717f4c1a4651975502d1bc
SHA1 afd3177fc353b66d898ab837b728c892760ddff6
SHA256 8d00c1e9fb57b0c4e9741e3526c49856123c8483ef843589e1b7ed88d7f29e56
SHA512 fb45869def4350bb8ef27cc5a4f6425458e2dc020109180e354af0d0476f03e13af4e33f247c0b78ea79e83ac150250daf6476902f47ccace8258aaa811439d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 dc0d1ba6896bf1da8c9cacfb879843ce
SHA1 43579b56759ff31a79555850ce87182332d46263
SHA256 592d25c0671aac8b7845186c6242d339f62d783a1fd06ebf9a8090970fc2c04f
SHA512 0c197b8f9a9256713029710c367bf73dd3316c89008e1ad1808ae1002ae9f26384eaa53b5e9d86335f671d65cc502c1f7bea65f207672fa3cef236452d96dec0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 23cf2ef45692db58be59e3faeb6c2c43
SHA1 f21cee7bbfda352a2875385031d34dfa2cfd9933
SHA256 3469f36787d9700810780d969d57d1d86dab0847c2211755d181ad5c6690ef5c
SHA512 2019d637425d6a3ac4563f43c7a77398b4729a164d99060326f0ce0004ffdb4f5c6b07db67924fa9aba0dc7c9ffc1791ee24d359e41e77902a20a279e0d8aecf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\91ce7cb3-4214-4230-adaf-ba7bff2daaf9\index-dir\the-real-index

MD5 e2507e9c961a65d0ad83f5dff49f3092
SHA1 7a763543a5485d65e8972a46376c7cf143fbed36
SHA256 4e2fb089098a172a6d9c129fa46e7ceac76491db804d96e7ad194fe70a0d02c0
SHA512 6fcd2cc9afe19eb3b1a78e36272fb0aa6a41d88db4c951bd1c39f392b19d0406c9e901a6a4efd1207b372a9fbe340d0202fbaae26e239a77a167e86ff06b1b5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\91ce7cb3-4214-4230-adaf-ba7bff2daaf9\index-dir\the-real-index~RFe591cc5.TMP

MD5 f0ccafa65aecd803df371569c487771b
SHA1 ee8f0f6f5f32d353a1a0ef5d2c3838c677a7b996
SHA256 e649ee5cd0526daa8bbb4d851719b223e1d623f4491a07bb416e32fa45f22aa6
SHA512 a77856c775658fb7401b66dbe625b95781605e526780b3779af869b56462ce93e04941d881f025a162288ba813c6b24a94158cbab03d09a8bb99a3c9d407c467

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2495e2deb9687261afba6503780669e8
SHA1 4f8522042b776b0bba105c111aed1c08354ea8f8
SHA256 85c2cc42bc0979829cd735697d805692e93d6e364a48ad6994f38e858c50393b
SHA512 25aa5a3ddda8fee79ec2635639a0fe8886f4c9afe388a8e63206b5ccbc717c8d87be469125438412f6465e435776ba3ba1d1afcadf1aea47a59bb72f5a7dc6df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1367c7523b1048a573c4faa7a6c48f57
SHA1 58999e06fe37e7c045249e4c9bf00ce4cbf33849
SHA256 8526ee554608d8fd1daf9b21815f9df8f8523cf3e548921d99d55f325dfbc908
SHA512 9de224329da7e8349fb113d56756b38d6a6e67c15da5b0cb49c9ea60dcc573a9db1ba1987b9ef5940ff95ccd635e754e186a18d9238138b38e20b2b7f311e3d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 76a90058552815945e027e0d98a21e21
SHA1 1dfbc20213a1a9979deb187950a6b71ec7b65a12
SHA256 49044184bbd20162a8640da99027340468cb4e5be9732368e809d0230ea9c03a
SHA512 59c91a6a2e784eb44a2937dd5f9ad94b8622c3df8a9ecdb43272ff64e4d7778c5049e7452de654f50f757b4e260045e95dab57f1800d499cc8e3744b5f90973e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595078.TMP

MD5 d2a189f5a3ee52aa06268e2d745d028b
SHA1 c3b5b67ed35c726f6ddd2a4dcd1e0b0fe4e6ce7d
SHA256 cbb3e781aedc6732c9cede876c4d0595c5648235ed319aa16d2513fde42c3793
SHA512 90f0a61cc920cf2b2e3aeb48806cda162d071e70bf0cbd65779f1dae53e111dbc17e1ef76a3305407e18c4dc00f2787e6b8c89c60fc20637cd6554c969175515

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 69fbcd7faaf3943c8de4d19035754d03
SHA1 494272af024fb6e40314b0862bc80c69799c1d27
SHA256 50d751f36112d9aaf79672f147550f74d407a7efb3e8bc43206dfc932be51e5d
SHA512 c8608a36402cb8829156162fa85b16f3527977ddbb0938652810fe7359c5f297cb86481051912d7b0266b967bfb109d9af013dd0774935bd136de8911fddb012

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1cd8620669412d3ef8b728268bef6776
SHA1 ce3660891e1fef85da6d4e7ee61a931010b6276b
SHA256 2ce540d834835fc184d7eee43455edfee282ab12936deaf3d14500f68f13412a
SHA512 323362d2d0a845941805d61dce8c7650541d006feab79f80b136681ecc6c71ce064c4de2c450d4b57f77c9903ab1e09eda5586d1a953a558b552d9d4bab6e913

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7480458a-b150-4aae-9124-e561e22c9c8c\index-dir\the-real-index

MD5 dd8d444d5e3dacde1278c0a221b7d919
SHA1 826637c68890e12e5f7e2ec111d27580735d3c12
SHA256 a5e21033ea51c53d848afcffc2c64f22c4304bb7e6ec5a00db36843d81d063c7
SHA512 a3e6d6f8787959c5d5ce1ee908d8ff7f638892fa9cb1913b467ca0c02ac357890f85e622a1f090e83751e7d8e6effb52eea960c6cd1ed8e04973118f443113c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7480458a-b150-4aae-9124-e561e22c9c8c\index-dir\the-real-index~RFe596d37.TMP

MD5 3f3b93b8a7e5b65e9d57e1b4d8261331
SHA1 a6fa80933d8143b4c537b19f8740699e9c0d8a16
SHA256 4ae0624c75d4bd8e5ae05c19fc0cc213d02a0a6177cd97775bf8ed1f7e93077e
SHA512 51c8fdeb4fd761d62486bc770fbe68243cd331c45ab1d10309efb6d8d9058a8778a9d827e82b6138ec452c72f2bbc2d669c2ac5941693169170b1547aaf6f4e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0902f24646d2cf6da183a63d09521d72
SHA1 455bfd684933d72eca934fab64052e5bdc5951ae
SHA256 b4d8280ff2a2cb02c337220d414b3921e9ea6139de94e9f7350acfcce7550843
SHA512 2549eb9e4e1e9926c58503e34fb4da6be128697983c2c508803393940dcaabd836987d60759359589725c81143d2d6724846babb5e462991e488e4d5a8312b86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\4813e30b-a9ae-48ab-956c-8ee1917e885c\index-dir\the-real-index

MD5 016022ed4602a5cc2ff7cb6b88e972a1
SHA1 b9dc3c12b2d85205c6bd87ba48d4306e37275341
SHA256 6b8675e18c169f03743d8768b8d3dcd1df34136fe1df43afd5a6c020b4ab2e75
SHA512 dac757024c2a534ff8e487fb0f89c9504da789e203245cb35cd4b15ed27ad195f3f6bad1b629835bb18f972e1c2bc58bc2dd1823f39ab2fb748456e720cb7027

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\4813e30b-a9ae-48ab-956c-8ee1917e885c\index-dir\the-real-index~RFe5992e0.TMP

MD5 847011629f21a45bca87b8465603a0e7
SHA1 85f9587ece349818f483210d0ac4a82e09748ea3
SHA256 7e220fe5c4f953d5a94870666c5d40143510564878ba306899fa0a4992805628
SHA512 075c350f3e1d81bdf81ca65404240d51032c366305cdd39ce9efe94760c202ba78b1c400cc8af1412643293df1e34b450227829d564e51b02a46d40d6b553dd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 08d756416f4dad27acf89a0699b46c89
SHA1 81bdd49cd680286ec9563bce8766c18f3a86f6be
SHA256 eab47c6f6dd6f3dddfeb29b22053bf9e14140925ff207ae49daad577cb21073d
SHA512 5289953f01a3c07d76c8d9790a253ba55f9990450a4cb63b26c265e53b22ca3b7917ab3c0e2d36bcd22fa36d059a1214c44cca9f14cfc5a10c9e078556ea7fa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3ce66510724060e5bb04977c374381c1
SHA1 dc5f2b458b422cc5fcc3030df11748ddcca31813
SHA256 033a1f1f29d755a7229a11129824acd8800933ddc4e365fc52a8cf5c8e9d234a
SHA512 e98ae83cc66f7868fe4c3ba70fe22a6ccab69bb820c04f66c2467c4f73ad4943286391818529cf99e830dc0fa636f8eb3dc5587ca61676a5846b2a2bcadfd9c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3e0587c44b868ede645f69c9966551fe
SHA1 16da8fb68c968544f3c35a1e1fc083e2cfd3cece
SHA256 f9473ad1435dbc1c00ffe3ae9d31e873753a21393c993ad4f8e8ff3539a37c59
SHA512 4bce496dafcc36c5eca29c44b2e5a56ba3c6b05a95bc30e2ea7eca19a0617a72c99992075ce237df313f9ba1ca1c4a77aa87190a2ed23ee089573d8e35c94a7e