Malware Analysis Report

2024-12-08 01:25

Sample ID 231111-m2qskaeh59
Target NEAS.1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691.exe
SHA256 1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691

Threat Level: Known bad

The file NEAS.1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

Mystic

RedLine payload

Detect Mystic stealer payload

RedLine

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Detected potential entity reuse from brand paypal.

Program crash

Enumerates physical storage devices

Unsigned PE

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:57

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:57

Reported

2023-11-11 11:00

Platform

win10v2004-20231020-en

Max time kernel

165s

Max time network

171s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cd6Hf03.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3224 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cd6Hf03.exe
PID 3224 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cd6Hf03.exe
PID 3224 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cd6Hf03.exe
PID 1372 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cd6Hf03.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe
PID 1372 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cd6Hf03.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe
PID 1372 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cd6Hf03.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe
PID 3856 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe
PID 3856 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe
PID 3856 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe
PID 2816 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 3968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 3968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2312 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2312 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1020 wrote to memory of 1852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1020 wrote to memory of 1852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3780 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3780 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 3576 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 3576 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4iI1Vh7.exe
PID 3856 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4iI1Vh7.exe
PID 3856 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4iI1Vh7.exe
PID 3780 wrote to memory of 5652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3780 wrote to memory of 5652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3780 wrote to memory of 5652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3780 wrote to memory of 5652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3780 wrote to memory of 5652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3780 wrote to memory of 5652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3780 wrote to memory of 5652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3780 wrote to memory of 5652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3780 wrote to memory of 5652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3780 wrote to memory of 5652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3780 wrote to memory of 5652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3780 wrote to memory of 5652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.1208eb5fcec2b7c18202685bd7d17706583d6b207bc15242c316cb27a2de2691.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cd6Hf03.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cd6Hf03.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb5f3946f8,0x7ffb5f394708,0x7ffb5f394718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb5f3946f8,0x7ffb5f394708,0x7ffb5f394718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb5f3946f8,0x7ffb5f394708,0x7ffb5f394718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb5f3946f8,0x7ffb5f394708,0x7ffb5f394718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb5f3946f8,0x7ffb5f394708,0x7ffb5f394718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb5f3946f8,0x7ffb5f394708,0x7ffb5f394718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb5f3946f8,0x7ffb5f394708,0x7ffb5f394718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ffb5f3946f8,0x7ffb5f394708,0x7ffb5f394718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb5f3946f8,0x7ffb5f394708,0x7ffb5f394718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x108,0x16c,0x7ffb5f3946f8,0x7ffb5f394708,0x7ffb5f394718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4iI1Vh7.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4iI1Vh7.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,14378897470668052020,3534808751396034131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,15981997547994322990,15443154936210561532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,15981997547994322990,15443154936210561532,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,14378897470668052020,3534808751396034131,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8731643371654023221,12077587668189262511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8731643371654023221,12077587668189262511,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9030470507963666161,5239282974072212226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9030470507963666161,5239282974072212226,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,740409634866127650,8357806773477377704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,740409634866127650,8357806773477377704,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,15812456465817992284,18274437542104333282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,15812456465817992284,18274437542104333282,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5026043276315576270,14716954482769768055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,7631886468992480642,8920687353682765909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7631886468992480642,8920687353682765909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5026043276315576270,14716954482769768055,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11953622932798080498,6547950489089416690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5ER96UV.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5ER96UV.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 8496 -ip 8496

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6dB898.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6dB898.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,10933890476262571910,3785906454166098624,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8104 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 254.177.238.8.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 44.212.195.210:443 www.epicgames.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 210.195.212.44.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 104.244.42.193:443 twitter.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
NL 199.232.148.159:443 abs.twimg.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 t.co udp
US 93.184.220.70:443 pbs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 68.232.34.217:443 video.twimg.com tcp
US 104.244.42.5:443 t.co tcp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
NL 199.232.148.159:443 abs.twimg.com tcp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
NL 142.251.36.22:443 i.ytimg.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 22.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 254.21.238.8.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 facebook.com udp
NL 157.240.201.35:443 facebook.com tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 fbsbx.com udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 104.21.53.57:80 killredls.pw tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 104.21.53.57:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-5hne6nzd.googlevideo.com udp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
US 8.8.8.8:53 232.100.125.74.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 www.epicgames.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 198.111.78.13.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 198.111.78.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cd6Hf03.exe

MD5 6c14c8ad6401d6d2b727656307c6d4f6
SHA1 9ae1a5a7a6d56b0df078be3d42d5282dc1402aca
SHA256 e3bdf3b814f3f24781251aeec4bfbc83726df6c62c25be849247b39b962726d2
SHA512 f9eaacd3115a797be544d8944eec6cb02630a4356d9e96171132067be3f8a7be006202af47addf09b3b6ad5561e8f5dbec7c4a4af1694541542d08b3d36700a8

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cd6Hf03.exe

MD5 6c14c8ad6401d6d2b727656307c6d4f6
SHA1 9ae1a5a7a6d56b0df078be3d42d5282dc1402aca
SHA256 e3bdf3b814f3f24781251aeec4bfbc83726df6c62c25be849247b39b962726d2
SHA512 f9eaacd3115a797be544d8944eec6cb02630a4356d9e96171132067be3f8a7be006202af47addf09b3b6ad5561e8f5dbec7c4a4af1694541542d08b3d36700a8

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe

MD5 9dc946cc1bc690e537437aa6e7e98ba8
SHA1 66bd114f38993e4ff9bac5df29af3c6d17f33881
SHA256 ef7958bfaa89317f24325b42c1886a088213b3633ba252aa4f7fa2ae5f1358e7
SHA512 a16d92e246688c966559241679000b0ef41239538e422d57dea40a9d323b648c39dce9fc8c84e90604d77b7c4aaa74659e5659c600d9772397d86b291ce935aa

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kG6zO14.exe

MD5 9dc946cc1bc690e537437aa6e7e98ba8
SHA1 66bd114f38993e4ff9bac5df29af3c6d17f33881
SHA256 ef7958bfaa89317f24325b42c1886a088213b3633ba252aa4f7fa2ae5f1358e7
SHA512 a16d92e246688c966559241679000b0ef41239538e422d57dea40a9d323b648c39dce9fc8c84e90604d77b7c4aaa74659e5659c600d9772397d86b291ce935aa

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe

MD5 7c8267aaaecebdeddf348972fb4e2d6d
SHA1 5951e6248803b76b5292194bf0963a2b4c0a5736
SHA256 59770b4b8f0217f39b54211cb5fe95ded49a9b4236b37d42d88554789490bd74
SHA512 ef572779d8a78551c75ae2c1afdd25e3e42b503ea408c6e53e27340007192bade739566f155db8dfa81b527074427dcca8f18ac559bf36dc2ed7c7295d59ad93

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3gu979vu.exe

MD5 7c8267aaaecebdeddf348972fb4e2d6d
SHA1 5951e6248803b76b5292194bf0963a2b4c0a5736
SHA256 59770b4b8f0217f39b54211cb5fe95ded49a9b4236b37d42d88554789490bd74
SHA512 ef572779d8a78551c75ae2c1afdd25e3e42b503ea408c6e53e27340007192bade739566f155db8dfa81b527074427dcca8f18ac559bf36dc2ed7c7295d59ad93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4iI1Vh7.exe

MD5 579302d117dfd4a12703fee96c23da57
SHA1 6dccd322d6e01089683ae359d3d35d9fcdaca22f
SHA256 78dd0ec8b7be658a83a915b0eba9e3d625ac16c484cd01d76359980f3176350a
SHA512 03e8667fc3b2e98f7cb964d68956655010ba2a68c339e24fdaf379c67cd05d3b6085951a6e43db22f3b1bf8bc1635a218f7cb93db775ef0b9d5e85bf78a4431b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4iI1Vh7.exe

MD5 579302d117dfd4a12703fee96c23da57
SHA1 6dccd322d6e01089683ae359d3d35d9fcdaca22f
SHA256 78dd0ec8b7be658a83a915b0eba9e3d625ac16c484cd01d76359980f3176350a
SHA512 03e8667fc3b2e98f7cb964d68956655010ba2a68c339e24fdaf379c67cd05d3b6085951a6e43db22f3b1bf8bc1635a218f7cb93db775ef0b9d5e85bf78a4431b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_2312_DRAMGIGRZRNWPBEU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_1344_PUWMDCEWUYNJTHBG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1780_GVSWBSVRLOAGZMSZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1020_LWMAHOLVREDHTUKK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1544_PAEMBHUAFGFZFKXC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1832_GYKPIBYWGNWQFEZN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_3780_XGECQUQSTPBCXIVT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_5048_JFUYMWBAKMZDWKVJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4640_DAAVGXTQNXTUSAML

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ebe8fc46-9c9e-4399-b894-15eecd6422d8.tmp

MD5 9253d5ddd444757d221247f1702dda23
SHA1 3bc076cd6acc89ed18f2a95718e7a25f3f4a2a25
SHA256 9eafb4360c7d2b1b69900d128a5474689d02073d26e107d266f078f100a52b50
SHA512 ee3a29046340ecc0549d7b809f8669be54de26b0ab66d17c3a246a21db1ff0c6468208cc5336961ba4d4004bcb9254afd9e0400deeadfd5fcddc663d30930572

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\79d715b1-2b4a-45e1-ac36-89177f83f00c.tmp

MD5 bbea164e10b8265776c17ceebcd8ad4f
SHA1 346cb47c3eccf44feccd4b44c548aefeb6c958ee
SHA256 d88a2017a93e7812d354d2b344849ec416ed8b7bf748e853cd0a25e203dc2d37
SHA512 7b228ed467b79c19991c62acb7ef25af8e0f26bc8ea606fd257eacc92b79b6a3cf73a256688f78b2b41982e1c946a097f77c9219ca3335cf8f6f47767b725b3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 998e9a95886cf9a57fb0a4f61396440f
SHA1 b0463fc608b6285008a8216f2aaf9610fd6ea794
SHA256 7286d15ff1d57a596551c006fb834ef4279bc0054cee3c8c8cf3a648e8977b80
SHA512 8faa8a94f7e8fe2f4a6fe80e86cc9cc7a3c62ed693bef50e122818ba2c0f41a1114dad70dfcd671f4141f591b6ef9bc43655f3fdb8ef9e21e7489e479fe82b69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ce06e619-6bae-4a62-98ac-0b68618fbdd4.tmp

MD5 7aa0fcf029bb0cefc028987f51d4a4e1
SHA1 bd25e47cc612f6e0af9d6c0a957a4d1f34086b7b
SHA256 08c26d79437c5a11f824844dcebc849c4a55477a03a52dbe2d1a467fe68d9a33
SHA512 2dd4158beb73f881fe3179e693f54af182da23ecf6da1d216b39c969ad6c34a02a0bda95dad21b48df6e8ce67c6980e25c381bec684a6319ca0f5125767e78bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0f5d5aad-1c9d-4788-863f-308be3655f92.tmp

MD5 c3f811ac76022f0bc9bb51d5496ec5f4
SHA1 57b814c88cb348a5bf1d697178f87fb8271e0fb7
SHA256 85b5bf7a70eaca7d669546d75332ff01b26004c3727471ea350eefbfe3736b43
SHA512 fb856745eaba3685b7d20d88bed9547a726745dd2940f37fbdfd289b77827fcee5533b85965daa89c7d3e21845525954976a0308cb85ee0832d9666c504a0982

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f27495d955057ca33f430176335e1cee
SHA1 b137c4c2174ff948cd2d076fc15dc769e6066a1b
SHA256 bc96c344d2ad84c64544812de6be73e0c49f09252903488eecac0f282f60ac71
SHA512 3d4570379d9b00ff02a8940b4880cc58f078408e2662e24c86059017124394e00fa85a132ff46261285f97f4f873ae42d08cf1164e4e41eb7996d9849ae66279

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 998e9a95886cf9a57fb0a4f61396440f
SHA1 b0463fc608b6285008a8216f2aaf9610fd6ea794
SHA256 7286d15ff1d57a596551c006fb834ef4279bc0054cee3c8c8cf3a648e8977b80
SHA512 8faa8a94f7e8fe2f4a6fe80e86cc9cc7a3c62ed693bef50e122818ba2c0f41a1114dad70dfcd671f4141f591b6ef9bc43655f3fdb8ef9e21e7489e479fe82b69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\335b1b33-2659-4faf-9182-a1dded4ad471.tmp

MD5 78fd07c439e540632eef28b62a6e0883
SHA1 72d70fd204646cb36ec7be1f0b24406afc8c894b
SHA256 64dbb3431c1d58b756c10f91fe7ad1d2268e4717c7c7f56ad37a1d0f04a76e9c
SHA512 21f0dea7ca8f309da327841bafba2b3fced568736fe2cd0e7a9f21e1aa7a3f1a45c523b02aa9fb0006c9c50ef9d2f1372477c02745e6e8b21af6e13d9e4505a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d07494402838ab5b548f476b6f615b34
SHA1 b3028e6ccf71a2d27585dc8fa7267ad3126ad721
SHA256 0f74d0f649e087c1010de40372c20a11f0dc76d86677b99217ebe206dcd3fd51
SHA512 cc8c00cad8602d644649bc8e510228bab7e92fdd7805a2692b04c4f066df4f455b684ad229e6b08a44600e6d4b4eb12458347d1f4ec1dd3f2fea4ed266a226b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9253d5ddd444757d221247f1702dda23
SHA1 3bc076cd6acc89ed18f2a95718e7a25f3f4a2a25
SHA256 9eafb4360c7d2b1b69900d128a5474689d02073d26e107d266f078f100a52b50
SHA512 ee3a29046340ecc0549d7b809f8669be54de26b0ab66d17c3a246a21db1ff0c6468208cc5336961ba4d4004bcb9254afd9e0400deeadfd5fcddc663d30930572

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bbea164e10b8265776c17ceebcd8ad4f
SHA1 346cb47c3eccf44feccd4b44c548aefeb6c958ee
SHA256 d88a2017a93e7812d354d2b344849ec416ed8b7bf748e853cd0a25e203dc2d37
SHA512 7b228ed467b79c19991c62acb7ef25af8e0f26bc8ea606fd257eacc92b79b6a3cf73a256688f78b2b41982e1c946a097f77c9219ca3335cf8f6f47767b725b3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f27495d955057ca33f430176335e1cee
SHA1 b137c4c2174ff948cd2d076fc15dc769e6066a1b
SHA256 bc96c344d2ad84c64544812de6be73e0c49f09252903488eecac0f282f60ac71
SHA512 3d4570379d9b00ff02a8940b4880cc58f078408e2662e24c86059017124394e00fa85a132ff46261285f97f4f873ae42d08cf1164e4e41eb7996d9849ae66279

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 78fd07c439e540632eef28b62a6e0883
SHA1 72d70fd204646cb36ec7be1f0b24406afc8c894b
SHA256 64dbb3431c1d58b756c10f91fe7ad1d2268e4717c7c7f56ad37a1d0f04a76e9c
SHA512 21f0dea7ca8f309da327841bafba2b3fced568736fe2cd0e7a9f21e1aa7a3f1a45c523b02aa9fb0006c9c50ef9d2f1372477c02745e6e8b21af6e13d9e4505a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c3f811ac76022f0bc9bb51d5496ec5f4
SHA1 57b814c88cb348a5bf1d697178f87fb8271e0fb7
SHA256 85b5bf7a70eaca7d669546d75332ff01b26004c3727471ea350eefbfe3736b43
SHA512 fb856745eaba3685b7d20d88bed9547a726745dd2940f37fbdfd289b77827fcee5533b85965daa89c7d3e21845525954976a0308cb85ee0832d9666c504a0982

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2d5008e0-ed8b-4e79-9b4a-496e8d7a9a85.tmp

MD5 74df0c1b63ea30efd63e54c1025f3dbb
SHA1 b99f842b9b5ea20744e72d292d0b8c12f600ed0f
SHA256 33067ec3006a56b9d1d59bc1f3945215b6897335e163be83e77d0aa3151ddbac
SHA512 8280544dd0bfd4ddebc211e3d0039b5da198c433b64240922fdcd3eca47bce489e12af385483dcac62f43fff49f7fd255c4081084dfc6b3d9845c7e360c04d08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7aa0fcf029bb0cefc028987f51d4a4e1
SHA1 bd25e47cc612f6e0af9d6c0a957a4d1f34086b7b
SHA256 08c26d79437c5a11f824844dcebc849c4a55477a03a52dbe2d1a467fe68d9a33
SHA512 2dd4158beb73f881fe3179e693f54af182da23ecf6da1d216b39c969ad6c34a02a0bda95dad21b48df6e8ce67c6980e25c381bec684a6319ca0f5125767e78bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 78fd07c439e540632eef28b62a6e0883
SHA1 72d70fd204646cb36ec7be1f0b24406afc8c894b
SHA256 64dbb3431c1d58b756c10f91fe7ad1d2268e4717c7c7f56ad37a1d0f04a76e9c
SHA512 21f0dea7ca8f309da327841bafba2b3fced568736fe2cd0e7a9f21e1aa7a3f1a45c523b02aa9fb0006c9c50ef9d2f1372477c02745e6e8b21af6e13d9e4505a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 74df0c1b63ea30efd63e54c1025f3dbb
SHA1 b99f842b9b5ea20744e72d292d0b8c12f600ed0f
SHA256 33067ec3006a56b9d1d59bc1f3945215b6897335e163be83e77d0aa3151ddbac
SHA512 8280544dd0bfd4ddebc211e3d0039b5da198c433b64240922fdcd3eca47bce489e12af385483dcac62f43fff49f7fd255c4081084dfc6b3d9845c7e360c04d08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a6eac260-f561-4d9a-9fe6-cef0448d92e2.tmp

MD5 d07494402838ab5b548f476b6f615b34
SHA1 b3028e6ccf71a2d27585dc8fa7267ad3126ad721
SHA256 0f74d0f649e087c1010de40372c20a11f0dc76d86677b99217ebe206dcd3fd51
SHA512 cc8c00cad8602d644649bc8e510228bab7e92fdd7805a2692b04c4f066df4f455b684ad229e6b08a44600e6d4b4eb12458347d1f4ec1dd3f2fea4ed266a226b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9b82105d81831dcf6afa96a72a7d2bd6
SHA1 730b6fc41cffb31c9f3bfd0b6f1f81b38dfa4cdb
SHA256 d21c893abc38c9d8ae2cfe39432b77c5f42a20de86a4fddd541b141f00ef802d
SHA512 a7eb5619603828c5753387af4c32d890b92d3b37c3b4ff616c13c3a1679f7b46d60fa4fcd015c7453c1bb4c5e37d47db23bbf0a4b1562b5fded00c87173167bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3f101d112b02cda25bb21fff66f18dfd
SHA1 7685f6a3f143274740ae16aeee9e70e84625e889
SHA256 160116291054ee4d20277ded7f263e78af8279dd424277ffbfe9b5e55658d1a6
SHA512 f2f4d4d6f876e9a7c897ad1f7623580e2522b1b3ca342c42572fcd6e8f230a64e14404eac04ec88453eab00b41e07806cd087dec6ca51980a17561e6d28f8ab4

memory/8496-372-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8496-373-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8496-375-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8496-377-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bed76665bee9f64d0237766900aa3113
SHA1 e8066e10293b854a9172aa0a61e9372ff254c945
SHA256 b5256dc7df051a5cff254d11e2ac2b1f0d3fd09c3428fd62ea5bf577a75f4d8c
SHA512 d9146768b6f48d63ee202dbd02514b766abe5450eeff77014d6d2cd33a7df61e3bc19bf70a0a56b820221c12cd0a9a19b50e1a01c1f9bb41930cc29028846292

memory/8388-430-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 14f1cf86c66d804c84b23b595111ea69
SHA1 5d4169b70cfd9a18c285f701e892357ffa9958d6
SHA256 0294485312fe859d4a94350edc702e58dd7325e41167c24ffe29b17963f92f87
SHA512 f036b20f3b0b5b646d49bdd9662346b61997ceb894ed676424963c5315f78212a29e1e7bd6f6abb3bc7d80984bb6b15bb49af731ce651f07a7f12801b43a986c

memory/8388-547-0x0000000073EF0000-0x00000000746A0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b4b1d88094ec2c94dc4bcb50139c1123
SHA1 e26af4185d0ae962b4d408100bd1d213eef481fa
SHA256 d2ba5f4fbd8c699b51c6b3670c8f07496d8ab450ca4942f9c3e4747386764d55
SHA512 95e6603d91abc64abdd52df689d6b7daca0346b255bfad592bb087fc4345d06e8d6782761869c5084834e299908ad24490c9f59829c1ce18e710fd64de3cccb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587ff9.TMP

MD5 0a1d8a9d75133d53625444db0c4cc63c
SHA1 c1a16107b17c3876e88c69f79317777842ce3f23
SHA256 738b20dbd92bcedf67f07da0bfc8453f4e137431f0f3435f871f0a85c0bf78b1
SHA512 166c0ac562c1c4788a70a026c74bd039dbffa59d639d11cf389782b29209db5cc887ff91d2e7803cfa071d559af145881ad7f07b883bc1918f95f5bc65f8e609

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/8000-578-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8000-579-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8000-580-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8000-582-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c69458ba9bbcb5d18b09856d8c96d77a
SHA1 2ba6c2e1fb5d12910b9285b6fdb673de7368d1a5
SHA256 e013de293afd4659133e47d5f74aebb65038497b8abf7bd3564ad197677b67e5
SHA512 3159f70c34ef29e7f494f0565d1b540270bb3d0abdaa2946cf3c63a3a912b7058d6577cfbb66fde8ee5d5e6f3cd8840da476d3a6025106966f5fa731ef2ee7a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/8388-697-0x0000000007990000-0x0000000007F34000-memory.dmp

memory/8388-713-0x00000000074C0000-0x0000000007552000-memory.dmp

memory/8388-734-0x0000000007630000-0x0000000007640000-memory.dmp

memory/8388-756-0x00000000075B0000-0x00000000075BA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 08453e94d2d973042aeaa5e240c0e897
SHA1 895f3259a11afc4d4f8c284dd208dfdc60c79d1f
SHA256 04a12dc0520068e76f122ef664388184e2ba08e611ed551ddcdb32412c5c40b8
SHA512 bebbccce4baa541315b44e4042c6eed9be1bdaa7c7ac44d1e5bde75a1eb8d63dd818d3f6183142460ec394ec91873fd1dc6144446fc39a49c98d1027d0fa0101

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe58bac0.TMP

MD5 02df0f14aad51d4a7562cadd44ecf64e
SHA1 23f21b208c138d954bfde3e081a7a0a472e50275
SHA256 3a1d4f5b78bd4ec1029cd68177d06db64b50ebf895898bf57aa535e8b922113c
SHA512 f3446fe6f34999c4c7568319f20af1103b888bb4f6f8dc58ccf42920d2e08f9ab64d3e4d61354b0613ca571fdc355097839bf5995f25550bceb650fc08853538

memory/8388-803-0x0000000008560000-0x0000000008B78000-memory.dmp

memory/8388-804-0x0000000007F40000-0x000000000804A000-memory.dmp

memory/8388-805-0x0000000007780000-0x0000000007792000-memory.dmp

memory/8388-806-0x0000000007800000-0x000000000783C000-memory.dmp

memory/8388-812-0x0000000007840000-0x000000000788C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3f78052943352f5e8cdcdf5db9d2fda4
SHA1 0055be85af6e56d94f54d11551c2aae5d289d510
SHA256 ca8cf0665731f86f629d8a29ca75c9033ab7777c4d2c5c25c8556586b9761f55
SHA512 f765866ea69b8734876e44f0fdc18d8f2f13f67f39a38ade5efd7c7c3a66c6b58748ac8b7a7ba9bd28eff5628fb37ebfbf596f1493146d550f471f8a21b55fa1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f5ac66e9a646e01427b8b1c78722b8ab
SHA1 49cb8eafc8e12e4f3c7bc891e05108e9ab73eb3a
SHA256 3660bfff9feada50fd841ac7cfff30059f4d3cd8c0a5c3694d85bab39d05b848
SHA512 dc7c7a1b05c5c084c7e4b8791ce186f56e90aeff6d47ea8c755f5497e456eaf78afa8160ed851af77135ea41495f7979cd2c664e6084f7a39308b66a422c3e2b

memory/8388-917-0x0000000073EF0000-0x00000000746A0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

memory/8388-1026-0x0000000007630000-0x0000000007640000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\6e9d5ecf-5b92-4c1a-b84d-418c3edffc42\index-dir\the-real-index

MD5 00ebba017b3492fd0776b401211aa064
SHA1 152c034b297654816affc2c75b296f38a81f58a9
SHA256 7b1c2e2ac27137b7b178aa485d5f69861104ca6a71305a0edc82fa0fce08fb67
SHA512 3f99c396dc102924a61c088725b3d6f22ef660b75c484573e25eb1712d3e68d19d9a90a48bc1a15f9dab2ecc19c7103d18c86f7883be1e247388506473683a9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ee51e35246693ee8d5e8611c39fc45f9
SHA1 38a26647e30b1396a268190fce93549a2c7611dd
SHA256 cc8de884260c1e871c3ca68da6c4db96fd83d1099a7c0445145e9ee072240eda
SHA512 5b56f849ee1ba432f8289e3528f3f710177ddd9a7e0a45ecc6fe9f3f0e91d001a6cb3b0aa563295f102f1423919589adb4b2e3ac1705983365e5e85d01562998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5918ce.TMP

MD5 023b441fdf475e5978e943bdc68ddb5e
SHA1 8d797a8d8d350f15767f5adde6cfec1bf46d8c0c
SHA256 9d406cb5f517432ecbc6639f810e6799234f73ad4a7c540af07858e40b37f0bb
SHA512 1c724112940cdced74e7852ca2972c4ed230a694901f8b3f9fed2c81beb1c30663d76930faf06d0ca4578c63c3a9fdc4c7510147d58f5bfad951d5929472d51e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\6e9d5ecf-5b92-4c1a-b84d-418c3edffc42\index-dir\the-real-index

MD5 706875c03b4bfa1de676b14b18fbe5e8
SHA1 aeb3479128b3d42f7ce7c4604a2fad8120caac0a
SHA256 a5919b6ffab4a738f851637236e13a0c44702b95e05a9f6643d09bd07f1929ff
SHA512 fa0ef7e6913c867bc42cb70ba0c14075fb8e9af58b020c875139910c0ccaf15004bde5f4bf53c5a98d80882ba08b11161c22659c4a27246bd51011e6b4a27c43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 954d50b2bbae5cd47e440bb13e0ca513
SHA1 0148398ef378e913aa93fa4d3242d37fddf12338
SHA256 078433edd1c633e63de9866590a44925db92c46d6f76ecf2f138d652c73d0421
SHA512 bd7969439aa471560b22c20ac8a97415a81b95a22b32208c7f81730ac9d78fcba38c41bba6f18f7dcc7879193c34ac1cb35918e9febec52d81fec52d971487f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\21197596-9779-4bb0-8fb0-4d4a6763d312\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a4836356c1b2c4dbed7efe7701780ff
SHA1 9f53de582a7552de72eb252891e424f47eb3b725
SHA256 277c72b5d34e128fb280c443276cff8635b8c1412d795487f727797815f24edc
SHA512 440f3c64cde90a1eb6e97e6f35cb9ec1c2a820aaf8e6c58c886f7cc69d05dd4d4939b64ebe3154d91a272be05d170b93ccd27cbdce59c40545665366005b411b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0a4422e26dfae3cfcd606db5435dfd60
SHA1 79aefef3e98311e92d8c1297e8a3b815d6fd3745
SHA256 a95edbe611b316bfd51701432d4d3e4d841b4affe92dae66b4465b9a9f1641db
SHA512 7ab238a565a402bbc2843b12e73b1834bdc1ad6b3f097cdcad561ad0f34a07ebfd0c287decbc41fe9deb307758c3a77d3d88e1a23a7ed205f3bec7f0d8f690bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6343736b5f1edd92e2080dece25f8611
SHA1 9b22915df82d7162fad1c0ab90c28f47c6231da0
SHA256 0aa10b3e8dc9497e458660b2fa70c7d5fa68e6c8f661551f01175d7bdad27d21
SHA512 3122c2f12d01ba61c8d3812167c9ca3f8c54bddb8172415ebd99ca444bb0253ab161c59a105a732092fb3ef435c1ab38b059eefacbb41655efb65bef00fb0058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe596865.TMP

MD5 f9c8ce9c6931dc75de7c4b6943cd8ce7
SHA1 f11ac4ec5da6afaad8fc3bad71e1dbee2758a9e8
SHA256 76d1722fe9a26deeaf72cc373998009b0ba971353a9993be29b26acab27d1823
SHA512 a449cdcd6311126eab1bc67f84bedfdacea931159477021ccef1e91ada5e09a0158b47869a11dad908eec3b9cf0de7ae3c1bdf197fce451e5f5b14a1ebe63068

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ee87b436b5ea6325139133ab88a35f9a
SHA1 788ed29b8d9100cb54433f4bb0461274ec336c1a
SHA256 7b4ac5c8078f688e34393e0d99393d764ee89d74e6087b18a78f96e1bac9842a
SHA512 54fbd995aad04a5073f3c1675dd358618ce83defe9765f6ff0d6940ef577904568588ea2c99a879e23028068655d02cb7b6e017f0b2213ea0a3022e43a9aba42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 0b88f25e065b81173406a9383170a896
SHA1 33af9e67b744d85b1c3bc1c1e5ee6f73d1ff4a61
SHA256 139b6b67f3a721390a7fdd7319a9bdf047794dcc965d5183caec4fa2b9d2ca10
SHA512 e8219d0a4a70df99c0ce4c6e5140348b7c95aaa081c157ae7446055fa4aa6404bc8634b5ab6cbeb1ac4e79618ba9f27af16e4b13ab76a3f5cc016142968d7c9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a34d0884-420f-4c19-84d4-b4ef68ff1014\index-dir\the-real-index

MD5 38a72b061683280818fece5f3eb8858e
SHA1 6e50a4afca2e3d65166ef80a6e5b6c67739d490f
SHA256 a817acfa9ef58225496a1a885496c623f300c0818fb3236ff6cfbad87cbdc3f8
SHA512 db63fae6680c5a0749fcb63bd4e383225dd3474038e4f312879181d322f34b21980ff80f41c8f77bfd9a574de29034479f878876a2e31ddf17658197dadf457f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 10d65d648dcc859d76f0b624bef32c6e
SHA1 1ff84c470e948b91d0bfa18811207066f2be9eea
SHA256 e0b9c5a761212b8b014f5bcf19f89656bcac43720585e6a058d16f9292f6ea3f
SHA512 1c611615d17d3135772718599b04435efbc13a0a80820f794c49213529b05d5ef87ad04ac6a903eab8987ac09d40e5ab734775a3ef6b1bf5de1bce2c1d094096

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dbe4454e263b6b28ca06dacf6c61f3c0
SHA1 2532f4acba3703efc6078932d8d47acfde3f2de9
SHA256 95abaedb74aa810f4b00bca3ada34c7499a1895731661a523cf7775a65feee46
SHA512 4660465eba2c71592cc17d011a440f37944264a5336b5463654e9989f15375d1699030ffb8bff3ee71fa3b5b5c45f9c95ea0578844a2bca75b2fdb533449b3fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d20842a6cd4fa5896617868b6cb3a2a0
SHA1 3741aace4411699c1afbb237b1d8225b1c0ab9cf
SHA256 9eb1eb9a121499152df441fd9170c0b76e89b4c9857eacd3411cb2b0e3c02a00
SHA512 c751dc451b9c57d918466b83661f62910749133a65a8cce694a98fb379b20e6e704191c8f4d039b102c15d0233dc583a7f4a50c1926ba02606741759e3e73284

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae8bd712315144b95b6797258dd93b2f
SHA1 2a139fcf712dba5631890a62e368a839053ae547
SHA256 7dbfbb3b7b91aef055eb6317681eb8afbc4d7b403ceac60875e329a880fdfad5
SHA512 f45c9de6d34ce2457518a9c63a3b4a97dc43ddc4e5d520b172eaffa9ad7733b430d0abddd05fa625d89279d9e0cf685946a940f1a1af2e76110a305efe29168a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 69c0bb0131acb2fdc26984567c86cf4e
SHA1 e6e619e3440c4e82a215e474128c6ebd24899134
SHA256 f866e4da774ca0f5e14a2561165431ba2ce5434fc78f106ef8eae29acbc0239e
SHA512 4ba0a80b92670fbbd52a067f39d84025e4cf07a3d0f73098f504274c67bfbdaec5b17a9f23c9f8b3c0de7bde82a9657ad518eb5e6e4c48eaaa1aebca1777fba4