Malware Analysis Report

2024-12-08 01:23

Sample ID 231111-mekb9sed35
Target 6f5029869984f774932ee5eec105cec8daeeb1f5c6411a8089c8dcb0e9ab7747
SHA256 6f5029869984f774932ee5eec105cec8daeeb1f5c6411a8089c8dcb0e9ab7747
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6f5029869984f774932ee5eec105cec8daeeb1f5c6411a8089c8dcb0e9ab7747

Threat Level: Known bad

The file 6f5029869984f774932ee5eec105cec8daeeb1f5c6411a8089c8dcb0e9ab7747 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

Mystic

Detect Mystic stealer payload

RedLine payload

RedLine

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:22

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:22

Reported

2023-11-11 10:25

Platform

win10v2004-20231020-en

Max time kernel

135s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6f5029869984f774932ee5eec105cec8daeeb1f5c6411a8089c8dcb0e9ab7747.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\6f5029869984f774932ee5eec105cec8daeeb1f5c6411a8089c8dcb0e9ab7747.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4244 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\6f5029869984f774932ee5eec105cec8daeeb1f5c6411a8089c8dcb0e9ab7747.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe
PID 4244 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\6f5029869984f774932ee5eec105cec8daeeb1f5c6411a8089c8dcb0e9ab7747.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe
PID 4244 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\6f5029869984f774932ee5eec105cec8daeeb1f5c6411a8089c8dcb0e9ab7747.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe
PID 3184 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe
PID 3184 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe
PID 3184 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe
PID 3564 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe
PID 3564 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe
PID 3564 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe
PID 4288 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 2808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 2808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1672 wrote to memory of 492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1672 wrote to memory of 492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 4368 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 4368 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4580 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4580 wrote to memory of 3808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1040 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4288 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1568 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6f5029869984f774932ee5eec105cec8daeeb1f5c6411a8089c8dcb0e9ab7747.exe

"C:\Users\Admin\AppData\Local\Temp\6f5029869984f774932ee5eec105cec8daeeb1f5c6411a8089c8dcb0e9ab7747.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffac52b46f8,0x7ffac52b4708,0x7ffac52b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ffac52b46f8,0x7ffac52b4708,0x7ffac52b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffac52b46f8,0x7ffac52b4708,0x7ffac52b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffac52b46f8,0x7ffac52b4708,0x7ffac52b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffac52b46f8,0x7ffac52b4708,0x7ffac52b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffac52b46f8,0x7ffac52b4708,0x7ffac52b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffac52b46f8,0x7ffac52b4708,0x7ffac52b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffac52b46f8,0x7ffac52b4708,0x7ffac52b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffac52b46f8,0x7ffac52b4708,0x7ffac52b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9825505888670219495,15684199987457380685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9825505888670219495,15684199987457380685,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffac52b46f8,0x7ffac52b4708,0x7ffac52b4718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1796,17275533051176971698,960694192243487219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1796,17275533051176971698,960694192243487219,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,7629678750511171295,11816150116484680554,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,7629678750511171295,11816150116484680554,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,5749595084151847093,8734088607721055637,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5749595084151847093,8734088607721055637,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4FB3AO4.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4FB3AO4.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,15700031860129840572,11261544242419154123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,15685361567187197281,16867050320522864646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1421174090696071586,2748660591752189757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3738378763843155397,16463158777962674722,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3738378763843155397,16463158777962674722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4724 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4ec 0x3d0

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 7804 -ip 7804

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5ep35OE.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5ep35OE.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9092 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9092 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6rW887.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6rW887.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15142015271788940204,6756149690844450917,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1364 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.paypal.com udp
US 52.3.21.238:443 www.epicgames.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 238.21.3.52.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
NL 142.250.179.182:443 i.ytimg.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 i3.ytimg.com udp
GB 216.58.208.110:443 i3.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.39.106:443 jnn-pa.googleapis.com tcp
NL 142.251.36.6:443 static.doubleclick.net tcp
NL 142.251.39.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 youtube.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 216.58.214.14:443 youtube.com tcp
NL 23.72.252.163:80 apps.identrust.com tcp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 192.229.233.50:443 pbs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 192.229.220.133:443 video.twimg.com tcp
US 104.244.42.5:443 t.co tcp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-5hne6n6e.googlevideo.com udp
NL 172.217.132.231:443 rr2---sn-5hne6n6e.googlevideo.com tcp
NL 172.217.132.231:443 rr2---sn-5hne6n6e.googlevideo.com tcp
NL 172.217.132.231:443 rr2---sn-5hne6n6e.googlevideo.com udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 231.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
NL 23.72.252.171:443 apps.identrust.com tcp
NL 23.72.252.171:443 apps.identrust.com tcp
NL 23.72.252.171:443 apps.identrust.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 104.244.42.194:443 api.twitter.com tcp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 sentry.io udp
US 172.67.209.38:80 killredls.pw tcp
US 35.186.247.156:443 sentry.io tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 api.hcaptcha.com udp
NL 142.250.179.182:443 i.ytimg.com udp
US 8.8.8.8:53 rr2---sn-5hne6nsk.googlevideo.com udp
NL 172.217.132.39:443 rr2---sn-5hne6nsk.googlevideo.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 39.132.217.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
NL 172.217.132.231:443 rr2---sn-5hne6n6e.googlevideo.com udp
NL 142.250.179.141:443 accounts.google.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 254.7.248.8.in-addr.arpa udp
NL 172.217.132.39:443 rr2---sn-5hne6nsk.googlevideo.com udp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe

MD5 c3cae981698ca72e7dc12eb19510d3e0
SHA1 df3435edee3e2c5af567efde58bc7f741059df53
SHA256 2e8cfeb7beb991d986bebc7eb5f0d5605fbf6fed8bfbd6a8dc3be4b0982f2197
SHA512 e693f1ac184bdaa43815cafe9635165dbdeece8226c7025426671fab99ed863fc9f920d18aa0310f1f8becf9a8cb98e3aa4ad3247ba4f9c665bd37151fb13ecb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SI1mP78.exe

MD5 c3cae981698ca72e7dc12eb19510d3e0
SHA1 df3435edee3e2c5af567efde58bc7f741059df53
SHA256 2e8cfeb7beb991d986bebc7eb5f0d5605fbf6fed8bfbd6a8dc3be4b0982f2197
SHA512 e693f1ac184bdaa43815cafe9635165dbdeece8226c7025426671fab99ed863fc9f920d18aa0310f1f8becf9a8cb98e3aa4ad3247ba4f9c665bd37151fb13ecb

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe

MD5 32dce182412855c8ec365681dfa0031f
SHA1 a4e9646135d5e23d264a2494688efd7a4682063c
SHA256 0050a09abc512245e5a350322d315181709ec311b385fd47564845e75193df29
SHA512 a29fca2c9b9f77d5a27fc7554e35283fc59ccfb3d05ba64bfcd2b9cf7714404a866777b101de5ab8485956b0d4765971bd6c5cd4bf369bc805c82f6ef926c6f5

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lv4BV41.exe

MD5 32dce182412855c8ec365681dfa0031f
SHA1 a4e9646135d5e23d264a2494688efd7a4682063c
SHA256 0050a09abc512245e5a350322d315181709ec311b385fd47564845e75193df29
SHA512 a29fca2c9b9f77d5a27fc7554e35283fc59ccfb3d05ba64bfcd2b9cf7714404a866777b101de5ab8485956b0d4765971bd6c5cd4bf369bc805c82f6ef926c6f5

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe

MD5 4278f00a606bbe96b657c0fe08832c67
SHA1 799bd18af64bc730d9c28539e72c4006958316aa
SHA256 d267adbd29d335e178dd8eec1855f2e3b8636711f56ed8fd957a7fba5fc2630a
SHA512 ddfb5cc0ac744ca8e32578958edb9aecdb99325e0a91deedb1cde892f7ad12807c76a5acb2a2180af0c7382107520dadc118e8cdb6749db797420a43f69a9944

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3LI851YN.exe

MD5 4278f00a606bbe96b657c0fe08832c67
SHA1 799bd18af64bc730d9c28539e72c4006958316aa
SHA256 d267adbd29d335e178dd8eec1855f2e3b8636711f56ed8fd957a7fba5fc2630a
SHA512 ddfb5cc0ac744ca8e32578958edb9aecdb99325e0a91deedb1cde892f7ad12807c76a5acb2a2180af0c7382107520dadc118e8cdb6749db797420a43f69a9944

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_1568_SQZXXTVOBTLNVVMR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_1672_NWNZNDZKGOGHNZSY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4580_NFSXKHIDSYACMSZD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_464_KOGBQLHTPPYETHZK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3492_AQXOGESPIBLVYSRO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b8751774cc1816231903bb38f463d118
SHA1 bab5a59302f8e291430ea47be285f271f2e37304
SHA256 f401ae3cfd1932517d6f81d7fd6f41612c70a72d59ae4018416ef945059de6da
SHA512 5ad067b81fc576bcf2c61545911ad5d94c04ada43c6e53b1c6db3cfe077fde8f9a1af7c64d00dded3526bd6625e91244a847c6ccc1300481a0cf72b6fd89da0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3692032fdb8a9c8916794693bb0edaab
SHA1 8c5fe9026ebcd90ec761e168e098064f4c87f77d
SHA256 7fb74bd1555deb02f93286348fdbcb0362b69b0fbdfac769d4fbf2eec5058716
SHA512 51f7d73df6ceb0c3f7dd8ec2c7ff9272f3a527959d48dc7321f87afaad1ac200c06472fd29a8ff08e7bc44cda28bd6ccc79e8c450460059bcd1001230720146b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d144a2afb39cc4c57d23b4fba9c2c759
SHA1 12c4f9c1377894b975b1c1ed6744b077d0cca941
SHA256 69213fa371a1da7f2063ccaa209ed52de3eac38a396c1a091706fbc1870ba8a8
SHA512 21a18907683555e1a912a63028bad145488aeaab242b7aba4b8bd2ecf7b4b89be4b7172c84b382ec15b89717d1773f0c139dae4b8a4f4e6cefb67a5550242620

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3692032fdb8a9c8916794693bb0edaab
SHA1 8c5fe9026ebcd90ec761e168e098064f4c87f77d
SHA256 7fb74bd1555deb02f93286348fdbcb0362b69b0fbdfac769d4fbf2eec5058716
SHA512 51f7d73df6ceb0c3f7dd8ec2c7ff9272f3a527959d48dc7321f87afaad1ac200c06472fd29a8ff08e7bc44cda28bd6ccc79e8c450460059bcd1001230720146b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2a5352f369da1b760c6df7373797fcde
SHA1 9dd153f90a3ad7b7a79d7dda769000c9484f98a0
SHA256 f461a1025e5991d0cfe6c87cb4760073e12f27e08825e96547c6a1abd7c71ee1
SHA512 5be02ad27e6844146ddbf11e6c4761842957a466ab7a084317b21dd3ae082550add00da054eda2e03a2dfa279ee0915d50de1c9a57e30b9f77c6497a694fd87e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9f732011c5cc08d9241dc896d618009e
SHA1 b2878ff4dd912e35fd08d112b1ee6bb35099a25b
SHA256 9813783ab9f0aba6d611ee554cb87d4f801b09d6ec1fb90c626c1b746a20b420
SHA512 ff52f1ed97b6ab72f95ffc199585857289a5765f49e99182a83ba8dd6c1d3e3b207a65238b66b047535c5cab26ef16324ea9d893f233c6911e90b2a818a3ff98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4FB3AO4.exe

MD5 c2ebcf8610690c5bd9af9694d317d6d0
SHA1 f4f27f46421bba81242c2b88453cf91c60d92cb3
SHA256 d889d484a3840a7eb92f3147edc2b655e39d0f4b8aeb2faf418f86bdc986deb4
SHA512 7aeebded40804c68889d19319a56edb710e976d7f2b48484693db321681d19f7f4c3356948810089390592ec4c88355940b2a2a46b3bd9d6be2c0243c7f2a6e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9f732011c5cc08d9241dc896d618009e
SHA1 b2878ff4dd912e35fd08d112b1ee6bb35099a25b
SHA256 9813783ab9f0aba6d611ee554cb87d4f801b09d6ec1fb90c626c1b746a20b420
SHA512 ff52f1ed97b6ab72f95ffc199585857289a5765f49e99182a83ba8dd6c1d3e3b207a65238b66b047535c5cab26ef16324ea9d893f233c6911e90b2a818a3ff98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a42e136231228070ef5e9d86fcca7297
SHA1 acd6701bb34b7364429e839f5f53fa8108ed1678
SHA256 7eee7a74ad577637c144634be0707608433a36700d5cbd392f08f224c9566f3d
SHA512 b1d7fd1e327fe88a39eac9a11c9bce39de213c2805166fd709ee0f7c3af56732a038ec3b86a7be66beefd279be3332d823041547a77fc3ea00757d638c198f05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a42e136231228070ef5e9d86fcca7297
SHA1 acd6701bb34b7364429e839f5f53fa8108ed1678
SHA256 7eee7a74ad577637c144634be0707608433a36700d5cbd392f08f224c9566f3d
SHA512 b1d7fd1e327fe88a39eac9a11c9bce39de213c2805166fd709ee0f7c3af56732a038ec3b86a7be66beefd279be3332d823041547a77fc3ea00757d638c198f05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\518c627d-af29-4e80-8a7a-eafc2e13cfac.tmp

MD5 2a5352f369da1b760c6df7373797fcde
SHA1 9dd153f90a3ad7b7a79d7dda769000c9484f98a0
SHA256 f461a1025e5991d0cfe6c87cb4760073e12f27e08825e96547c6a1abd7c71ee1
SHA512 5be02ad27e6844146ddbf11e6c4761842957a466ab7a084317b21dd3ae082550add00da054eda2e03a2dfa279ee0915d50de1c9a57e30b9f77c6497a694fd87e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b8751774cc1816231903bb38f463d118
SHA1 bab5a59302f8e291430ea47be285f271f2e37304
SHA256 f401ae3cfd1932517d6f81d7fd6f41612c70a72d59ae4018416ef945059de6da
SHA512 5ad067b81fc576bcf2c61545911ad5d94c04ada43c6e53b1c6db3cfe077fde8f9a1af7c64d00dded3526bd6625e91244a847c6ccc1300481a0cf72b6fd89da0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\63c8aeb4-b0d6-4bf1-8dad-63fae666178c.tmp

MD5 b14bf818579c3e4b3318ec813a69fc5a
SHA1 d3ab499d102059cac4f9febaad05e513d217e3ae
SHA256 452837ec9f5619792da755d695d46c7ed14e155e664514499c9e5787391766fd
SHA512 e4a65522eb6d1e23ea48ec452f7e9c9bfa78c7f8875db4dc6168d8f8552913021c3171d4c5268d6ef2f26a8cce59727cb65c6cbda027d7c7599a445797c77049

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4FB3AO4.exe

MD5 c2ebcf8610690c5bd9af9694d317d6d0
SHA1 f4f27f46421bba81242c2b88453cf91c60d92cb3
SHA256 d889d484a3840a7eb92f3147edc2b655e39d0f4b8aeb2faf418f86bdc986deb4
SHA512 7aeebded40804c68889d19319a56edb710e976d7f2b48484693db321681d19f7f4c3356948810089390592ec4c88355940b2a2a46b3bd9d6be2c0243c7f2a6e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d144a2afb39cc4c57d23b4fba9c2c759
SHA1 12c4f9c1377894b975b1c1ed6744b077d0cca941
SHA256 69213fa371a1da7f2063ccaa209ed52de3eac38a396c1a091706fbc1870ba8a8
SHA512 21a18907683555e1a912a63028bad145488aeaab242b7aba4b8bd2ecf7b4b89be4b7172c84b382ec15b89717d1773f0c139dae4b8a4f4e6cefb67a5550242620

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 68d283f33f872dee8377f5408ae0b3b5
SHA1 e6ba9556746db25b1816e27192f825a49139fe93
SHA256 2abd06d9f0c78e7c48abe5a7f7e114a2bb6d24d8373c0f4b5b0a2c947ccd984f
SHA512 fd5b0ec6d31b705d67ce30635170db9b9e6a8bd20c6402b6dd4890808e2a06988d9140e515fba383baf03178abab8ab4f586e09c8c1757c755d498d281ee8bd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b14bf818579c3e4b3318ec813a69fc5a
SHA1 d3ab499d102059cac4f9febaad05e513d217e3ae
SHA256 452837ec9f5619792da755d695d46c7ed14e155e664514499c9e5787391766fd
SHA512 e4a65522eb6d1e23ea48ec452f7e9c9bfa78c7f8875db4dc6168d8f8552913021c3171d4c5268d6ef2f26a8cce59727cb65c6cbda027d7c7599a445797c77049

\??\pipe\LOCAL\crashpad_3956_IVLHGWWXIPFTUPGW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 68d283f33f872dee8377f5408ae0b3b5
SHA1 e6ba9556746db25b1816e27192f825a49139fe93
SHA256 2abd06d9f0c78e7c48abe5a7f7e114a2bb6d24d8373c0f4b5b0a2c947ccd984f
SHA512 fd5b0ec6d31b705d67ce30635170db9b9e6a8bd20c6402b6dd4890808e2a06988d9140e515fba383baf03178abab8ab4f586e09c8c1757c755d498d281ee8bd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2a5352f369da1b760c6df7373797fcde
SHA1 9dd153f90a3ad7b7a79d7dda769000c9484f98a0
SHA256 f461a1025e5991d0cfe6c87cb4760073e12f27e08825e96547c6a1abd7c71ee1
SHA512 5be02ad27e6844146ddbf11e6c4761842957a466ab7a084317b21dd3ae082550add00da054eda2e03a2dfa279ee0915d50de1c9a57e30b9f77c6497a694fd87e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a42e136231228070ef5e9d86fcca7297
SHA1 acd6701bb34b7364429e839f5f53fa8108ed1678
SHA256 7eee7a74ad577637c144634be0707608433a36700d5cbd392f08f224c9566f3d
SHA512 b1d7fd1e327fe88a39eac9a11c9bce39de213c2805166fd709ee0f7c3af56732a038ec3b86a7be66beefd279be3332d823041547a77fc3ea00757d638c198f05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b8751774cc1816231903bb38f463d118
SHA1 bab5a59302f8e291430ea47be285f271f2e37304
SHA256 f401ae3cfd1932517d6f81d7fd6f41612c70a72d59ae4018416ef945059de6da
SHA512 5ad067b81fc576bcf2c61545911ad5d94c04ada43c6e53b1c6db3cfe077fde8f9a1af7c64d00dded3526bd6625e91244a847c6ccc1300481a0cf72b6fd89da0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 abdc106dae31b776db7dea38ed1f1197
SHA1 d878f2355a5317bc33820d395428d6be7dd1631f
SHA256 63d36efe0eeda7d651fed3045acbac35f97aa60bdaeabe5310371535be1ceec9
SHA512 87cee7ed681ae781053a84adf33b105718f30672cdbca00be9942c45a032bd1d00cb937b8c4c3e1edef73d37d9ae302db6bcfd615ba01cc806b37e9b4e4cc6eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7e1e073710ab8cf10b52e472b6ceee4c
SHA1 04eb7fd480e7c6af0338a4fcefaa32ae84ecec61
SHA256 5321bdb4c5d7fac721134dc54a3a5d2b756d6bffc5a63e165627619e6be5a1e1
SHA512 72bd5d6e36ca090568aaba71b663845f09225de5c2f834d9ebb3ce2e76709aaa62f7aa5b9bb86c0ed88f14e67875c6a0f41633ca6c9a7540e8051b99cc5c1d54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1ecd1199376f5a2ff61ae3742251ab0e
SHA1 8ff7afde294c9a099bffaa094c8d84b24589315a
SHA256 af63f5347a5e5bb1a89dd044debde6bf8f665d9af0331079038bcffe343fc548
SHA512 16caa7c43570b00d8d2dedcd9dfe1a756347f2567a21e5f797764a56ca9dcdafb8eb04e7c56bbe6fb2630b65d9aec1a4d2282f54d6551653a68f226eb6e351f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 26dfa26fb82428ffebae5db8d766bf2c
SHA1 e043cbbe559fd194f83bc547c9fa2574b1d5792c
SHA256 0804c382a0597b2f8874c545cd26d67868aa4ac50efe11a6b86a1cfb721e4aba
SHA512 5c1bab434089e94766a83ebd34a0184cc7bf7fc5fe911fc3b59c4e8091e2f67146b12afbec7135966972ff2e10a5c95fa585a3c732ffbfeca45f688c87b613a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae8103ba001ac88749ae82b73df3b7f1
SHA1 acfd7eb8f4c2812455c449f9541d1f74f5c9c3a5
SHA256 c10c9d030b2f004b43f723412fcfcb53eeb77bc85e23a1aa3364511a08829021
SHA512 ef573639a2c4381908e5ad7abb05ce4f13d9a6726f76f9d71404d0ed3c6aa5e47d94a8914f4b3c8e9046a6554bb7435f2be5c8fbe0e4c7115a84cda5f65e3874

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 388a560323cbed2d6ba1a75ab92f1a06
SHA1 55d2ea30f7f4873fc7c67642ae1220383189abcd
SHA256 20b1a0730c53435fa5dd0dea5588865d2f7cdda8d5166cbc5186ca4def3e1b21
SHA512 bde6dc915832be7c8cb763dd0d6ed2f517f2391317c1b0d38c458341433378b317e7b3154b557819bc2ab4a2ff0b4016d617044ab66fffd1fc61168db3cf68af

memory/7804-494-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7804-508-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7804-520-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7804-534-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 38a63468aa4adc12769946e66b57a669
SHA1 d0e48809084a349d0c6af13eb83a0948b41c7e91
SHA256 81adae4cbc49f30e6278e177a4e35821a4f84834227c76554565832c81169910
SHA512 d340094af089a3393aea220ba78e4efa6666558fc06d5197cde9d4243c04f1c102b215d6e291e0aba1af3aff11b487d83e784389b600749c97e34149544d2175

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1c706d53e85fb5321a8396d197051531
SHA1 0d92aa8524fb1d47e7ee5d614e58a398c06141a4
SHA256 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932
SHA512 d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/1824-724-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1824-726-0x0000000074530000-0x0000000074CE0000-memory.dmp

memory/1824-727-0x0000000007F40000-0x00000000084E4000-memory.dmp

memory/1824-728-0x0000000007A30000-0x0000000007AC2000-memory.dmp

memory/1824-734-0x0000000007CA0000-0x0000000007CB0000-memory.dmp

memory/1824-741-0x0000000007A00000-0x0000000007A0A000-memory.dmp

memory/1824-750-0x0000000008B10000-0x0000000009128000-memory.dmp

memory/1824-751-0x0000000007DC0000-0x0000000007ECA000-memory.dmp

memory/1824-752-0x0000000007C60000-0x0000000007C72000-memory.dmp

memory/1824-753-0x0000000007CF0000-0x0000000007D2C000-memory.dmp

memory/1824-758-0x0000000007D30000-0x0000000007D7C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 642ff7b042b45159f7290b375badab07
SHA1 560e5c7d6c86bd2e9c7ea07df86247044c3a6a87
SHA256 4b679905e2281a5033f8c2bf13ae3b6df7e6c7c0f01553c62725d4b10817aa81
SHA512 919d47c930cb9e82f1517bcb3c69da1bc562daba3ff96d8d6022866469d80e25e4668362f7725ec6242e95862a6d6905fbcefbd30dcc2852dfa93809c8bf49b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582a47.TMP

MD5 2d69d56c4a73ab2a65a8f79de2ef7695
SHA1 38974af1f3ba775a3b3d004e2af7409e4f6e9313
SHA256 4a3d709054e63a3084d2ff7f5d8fcc95461a3e684608a1008096738e0d6c3da2
SHA512 76e983afa6b2fcc15910b0ea4f44a68bdf222f16eef7dd9a79e1885810a417892e9af061d95de0039638e00ee0c3cfd12b42929a019dd6f48c4211fc2b6f5207

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b61bfa8133e707ab3ba2da9cab782731
SHA1 aa8ffebb33279f0838ea37984bc7e9a14779326d
SHA256 b8716fe9b722aa7785144a2ee31f00af1f2800d128f5764d8f70b82403123f41
SHA512 cc3b094ecfb04ca3746155b20689002bd3067bb51775f673bc6548504783d6934871bfba00282ecc702bd964add1b45e59dcfb16fa3675d3cd028046aeae32c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e523c6ea-a195-4e5a-9aaf-659b291498cc\index-dir\the-real-index~RFe583b20.TMP

MD5 dd62643000bf23072abac3f8c398cdfb
SHA1 43132caf1a29d2ac65b00e85b615641b534f0415
SHA256 f18e9733de20a895dda776f5af003161a9311718992f0f6d7a1d375292b3b52c
SHA512 f69e8c09a07a6ed915bb4b74d7f60e3df61bc43b3a85e6e5ff2235c61c5c909857829c4d00617f01f522ad747f5bb3b1cf941ba5b8801af77a22b9a5a3c25484

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e523c6ea-a195-4e5a-9aaf-659b291498cc\index-dir\the-real-index

MD5 af76aa6a86f25937bc471c2ed3343c61
SHA1 07915ce6519dcb785337472b06f85b8b89eceab2
SHA256 eaaf2443e08490d20baa327b7315d2844490618fd71f18281ab14e11d4b3dd82
SHA512 928c81688e004319ab71dd5c5e6ec4ba2b642223dd393458bf84ce311d59981b5f33e509f221362009fc40ab3e8bda065c262e07d4612f7714ca5cf084639e71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d7bf75d8a2c716504ce5c3e2ea52f49f
SHA1 37fe4e8aea4e05e35d34e2de8963405b14cf1cec
SHA256 5a6db1a8d5a4293830e06cc50d4540d76aa26df96d2c0b2a825cb89f7ba1507e
SHA512 be510d912049e6cef4458dcc943f11ce0bcd45c6be2ff51df01110f3323d8f3edd18f67cca9870807c5abd3116401d2aeff60506ccde6d9c6dd4d6dd62d573ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583da0.TMP

MD5 64691a697a3b7613638557321b24d1b9
SHA1 4ec38ff1951690d2f6ff48ebd67c6258a4d6d4ec
SHA256 1e752f532abb9361cba2c71bfa403d66608951eb53e6f9d2d9b1de232b521816
SHA512 960cb3c1ef9ac2dbc47fd8e163f4df1cdc1861a8919877d3a287d21b45a0b44b8a7b92369c92c97c48989f2dddec2619de678d842ce1869769df35261c775e21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ccb6cb46-54d5-404b-902a-94763b2db2a7\index-dir\the-real-index~RFe584159.TMP

MD5 cc956fd3024491c25dd221e5142fd255
SHA1 512e65d9c0d1618a7098ac3b3519da3ed6ba7897
SHA256 fb459a1f1da2462d6a8865b850e7a47b4cf3576d45d2c44acd1328f6e0e9d770
SHA512 95a80366f88cbd4a8a872b2d832fe9c205c1659f38715175a249f1ad7066b72c619f81da21e00f68298c8d572f1af4197decb2c17a31317674577c607075e15a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ccb6cb46-54d5-404b-902a-94763b2db2a7\index-dir\the-real-index

MD5 78dc4dc050af15e20effa5801e754ba0
SHA1 785f8264f9e1e3785cb2db68beb27023b598398f
SHA256 fa1088524754812aa363a2384baac06d86c053926a7a9737a3ab2543759729a6
SHA512 4f686573bb7fab8db92835f4e554c8267d803ad927c88db9a5b48719f77d48c73701814a6f29039f890e7433f27e096acd25bb1c96e9a9f9349c63770cfc74eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3c530380eefdf9a91427d22b68f1e38a
SHA1 4e04c637e322a6cad9f970b7c3b08ab2fa8ee701
SHA256 ab0accaae1986d1906c0700fdb7fda8ca8346027157b645df962a945cee7fc21
SHA512 1a09d6fd3a3c35153ffc9ebf66a810fdc4bf4f44af18880d4bb950f0dd640d16c3b33b6b2e21d60aa06a097ecaa8e98595da54dc83baee2325eea95848b6b876

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2960c92abc8e6544d4598443f80037e8
SHA1 ce7cf78d964c1ce3486e8cf21c2d526cd725963e
SHA256 174eba0bc51dc66495aebde3db9204633302a770752a691415b278c6774d64e8
SHA512 947f52397bab980d62f0b623564c9a1697a8beace8c402a71ea48bc06f4875bb2723c0498435bd72b41a8d1dcdad73a83e3666eae7b86daf9c7f55fc1d5e0620

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

memory/8524-960-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8524-962-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8524-963-0x0000000000400000-0x0000000000488000-memory.dmp

memory/8524-966-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 84b450461b76662f7903f30d69630a62
SHA1 a87e6f55325d3f8a3e6181268fabd1f80549cd6b
SHA256 b2e77592d92565780386e60e83b72bf05c3d02eb83d3d1f4f1c41b4c1ecc619b
SHA512 a79393ffc977c2ad2f369116d35102a2483982a7b0a9551533d93ccda4f6058312407a1e3bb23ee10df06c6258f2a955dfcebc95f5dbf66caef56d8dea475059

memory/1824-1116-0x0000000074530000-0x0000000074CE0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

memory/1824-1136-0x0000000007CA0000-0x0000000007CB0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aaaa1689fdea80b3e328dd22654752e6
SHA1 6d0f8ce12578d5a75d50aecb57f58baaeb592b42
SHA256 4104a67eb66101e1a8ca62e362680412a7a2cb0695bed9830ca575965cfbd753
SHA512 3463197a0e48c0f69520ae00395ca7ed9f7f034f724724f9ba4f5010d97d305db0ad62d959d3af00da4fc415f27f05ef582a1df467f4a9a89863e91ec530b492

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\cf79b7bf-08fe-4e02-940e-1c5b3c4ff245\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 3aafd8ed464d48ca5cf7794541360623
SHA1 a3dcfdbb2193717df6fe41e893840e014ab50ace
SHA256 3177584574ea33c14c77fa883cfb859685f55c0d3bdd2c64a6aec2f99f2b51a2
SHA512 2475763933722168cd857b51abe40caccb0f6e34423dc5474f4eb16d36e082bfbd11806d7858c72981b440418ea166d3355e3016d57c897a67986559e37cd0b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe588f5a.TMP

MD5 7414d0581ee9f77914f8051281001198
SHA1 1564ca3839741eee069e57af35d763847f377008
SHA256 647ab9d022fa7a1341f9794ce82cabc37c22123f7cd840d63a63552c4f9a0bb2
SHA512 6159e2dd6128378807e629318f59720e6e20e01caf0ea27a22dd7da08b99f4c35819e0cdb542cee09de8025c5a2887deae39947f8d9f9745e4be0fd661fd63fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3916b35edf8429fd456289e6178746ad
SHA1 96c8da0376cbafe06f9e3139433fac533d45db03
SHA256 850ed5b201a6396d2f2b30b4b72acd1bc8e5874b132b259f186c552a45eb1cd4
SHA512 4d63bb39bc4f368910bb741848d2137214a0e5194c5e89270f74fd40f3c7d04197cd8bc87612cad73bdabcc1abf09e4968cbe58cc6e68d0894414f0af4bd465e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 04046649ef4acb78fe7e7a26a1fb123a
SHA1 23c20f152f27873543ed1ede76d8c04ceec0e5cd
SHA256 a0c413512becc494f26ad721df06a63ac0748d58975536ddc816bfa2bdc8154c
SHA512 dc421311f5ad8e3a2af6c5d77fe8837d259294eed08d2174cc573a71febede91ef771689dc1ec54dcc7029ba6d260a091ca85791bd9456f8136feec13856d0a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f52fd20e28dee464251e1c8261acc8e0
SHA1 c8cdc82af0140f1288f81f987648a8b811babef7
SHA256 d9627c88825ad77befdf6af38a6368c7e0c21413fde64b8f5f030c46eb0b241a
SHA512 2d2bd084c6a99b859b5f63d7f93aa4bf77a477a1546de9d8e0a3889c4b2757ac5186b9efe110ab6705279cd6848741900cc4d90f234b772688ac03b17f9c64ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\d73932ef-f8f4-402b-8845-34b1f0c27404\index-dir\the-real-index

MD5 eb90d346b459e9676f72364604c4a72c
SHA1 82b2872a32d15acaaa2122d764ccb8b90ac1cf35
SHA256 dc7e82a64e557ecf68e065e0fa32466aab975963a4019331adaa21aba686d554
SHA512 eb319d90278492d83a801f96c26fa75e97f7c9feb4bbea11655a162deb42c3b06e33ad1c42c10d4e541aa193690c0a1e6dcf0f2310773001aaaca5d815c37d2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\d73932ef-f8f4-402b-8845-34b1f0c27404\index-dir\the-real-index~RFe58e70f.TMP

MD5 1f3d9702a863af454aa99560970885eb
SHA1 3ebc9b18d9a70c3c2ef666c1b1fbdd8b5f4a9704
SHA256 40a764bac254b7e391f56db161ceb33e123cf2b24a4550d903c146b662c7c6d0
SHA512 2fb1111fa02bdfaf5d5e19225a5c9fad61817e060ac854e103133ba117709e7f1ab504280fc748778249033cffa822445d5e189a0e6db83764cbc6679c13c746

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c84500f7712bb1c8047f1b62d7610770
SHA1 cebdeaed08d361713f024ddce3fb2a018b8dd4b7
SHA256 a7614e6951ff124c506e328a6a78a41abc5509a26bd73bf15baebeba4aeec874
SHA512 d3e48397c48d06690b50060547d3871863fb31f4224b253eb13e2f3b18a97f8b63d507c7f1418100f6487e54319c05ed181b620908d225940e3ad3473e79c5db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 017199b8fd6fe9ecb655c2606fc5b9dc
SHA1 4a52cba501b4b845e46e235d3dcaa1d92a31de7f
SHA256 c627a375b07fcbb3e3d3db0eca06d9089cff5e89f27d8474c394404c0ba470a3
SHA512 c136b9b4c1e4a14f7afe5913de793c722e07bde77625d1f8c915379860454d59d7b1ffc7ef8599d2beb19feaa5f2642768c700f19238394c7bc0773a5932a08a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 24518831ed2b4fb35b557744a40f6016
SHA1 f07dc35e94b1f6ac9f70bc9124add2023efa93f8
SHA256 84fd977f8a2550f9dc9ce9b7f9d8a712efebe2dd1bd76a6dc617b415aae0cbd9
SHA512 85bf485457cae0007fad4593e2ba073966cf89ec435856a13180fa82ad64d8c22437a307dfe5a42e49783c3226bad1892a298ca2cfb0824aa6103814b54a4921

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 acc9679e9a272a91ccfbb0b66159ec97
SHA1 2b7454cd8b916c1c2f61c2c758e82826698775ed
SHA256 b7132c5ac2787646c6e1e84f69e29ad7bda2c41e8e5571f9d4ca3471202f8e25
SHA512 6b3ec8d1a5691e4a57525888cfc27a412b7a4c9340e35d2efdddc11c6aa711b10ec0d3b1bc7232d289f6ea4425821aabe394ca09f8300f33c95e2a32533180a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\cf79b7bf-08fe-4e02-940e-1c5b3c4ff245\index-dir\the-real-index~RFe595f1e.TMP

MD5 ed9c9279326bd4a0370d0342c13b5ec8
SHA1 01fa1c25b2df44a57f986e9b556dd16486d2512d
SHA256 c6c2a38367ff5f411fee26f3dd3881137ac31e8b20246f547e8810f82f9e73ec
SHA512 d72c2e6159d5478e0aee8c4712f4f13f448895d1ca6e11f4cc489da61edfafad04caa20f77f02e25eb929d12b078fd56c9f378a9162380b3a5248af5feccb299

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\cf79b7bf-08fe-4e02-940e-1c5b3c4ff245\index-dir\the-real-index

MD5 910af7eabd3ca9cec90197070b1c8c52
SHA1 ed210d53d8f906a76f9727ae3f390dfd63186345
SHA256 1e352ba075c7b16640f3491d224d21d09fb5f7a2216aea33f7052f8ea8dbbe6a
SHA512 046e068304eee60bf10b6a335159a302d5db7fb990fde99a7850a9d6a41e4d1b7a95029c99892e9164dc05a7e364621cc90630fd591d9b64ab22bd1d78fdc285

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 6492557229f3d6f18a126007e6011e9c
SHA1 55bf3a43b478850d6de45d424ae5e55d423986a1
SHA256 a2af5637d1afc795379982c17bbef010e253b06f424802ee96598d796e584820
SHA512 157da4a7011ca319d3e02f7a6b07cb8dc09fd8ad424141d24ebd78ba82388588d190117647f69d5550f4b4a7d89e3a31f517117cb06d99144b0dc381424aae95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 2366f4bbfafb4cb1cac21c15c1b5e74f
SHA1 ccbb5850df07d4297d7e097c4b691833b26c1672
SHA256 0d1e71b13012f0618437c67f46ed3419f89164c34065fd037bb762fb147f0794
SHA512 814173fa0b41cb221978a831e0163925db7f9de1036105d31899d0552ef0e0e3959fd8b85ed8d2183bbd539404c6a8a816d7bd8003db4d70d1450f8185da95ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 709bd9bdc8a7a5ab766ea83283e0b03f
SHA1 615dbaeb2a92c3aea4ea663f2136f6db545add87
SHA256 ca9d103bb4cbc8094fd03ec590f21f5fa1cb500a4e88b0c0cf4df2961f5b5a90
SHA512 5d007bc13a28f1d52758cb493bf43662bf36d91ada505ae4b790fb7201b292c64b2fa7ea503859663bebef00f11eed359053b1358cb9c4bbdf2211de94e15fbf