Malware Analysis Report

2024-12-08 01:26

Sample ID 231111-m27fbaeh69
Target NEAS.b05b5b5854ce0c5b00dca2d9cda190cccabd42550ee3b0353f3387472cc29e13.exe
SHA256 b05b5b5854ce0c5b00dca2d9cda190cccabd42550ee3b0353f3387472cc29e13
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b05b5b5854ce0c5b00dca2d9cda190cccabd42550ee3b0353f3387472cc29e13

Threat Level: Known bad

The file NEAS.b05b5b5854ce0c5b00dca2d9cda190cccabd42550ee3b0353f3387472cc29e13.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

Mystic

Detect Mystic stealer payload

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Detected potential entity reuse from brand paypal.

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:58

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:58

Reported

2023-11-11 11:01

Platform

win10v2004-20231020-en

Max time kernel

149s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.b05b5b5854ce0c5b00dca2d9cda190cccabd42550ee3b0353f3387472cc29e13.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.b05b5b5854ce0c5b00dca2d9cda190cccabd42550ee3b0353f3387472cc29e13.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Oj8hY35.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3000 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.b05b5b5854ce0c5b00dca2d9cda190cccabd42550ee3b0353f3387472cc29e13.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Oj8hY35.exe
PID 3000 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.b05b5b5854ce0c5b00dca2d9cda190cccabd42550ee3b0353f3387472cc29e13.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Oj8hY35.exe
PID 3000 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.b05b5b5854ce0c5b00dca2d9cda190cccabd42550ee3b0353f3387472cc29e13.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Oj8hY35.exe
PID 1144 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Oj8hY35.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe
PID 1144 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Oj8hY35.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe
PID 1144 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Oj8hY35.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe
PID 1908 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1400 wrote to memory of 3400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1400 wrote to memory of 3400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3560 wrote to memory of 4408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3560 wrote to memory of 4408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1908 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.b05b5b5854ce0c5b00dca2d9cda190cccabd42550ee3b0353f3387472cc29e13.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.b05b5b5854ce0c5b00dca2d9cda190cccabd42550ee3b0353f3387472cc29e13.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Oj8hY35.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Oj8hY35.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffda93546f8,0x7ffda9354708,0x7ffda9354718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x164,0x174,0x7ffda93546f8,0x7ffda9354708,0x7ffda9354718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffda93546f8,0x7ffda9354708,0x7ffda9354718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffda93546f8,0x7ffda9354708,0x7ffda9354718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffda93546f8,0x7ffda9354708,0x7ffda9354718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffda93546f8,0x7ffda9354708,0x7ffda9354718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x170,0x174,0x178,0x14c,0x17c,0x7ffda93546f8,0x7ffda9354708,0x7ffda9354718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffda93546f8,0x7ffda9354708,0x7ffda9354718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffda93546f8,0x7ffda9354708,0x7ffda9354718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,14311178600313674318,12365592899357795251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,14311178600313674318,12365592899357795251,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10197389762378215645,11500972819521684070,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6364879860592387596,1112929805286851540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,16992362784895097584,17758163333671818618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,16992362784895097584,17758163333671818618,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6364879860592387596,1112929805286851540,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,2791650947449682729,13684850754958466197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffda93546f8,0x7ffda9354708,0x7ffda9354718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,2791650947449682729,13684850754958466197,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10197389762378215645,11500972819521684070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ie2Xj6.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ie2Xj6.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,4215241480724153544,2056970684969967097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,9698468475640402826,9787136265641142879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5cz17EG.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5cz17EG.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 7628 -ip 7628

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2694444952271040153,1950843542375101984,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4584 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 twitter.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.paypal.com udp
US 52.20.148.191:443 www.epicgames.com tcp
US 52.20.148.191:443 www.epicgames.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 191.148.20.52.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 t.co udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 104.244.42.69:443 t.co tcp
US 68.232.34.217:443 video.twimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 22.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.162:443 googleads.g.doubleclick.net tcp
NL 142.250.179.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 rr5---sn-aigl6nsd.googlevideo.com udp
GB 74.125.105.42:443 rr5---sn-aigl6nsd.googlevideo.com tcp
GB 74.125.105.42:443 rr5---sn-aigl6nsd.googlevideo.com tcp
GB 74.125.105.42:443 rr5---sn-aigl6nsd.googlevideo.com tcp
GB 74.125.105.42:443 rr5---sn-aigl6nsd.googlevideo.com tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 42.105.125.74.in-addr.arpa udp
GB 74.125.105.42:443 rr5---sn-aigl6nsd.googlevideo.com tcp
GB 74.125.105.42:443 rr5---sn-aigl6nsd.googlevideo.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 254.21.238.8.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Oj8hY35.exe

MD5 739fd85401c784d7c74e074627ce32e5
SHA1 387a5b906093c2f9a18175d57ecfe4d55320d03d
SHA256 a604686962456b31e60ab1c0d58d74dfd975b65d19f4e4c68be3db5dc8de79a9
SHA512 834c2daff31eb7acac46ac8363b88c65f53c482cd713cdf22c3a92396368668d8ef468ac73063d1b1f9a8752e1e24600ea327abe4a8b87bc5710e387347c4c3b

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Oj8hY35.exe

MD5 739fd85401c784d7c74e074627ce32e5
SHA1 387a5b906093c2f9a18175d57ecfe4d55320d03d
SHA256 a604686962456b31e60ab1c0d58d74dfd975b65d19f4e4c68be3db5dc8de79a9
SHA512 834c2daff31eb7acac46ac8363b88c65f53c482cd713cdf22c3a92396368668d8ef468ac73063d1b1f9a8752e1e24600ea327abe4a8b87bc5710e387347c4c3b

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe

MD5 ad80b04924f16dfd4f48c1dddd049c43
SHA1 dec73a73ca7bf000dddba1a692f255a4249123ff
SHA256 2770a2447e10b89ec563cafa53aae8fff809ef2d0b5fc03eecbb4724de4d802d
SHA512 532d3290e1d160c48f2864c3d5f8bb9ed4bfdb18895ee433540d0158e798086f4a5b0b95b747b17118fddcc091c72798607bf02ef30bc5be3f3335154572ac4b

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Tv552Sh.exe

MD5 ad80b04924f16dfd4f48c1dddd049c43
SHA1 dec73a73ca7bf000dddba1a692f255a4249123ff
SHA256 2770a2447e10b89ec563cafa53aae8fff809ef2d0b5fc03eecbb4724de4d802d
SHA512 532d3290e1d160c48f2864c3d5f8bb9ed4bfdb18895ee433540d0158e798086f4a5b0b95b747b17118fddcc091c72798607bf02ef30bc5be3f3335154572ac4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_5068_WFNFRBKQQULBDTNE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_3544_GNZHNXELFHPHRTUL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1340_DMOYPYMOVWVHAUCV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3560_UAFYPWQXUGYWJKXX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2172_VFTIOGQMLYMYJVEB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_1400_JOGNXTOTVGXNCUOB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ie2Xj6.exe

MD5 ce92db3af33ed2fa19398e10c9205688
SHA1 4e57d526e2e64bc8c71a6340a5a9ca1440660c31
SHA256 b97f5427bec5a1f21f56ea3ab0b837974be7a42d7cac17bdc17779217fe3b458
SHA512 92f6054e3cae5bfb10b75a827aca20ed3e03444c15a0e6d04c14cb309c3972a2ea43c72c962aaef820e221484989889b75948f41a9b43f17bcdefe1b2eb3125b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 28c309e155fb6818d99fdea0f049fced
SHA1 0e5b3cb4f3e67273d40c92099cec8d786af507cb
SHA256 a51a9a069fe1b6c35dbe6b14b9a60d2a1183e968a72c5122c8a09809f747a7fc
SHA512 0e8383a9b80ae89963903f123a79fbf60e2cc8939d2c981968a966437efb3209a7a2d5ef1a3771972250b55e132d08ffa7af37b7704b3b2d6a2245e3a5c05378

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 538a775f8d4b0fd9413aec127de17d87
SHA1 ab0eba48ac215ea47f1ede1b658e5fbcdfa96bdb
SHA256 8a7fded888a70b8d620d5c1a396681ed53a6064735ffb73509ed55784bc67e7b
SHA512 d0da15d56783ae12f047040ea6df3acaafbdafb53074cc28c58e5c3505130baf5759eb8274ec77a9bab59211b732c0cf5e935804f67c431a333b4dcfef763a4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 538a775f8d4b0fd9413aec127de17d87
SHA1 ab0eba48ac215ea47f1ede1b658e5fbcdfa96bdb
SHA256 8a7fded888a70b8d620d5c1a396681ed53a6064735ffb73509ed55784bc67e7b
SHA512 d0da15d56783ae12f047040ea6df3acaafbdafb53074cc28c58e5c3505130baf5759eb8274ec77a9bab59211b732c0cf5e935804f67c431a333b4dcfef763a4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 70962527d2135ecf40e4eef54655da7e
SHA1 dbb2ce04bf918ae9f139b35528198b16266bd218
SHA256 4ff1a4d2f1359d82f6dbb765b2f7bbaf2be3e729bf1302055d83d45cf4c368d2
SHA512 076f74f3a8b0c6f83b3312dd0a41bd086d0517105ee9ee25cd0757aba8446cb2fd3eb09598c147459b924550f2c6cce8b467cd45fda5b43812af30fa97454e6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9226e3ff-1c26-46c4-b563-dc1c5bab3f66.tmp

MD5 483c629d0d920d515ad7118929c09468
SHA1 36f0e97e6724e38b349719153984e5eb18521902
SHA256 fdc5052dbd2135460669f4d60ce0ca946e255ca2c68fdb7429cbd0d648e3c1b5
SHA512 9a8c182569c2f1cda0fb76b21ab1b1b474a27b979bd13903c2664355493a1dcf8e102e9ebb5e61a887826818895306097496c9e04b506af3882fe4295aea47ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2490ef6552ee295298a7bfd2b61a7b2c
SHA1 b5dea24f1dd9f23cd0647d3a71df1d2b0c4da26b
SHA256 074e8e57b65c2214812e23577b1eba4c59a36b7e771aa30ca006436acecb4fce
SHA512 3f7574d45a8db85a504388dfa6f44b9738c28b8894af198a1b15bb5e3fd420540c8e878bf34e5086dd80ff6ba217b0efd22af3ca809bcc03ebea7396a2f98988

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2490ef6552ee295298a7bfd2b61a7b2c
SHA1 b5dea24f1dd9f23cd0647d3a71df1d2b0c4da26b
SHA256 074e8e57b65c2214812e23577b1eba4c59a36b7e771aa30ca006436acecb4fce
SHA512 3f7574d45a8db85a504388dfa6f44b9738c28b8894af198a1b15bb5e3fd420540c8e878bf34e5086dd80ff6ba217b0efd22af3ca809bcc03ebea7396a2f98988

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 28c309e155fb6818d99fdea0f049fced
SHA1 0e5b3cb4f3e67273d40c92099cec8d786af507cb
SHA256 a51a9a069fe1b6c35dbe6b14b9a60d2a1183e968a72c5122c8a09809f747a7fc
SHA512 0e8383a9b80ae89963903f123a79fbf60e2cc8939d2c981968a966437efb3209a7a2d5ef1a3771972250b55e132d08ffa7af37b7704b3b2d6a2245e3a5c05378

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 70962527d2135ecf40e4eef54655da7e
SHA1 dbb2ce04bf918ae9f139b35528198b16266bd218
SHA256 4ff1a4d2f1359d82f6dbb765b2f7bbaf2be3e729bf1302055d83d45cf4c368d2
SHA512 076f74f3a8b0c6f83b3312dd0a41bd086d0517105ee9ee25cd0757aba8446cb2fd3eb09598c147459b924550f2c6cce8b467cd45fda5b43812af30fa97454e6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4eb27761a854b019907792451aea98ae
SHA1 42cd159c97b745484f840166a4c05451f8d300a9
SHA256 c30c401813d64c541e29afb35642ac0031c5b4ec822651cd28dd519bce7522b2
SHA512 0fc865286adf1fd866f8c41f32294d667f27d63ffeb53487d16d16b3a11261739e93d7e2227e9d5a281ceab463d639688aac4ebe83a5a167132f290e4128c4a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 87186b6b548e5c3ac1719484ba72e289
SHA1 ff2471fb00d8408ef379b16378567cd25f3cc7d1
SHA256 fc3a69a360adbc1be44301f9ab3026d4dfbdc96fd17f1a69a829d7d5894eba18
SHA512 ffb3141c376609d354b1e8fc911874b378e7f20d0912eee8c66388f7f17290ea4b27d5a416232b7c4d7477ae0798660947edcdd93e241fd43c6bc906e993d947

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4eb27761a854b019907792451aea98ae
SHA1 42cd159c97b745484f840166a4c05451f8d300a9
SHA256 c30c401813d64c541e29afb35642ac0031c5b4ec822651cd28dd519bce7522b2
SHA512 0fc865286adf1fd866f8c41f32294d667f27d63ffeb53487d16d16b3a11261739e93d7e2227e9d5a281ceab463d639688aac4ebe83a5a167132f290e4128c4a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 483c629d0d920d515ad7118929c09468
SHA1 36f0e97e6724e38b349719153984e5eb18521902
SHA256 fdc5052dbd2135460669f4d60ce0ca946e255ca2c68fdb7429cbd0d648e3c1b5
SHA512 9a8c182569c2f1cda0fb76b21ab1b1b474a27b979bd13903c2664355493a1dcf8e102e9ebb5e61a887826818895306097496c9e04b506af3882fe4295aea47ab

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Ie2Xj6.exe

MD5 ce92db3af33ed2fa19398e10c9205688
SHA1 4e57d526e2e64bc8c71a6340a5a9ca1440660c31
SHA256 b97f5427bec5a1f21f56ea3ab0b837974be7a42d7cac17bdc17779217fe3b458
SHA512 92f6054e3cae5bfb10b75a827aca20ed3e03444c15a0e6d04c14cb309c3972a2ea43c72c962aaef820e221484989889b75948f41a9b43f17bcdefe1b2eb3125b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 538a775f8d4b0fd9413aec127de17d87
SHA1 ab0eba48ac215ea47f1ede1b658e5fbcdfa96bdb
SHA256 8a7fded888a70b8d620d5c1a396681ed53a6064735ffb73509ed55784bc67e7b
SHA512 d0da15d56783ae12f047040ea6df3acaafbdafb53074cc28c58e5c3505130baf5759eb8274ec77a9bab59211b732c0cf5e935804f67c431a333b4dcfef763a4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 87186b6b548e5c3ac1719484ba72e289
SHA1 ff2471fb00d8408ef379b16378567cd25f3cc7d1
SHA256 fc3a69a360adbc1be44301f9ab3026d4dfbdc96fd17f1a69a829d7d5894eba18
SHA512 ffb3141c376609d354b1e8fc911874b378e7f20d0912eee8c66388f7f17290ea4b27d5a416232b7c4d7477ae0798660947edcdd93e241fd43c6bc906e993d947

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c7250a11601b04335ee85667573f3d60
SHA1 3d4279489bf8711fb9410c94ccf23edb19fb5ef0
SHA256 a81284e85fb1bfba7a9a29f4b61cd854a6bb3409736e218a54e216f66490dcf5
SHA512 7eb3f5f433d878f18293510384589560ff7358b1ba6df1f612b1a2904433c45798ae5c283ecf0495e4c58e5cff793ed8572803d3086500a2e0a7db62c39bf59a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2490ef6552ee295298a7bfd2b61a7b2c
SHA1 b5dea24f1dd9f23cd0647d3a71df1d2b0c4da26b
SHA256 074e8e57b65c2214812e23577b1eba4c59a36b7e771aa30ca006436acecb4fce
SHA512 3f7574d45a8db85a504388dfa6f44b9738c28b8894af198a1b15bb5e3fd420540c8e878bf34e5086dd80ff6ba217b0efd22af3ca809bcc03ebea7396a2f98988

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 28c309e155fb6818d99fdea0f049fced
SHA1 0e5b3cb4f3e67273d40c92099cec8d786af507cb
SHA256 a51a9a069fe1b6c35dbe6b14b9a60d2a1183e968a72c5122c8a09809f747a7fc
SHA512 0e8383a9b80ae89963903f123a79fbf60e2cc8939d2c981968a966437efb3209a7a2d5ef1a3771972250b55e132d08ffa7af37b7704b3b2d6a2245e3a5c05378

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 483c629d0d920d515ad7118929c09468
SHA1 36f0e97e6724e38b349719153984e5eb18521902
SHA256 fdc5052dbd2135460669f4d60ce0ca946e255ca2c68fdb7429cbd0d648e3c1b5
SHA512 9a8c182569c2f1cda0fb76b21ab1b1b474a27b979bd13903c2664355493a1dcf8e102e9ebb5e61a887826818895306097496c9e04b506af3882fe4295aea47ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 70962527d2135ecf40e4eef54655da7e
SHA1 dbb2ce04bf918ae9f139b35528198b16266bd218
SHA256 4ff1a4d2f1359d82f6dbb765b2f7bbaf2be3e729bf1302055d83d45cf4c368d2
SHA512 076f74f3a8b0c6f83b3312dd0a41bd086d0517105ee9ee25cd0757aba8446cb2fd3eb09598c147459b924550f2c6cce8b467cd45fda5b43812af30fa97454e6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 87186b6b548e5c3ac1719484ba72e289
SHA1 ff2471fb00d8408ef379b16378567cd25f3cc7d1
SHA256 fc3a69a360adbc1be44301f9ab3026d4dfbdc96fd17f1a69a829d7d5894eba18
SHA512 ffb3141c376609d354b1e8fc911874b378e7f20d0912eee8c66388f7f17290ea4b27d5a416232b7c4d7477ae0798660947edcdd93e241fd43c6bc906e993d947

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e5a839e23749d8353f3cb668d7226b85
SHA1 1a5e767032cf747e990afb6e462b094039e22f8a
SHA256 73a9f3dbfbfe8bb72de88b1d43dbcc7e44816d70cf50a899f715cd297803fb19
SHA512 4a8f7893133c6f43bad273ccf83134439fc4edf445a97ace1f994588997e2e963e7b492efbf2e4add2a7ed35b01de602f598e1e1f03e1bcbc33ff9afaef370da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/7628-306-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7628-307-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7628-308-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7628-311-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7de99fbbe10109c90913e6e44eeadfe8
SHA1 eec0351013311ef3a8ab88fda2fa2d103d04132b
SHA256 0c68af6dcbd07615ee5901da3dcb8cddb53fb8dba90958a034524495ffbd766a
SHA512 68857329efd0b89de91e5330621225a5add081c791afdb1f341f70aa5b50dfb6cd18b8f0d9dfc07178aad731f29e6a45b1357ab4b78b4079288c24c6bae7fc56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e05436aebb117e9919978ca32bbcefd9
SHA1 97b2af055317952ce42308ea69b82301320eb962
SHA256 cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f
SHA512 11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/5692-375-0x0000000000400000-0x000000000043C000-memory.dmp

memory/5692-378-0x0000000074340000-0x0000000074AF0000-memory.dmp

memory/5692-379-0x0000000007760000-0x0000000007D04000-memory.dmp

memory/5692-382-0x0000000007290000-0x0000000007322000-memory.dmp

memory/5692-387-0x0000000007280000-0x0000000007290000-memory.dmp

memory/5692-389-0x0000000007470000-0x000000000747A000-memory.dmp

memory/5692-396-0x0000000008330000-0x0000000008948000-memory.dmp

memory/5692-397-0x0000000007630000-0x000000000773A000-memory.dmp

memory/5692-398-0x0000000007550000-0x0000000007562000-memory.dmp

memory/5692-399-0x00000000075B0000-0x00000000075EC000-memory.dmp

memory/5692-403-0x0000000007D10000-0x0000000007D5C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6b44067dae1c588c5dc279eadd93af2d
SHA1 c8983c2d3b3818dc60562632c22cfe22d56785d1
SHA256 9c1a64dbed976358c210633019f9d305194034e47bd8b36048b7506c7a9ee73b
SHA512 9f26f5fd27c7367a816d651605ec8e39aff79e7b5695a3d7be487f3539daa5f9cd0d689f738c3df2a95ad7c5221e420a600f40a9df4b156431c23ca389845474

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585176.TMP

MD5 ee4b1075220c284de67d7260f0aa8ead
SHA1 30b773e6d181009f118b8888e46a6593d3ba7972
SHA256 1f35276024f5b523515e5ccce521445008d032aaffe88c17a204e9a65cbc713d
SHA512 d8a73e501f2f7f761a8c39a83e98fa1bdb56e9294ba28eb17e752bd34455a7fca8701c120ae815557e06ae5d69cd5e895eb31c80bab55d9744fe65be750d4735

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b51262be-c4ed-4a8a-b49d-e9d9da6f1b37.tmp

MD5 31dc41f5380c17a1cca691fff8af1f73
SHA1 e687649d2c481f951a77823059091eee30f275d6
SHA256 72e4f1ea049e5885ec4cbb291e10e727017896e41efa1a6306f213921f00850b
SHA512 898b47684311c034cd4706b174abd68a6aa9b79f5ea169e26ea642c3c1c9ff374573aaacdd1bf8758042002986320965f40c8f8a1656118d694730e5051ad8cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 618a87651aa374645fe39a6b15b4ed12
SHA1 73766f0b8e5d7f1213e30daeef79032f08e16ffa
SHA256 41beff9fbdaff43fb52dd9f182685abe397210fc96599996330c6b04d7bdb20d
SHA512 6acfba84d5828fad4640bd1f601d9a9f7221e9a3e101bff9eb9d1cfb4b3d1c270899b58d84bab20d1b6c9637b42576de353327062b643cfd965e734ba58ad566

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe5857ef.TMP

MD5 3f1dba410328e6a889ad308a13626192
SHA1 3ba65de299d922e778df70cafe8a0449317239db
SHA256 78beca019216a495a07ae3fb74eeb2ef10c74ebb3656b3addbdd655e3860ab63
SHA512 b649e95ee249d5e52f55ca3c96259cf8a360597c3b8f972447d01bc65cccfe5b3fb001a06106d8e31ae4a1646022749cc43a77b49459dcb0555e0b5d726394d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 dd7208984f03a3327ca16bf87b69f801
SHA1 c00e430b63402e181b74e35bce6dfc1b23aad972
SHA256 d2e4d3a34a5a9dde966d45af771dfaafd371577a3c5e3aeef72b4a93632e44b7
SHA512 a29157fe802bb0b6814ac499709c2ebf883c2267b8c5bca500a98be48d5f8e101b63b09f4ea6e590c6b7d7fc8ba2ff1a4b9c3b421aef86efddf3911dfb90370c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\023e3559-988f-4dc9-9ec3-0b1be2283c9b\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c423125ce9507000bafa1c2317d51772
SHA1 01b01432463b512b10f7019e6fdfc14352d2405a
SHA256 6efcd8e67b1141e223b0c1103749ea3c2c57b8b2ca888b89641a34f145261fb6
SHA512 1c363f60b4e68e84087ab033e9a34d802d5db92c39d1895137f58c81770e324431b8e6d8e620c5a6698bd7c8a010de7da8e38d4bea7e513c682a1b25ed356d2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 571d2fd6f1d85599beb05f7fe30456d2
SHA1 28d8d1d7aad801482cf349b86afdefd53b5be9bd
SHA256 47231127828fc003ff44f3f9b5f13219fb5eb6f3494307b60d74d5daa8155e05
SHA512 400489f92b67b2d042cccd78d609e84a4c3edec1999f92b7092aaa9ca88a8852227226ffda1ea080ac79eb18dabd2fb400f1c4bc3c9808ea0646383be8f2b799

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e5fb2c0f786e756b03ea56c5b9cfab5c
SHA1 7175599b50c36ef1e7da57512ef21bba76437883
SHA256 0826969710f59794a63bd03fff030887e9d9bdce702f4b94d08e6c3ffc7c51ca
SHA512 3602661fe4d655cb1e0917ac337d4a2a4d9273d4760c43762dd7dc26f78f946f61aed81fe1e2c33aaccb34f74183b26c0cc110b2c5ea4a9a4dd1d8446ef2ad43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 50aab277ef8bb0a43215fbde54ed35e3
SHA1 2c64f2ee179b37a507d859209578f1bd830586cb
SHA256 adceda4d57745ef6271e894e894bd90316f1cc28e5a05425f179aa82c1cdd32f
SHA512 4eaca35b478a3bd63311ac7f1e22e64218bd3fc46c9104a0b67c20c020ff29675bba24bcd5c0ff971e5e54f7a75c5b1691ff6f62b49c4a009d893c781c6f3353

memory/5692-1121-0x0000000074340000-0x0000000074AF0000-memory.dmp

memory/5692-1192-0x0000000007280000-0x0000000007290000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a14e3cdb22f65162fb56e76cfebd9b52
SHA1 eb090de1e1d6ea2865f8e87c650d0a3d7554ef6a
SHA256 16f4df41a473db73adc53e00e3adc59a10b4ba8a1113d286720237fc99a43e52
SHA512 b0704bfdbb34608d01d8343a3313e7543592c718e4140fb51ca369cba8dcf39dd878f3dfce21cc260152d406bb10f600e551a2d38376fcf6581789b84276103d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5c0371ff4f35698cf5739257fc7448a3
SHA1 ce244efbad181ef132f82494899c21b3a1fbc754
SHA256 08ae613a3d0cf289061629857072a724b0f937f38d9ae70ad67a707eee031f72
SHA512 67b10e66e55f49befa82e21c0eac9fbd6c6033ec26c9302e15eac68287edec444b2a036bbcf248b512a491c31d010fcbe0554f8cfddb1aafedc077a524435e3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a5d0.TMP

MD5 9baaeb893aa0dc164395a2c216df2994
SHA1 39a43f8fad9acd1cb6af37e7a150b1ae8ebd1b49
SHA256 9ef6b4b6b94cf7d02d37482ba8290c4d317e827d9481051ed8c476748d63474a
SHA512 c4ed59245c132302ebb57811760ffec9aef3d4a7e97b2087debf6b1a8c05df30ada60e81fd6832ad64acdccb567cc760f31cdfee4978076d28b92e39db7ea460

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\33803dbe-46b4-4dec-a84a-42c3921996c5\index-dir\the-real-index

MD5 0fb3ff2e2b6df566990f00d183514b74
SHA1 88a555beb5aeffe2a451fe997dfde250ed2527de
SHA256 40801504219cfb0d8e614008cbecd5fd0adab8d14b6f5e99629f76f45b84cbf3
SHA512 b0b7de078173b7ad95a9b7cd2f5c363eea8cf8e66980a38bf4cfcd9badab21868ee6dd105be718a8d5fa1fa275226c4686d730b3376312fd5d93cfb44803b155

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\33803dbe-46b4-4dec-a84a-42c3921996c5\index-dir\the-real-index~RFe58b447.TMP

MD5 8c1670ed6c08f89923299cddfa61420b
SHA1 6242c20ee1de02a1aaecf9920a1260ac587d628e
SHA256 40cf144be5c251b7f5538493744439cc4a106a56f11080025942417f5db5dca5
SHA512 1be5f5d1925dad73e86aacdda3a8a46d8c1c3856d11c36ee88dcade0bc66ce1133551bc35ddf8fd0d9f98520d6ec81ec1d5216ba301d7b47bfcd6e442c8c16b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 40acdb52b487f450abc0b6771bd4f97f
SHA1 cdb84918d620e989cc1167425111c4c5bd7dea4f
SHA256 687d380fedf6b3718281734e2e7fcbacaa195e72756429546826077ff5c80b86
SHA512 a66e52e893ddf4786f97d60d01efe66cc4ce3ed91bea070119faeee021797297a659baceacc1c75ef6d2a27222ec6cc8cc245f850bdce7e7449a56f57f15096b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 20603104abff5c675b88757649d2f41d
SHA1 640e328e56af0164a20e3166a93ba8b193eff9db
SHA256 1579ad5c2a1ec2e33b8231752852b3b205383a2889d29eb864ef8a145117f384
SHA512 a96280db6cae283fbc4b33c8eef7aa53a35e09d8bf45188a9e35d238ee73e088288d35e866b9fd38dd8241dcb5dc730ba1bdbf2a75ecd59d97034354f1085fe9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0dcb7641b1453b7d55dae0708a2ba665
SHA1 b4e9a1d1d8aeddea0f700b3a3e7f5c9e24a74967
SHA256 131b1914ca737436bace3e4f2a5be3b04b2fa45bebf571b0e1c8db7281a351c8
SHA512 4f4de8c971f565ce7e47208752fbd58cb3890ad71dbebfea79a37bf01639715cf6f8e02d4e139130474c3021bda4e91e01e91234882acb4082cdd3f81f00acee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2a315ce67e078f99a64ba6beef117eb6
SHA1 7a7fb09cedc2dd8b7f8b0651eb9ab6af40cde918
SHA256 2050a8d512c28961cc62f185a5a06bd07ef540cdf801329abba38af51d63379b
SHA512 f89a2b6dbe5e285a5e9da43be26a28737742ce7465d92a60cbff61d1b4ea0aefd1be6c2605166a8451480342ba2918c727f9e8fb6ed721cedf34b52ff1820df1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8b57ef028b8f57693537f0324b6f5fb5
SHA1 09aba827d61e61faf477a907f33fece2f5f18a22
SHA256 8a4af3078dec5dbcb957c53a13f04d7d722c04517ea07952c6c2790157a79f28
SHA512 7545a7f1b1d5407ce82e8f37c692063adedcd8d0c769eedd00a066f1515794201afb6ea4fbadd26d5ac5953c1acd0cff5a4a37b2a9c1d3a733e0a42d41e5db38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 19802840bdab577dffa11a366450d9a2
SHA1 6bf41a46501f70b258d6cd6c7aa6b8b03d639ba3
SHA256 591d7f5f58243ee23557d0b4cea8bb651c28e920d5319dbbe6579e3586dfc7b8
SHA512 fc495aa2b7015bbabdcd28c61769adb0214b21b5e687939d66880c1e1d24f7c9a1ce4abc501524c9c77c421f20446436aa136c019e0c4b99d93021152e5b9da9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b056c57b3268bed72b5312ad5c4a7b7b
SHA1 99986367d9bfd2a32cd21ce92b4546fa7aa60fc0
SHA256 49ab83641b2086edc82af5b5a2e0eabdea580e1bd32054fd0cc626b6ae925b3d
SHA512 271e7d5d494da019490f9d1af7e7882f0e6d89072060414e675dbbb3fa83143ac84a72f928ee448be301c26eb799a20cd56ea1663b73b2381caf1894eaff8b24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 04a0e0967e5a7dec15b1952a51066498
SHA1 967e1283d37036022c2893da9bbe1f54eff7a9e2
SHA256 e7fd82a195914d8eb7d0e89fd6025151fd6e5a4b011467c1275b8c8089bc1846
SHA512 a0488ea638b2b9ed9161589bca6f384da6705ce1d733471f664f9daeb005345d572499a0bedad9c0fb44124db1b26ea36b7f37ce23f93f3e0ba499c35096397b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2e20c569317a200268d8982a3b0bf9ab
SHA1 0ee4d35aaea6fc89929ef5e4d7cd7e337e0029a0
SHA256 6cf6974161b5a0c13a166f0fe7ecdf6aac535ce5be35ad4b835f6d65b4f2b201
SHA512 fa1385e04110179485325a889533fb82cde2f3eadda9f2028d98298d404d78cb60abe908bc8e4c74736055d62ed7df2a3d1ddef8dc9538d59627d107c926d389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\232225a5-d643-4d79-b646-bc78c3a9acdd\index-dir\the-real-index~RFe594be4.TMP

MD5 c4f8bd903fc6717462808f4410df0313
SHA1 7a0ac636e1fc04ec797224ad25713d512cd4659c
SHA256 eec0f95c61da6be136d02601c87448d27f21bdad03561cd8d87da611ca9c9668
SHA512 80bd6e795ddddc74d8dd5211894e4932495167cd2699f765de73cd83e1a83b252ff5b932652b48cb893f28eacf09b50deb7f83a17908a4282b6473ee7547afd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\232225a5-d643-4d79-b646-bc78c3a9acdd\index-dir\the-real-index

MD5 258ceb63beec728b134ea88e66d1b13d
SHA1 fdc03a1dd49282f09656fb5ae39d20c2f7a00850
SHA256 98dc4b43d8dd4fe82df238bf8b624d9359a0eede585b6991c6364f226c7df40f
SHA512 bd987c8b42227c18f13cb6308d87963ab4f5c2be495d276783201df5a02e948277abba6d61ab3965e2a77daa2e352876ea58710974180d86511b3a4197e516cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\20a2e86f-ab71-4e22-90e8-18018fb14956.tmp

MD5 7ea2e3abb3be5c542e49609cf09f9a50
SHA1 22c878b88e8cf846f406c77538a5138b1e7c206c
SHA256 73e84fb26398c4ad25e8ae2d28fbd6e1a00dbb484da294a65f982d91b1b954e5
SHA512 1fc02eff1d92e894d9835c1dec313ec5783dc554a7cd557830bd6c55c7cdce717476ce9066ffac5a64d1c93a35b1413125d3ecafb325cab81fa4c3d55766f5cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 52366402144ba2205c68fc4c15eadc78
SHA1 974d40f7a221088bd85f71530ebe541ca8788776
SHA256 53b0d6c3668915010c9959eede392da7ed6653fb8e1cc18efa398168e13d3b5a
SHA512 c53998694ab84e678d5032653ded9c9fab93e6bd0dacceae6f908ae453036a1b994bcdf8ddc38c15797962b13059594b72f233a6d1ad11daa9e576b35f92ef84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cc2bd02ce032902dc6abdec92a3ed5fe
SHA1 1b364478081643b9662443f989e5b0e8a788eee7
SHA256 3d492fe641e578c4c681551d4e0c8e6f78011d3c7f051d35f31db0b1b3cbbbaa
SHA512 02120a557525da07aa42c90506f32a8afb5228c5312d7971a100d183cd3fb53c7575932cda682149a6ad659396f3dc2ff6d46a8ccd4aa16a2792489fccbbf847

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8de885c5bee77057b0d82bd15a47edef
SHA1 a58862f0c1f8cce06f9179432edf7b342ca1512c
SHA256 d4f75112ae7ee5f4b2abf07221aace66384aa755926e0a38607162bff9170868
SHA512 18cbde6834747ccdf770f60b1e82ca762f2660ba31e275ac75db64d20e7ecf78916c055e6c0009ca45cce8113380f311be76e672a384db5bcb41d621170d60f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\bc43784a-a31f-4a1f-bd66-164a6e942e6f\index-dir\the-real-index

MD5 1ebe0cc18c519dcc6740282572fd844e
SHA1 87589d5514f257245d319c94d50ecf7a122013d3
SHA256 60dfd2355cbd85b836affbe1ffa4936dacf9dce7ab9e6e9464b52363056769af
SHA512 ab5fa94bc17219288624ec5504c6e8cb34cfe4b330e564825864d5e0283169065bd238048da367533d2585f6b8693ed6f9a3c998f923d0b8956a2401739f90c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\bc43784a-a31f-4a1f-bd66-164a6e942e6f\index-dir\the-real-index~RFe59c0c6.TMP

MD5 0e9ebedbac9a45f9f11e0c021e522de1
SHA1 9077e82aa142f601d911e0b7b7f06b75c4096098
SHA256 5314f2e68ab560b0cee341e0c2f3e81ec46ceaface5538506c061bc014b56069
SHA512 dd315bba67d235d175acbae92b50a8eb719a64325def85f6a4313e2537d83707691369ab684226788ea6820d53bc299eb6355c5368a065b2b7c63d15f25a99c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 ca08583150e1dff7e3cd00a5e2a175f2
SHA1 85fc8978f34c8ff86de4617d7bfa638e2133b4e3
SHA256 9d776e4ddc648c310c02757ddaaffbc6e2256430d03de7af7997826ffa5af1ab
SHA512 d17b65b451e550897d75376f53ba543c67f4a11e935038408f608799212f5a245efe7678f17d4667645c3c68dbd81f32236c1a4a15de447cf7343cf9ce5299ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d10fb9384b01ab8232d9f6c140e84fa2
SHA1 63c302d8aa595cdfb948e50f0dc58e0018b34ebe
SHA256 192ce811b9bc48937de487cb8ea3dc738c047f67c9f8125ec439f112e14250a8
SHA512 2ffd8db23a3c155481537ed93f2ca05056be2779b3adb414ead2e0fc4e5fc7b3dfbc5a147e4300e6daf038ff1f6b861e9e064750fd79fdc22b2f78efae811d00