Malware Analysis Report

2024-12-08 01:11

Sample ID 231111-mghlfsde2s
Target 741d8018319a189e97bcf0d60ead08f3.exe
SHA256 3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3f2ea0d596d06dc2fd32b2dd2a475a0775d8f812e3bd1ce6e0ec0e8da0ec5212

Threat Level: Known bad

The file 741d8018319a189e97bcf0d60ead08f3.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

Mystic

RedLine payload

Detect Mystic stealer payload

RedLine

Executes dropped EXE

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

AutoIT Executable

Detected potential entity reuse from brand paypal.

Suspicious use of SetThreadContext

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:26

Reported

2023-11-11 10:28

Platform

win10v2004-20231023-en

Max time kernel

151s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\741d8018319a189e97bcf0d60ead08f3.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\741d8018319a189e97bcf0d60ead08f3.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4728 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\741d8018319a189e97bcf0d60ead08f3.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe
PID 4728 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\741d8018319a189e97bcf0d60ead08f3.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe
PID 4728 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\741d8018319a189e97bcf0d60ead08f3.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe
PID 5116 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe
PID 5116 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe
PID 5116 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe
PID 2888 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe
PID 2888 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe
PID 2888 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe
PID 4008 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2572 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2572 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2132 wrote to memory of 4044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2132 wrote to memory of 4044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1140 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1944 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1944 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3064 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1876 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1876 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\741d8018319a189e97bcf0d60ead08f3.exe

"C:\Users\Admin\AppData\Local\Temp\741d8018319a189e97bcf0d60ead08f3.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff800b346f8,0x7ff800b34708,0x7ff800b34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff800b346f8,0x7ff800b34708,0x7ff800b34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff800b346f8,0x7ff800b34708,0x7ff800b34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff800b346f8,0x7ff800b34708,0x7ff800b34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x148,0x16c,0x7ff800b346f8,0x7ff800b34708,0x7ff800b34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff800b346f8,0x7ff800b34708,0x7ff800b34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff800b346f8,0x7ff800b34708,0x7ff800b34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff800b346f8,0x7ff800b34708,0x7ff800b34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff800b346f8,0x7ff800b34708,0x7ff800b34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,9658744671660798159,7807928688668487743,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2732188393200556954,1574989112892071402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,9713380495613048748,10078738975172801956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff800b346f8,0x7ff800b34708,0x7ff800b34718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,17643852482102274496,8900808477394149745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2732188393200556954,1574989112892071402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,17643852482102274496,8900808477394149745,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,9713380495613048748,10078738975172801956,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,10650567762261934942,18213430275009221821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10650567762261934942,18213430275009221821,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,9658744671660798159,7807928688668487743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,12103158693986588019,7993015821046318128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,7214348104841914555,9178731696051556214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5rd75JQ.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5rd75JQ.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 7712 -ip 7712

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ZU832.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ZU832.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2652 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10136 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,3049440137795947979,14210908413684671201,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9988 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 135.240.123.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 twitter.com udp
US 157.240.5.35:443 www.facebook.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.paypal.com udp
US 34.233.198.216:443 www.epicgames.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 216.198.233.34.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
NL 199.232.148.158:443 video.twimg.com tcp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 104.244.42.5:443 t.co tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.163:80 apps.identrust.com tcp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 254.20.238.8.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 play.google.com udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 rr4---sn-q4fl6nd7.googlevideo.com udp
US 173.194.140.201:443 rr4---sn-q4fl6nd7.googlevideo.com tcp
US 173.194.140.201:443 rr4---sn-q4fl6nd7.googlevideo.com tcp
US 8.8.8.8:53 201.140.194.173.in-addr.arpa udp
US 173.194.140.201:443 rr4---sn-q4fl6nd7.googlevideo.com tcp
US 173.194.140.201:443 rr4---sn-q4fl6nd7.googlevideo.com tcp
US 173.194.140.201:443 rr4---sn-q4fl6nd7.googlevideo.com tcp
US 173.194.140.201:443 rr4---sn-q4fl6nd7.googlevideo.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
RU 5.42.92.51:19057 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe

MD5 ca6e2773784ac10e37484c11ac990fa9
SHA1 acc832c8af21c2670a51a042dae5642325fd554d
SHA256 7a80ed70e6a9d3aabe8e7cebec48c65a3a62dae644b5d72234bb0f14cd9687b4
SHA512 0bd37dd84d834a01f10576b67caba6d9021e3e032c11550e404d22f2520200222d16f731c41926b03ec54c6f5ef281cc5833e4adab92625ef8e389ba7e19d17e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ4IF49.exe

MD5 ca6e2773784ac10e37484c11ac990fa9
SHA1 acc832c8af21c2670a51a042dae5642325fd554d
SHA256 7a80ed70e6a9d3aabe8e7cebec48c65a3a62dae644b5d72234bb0f14cd9687b4
SHA512 0bd37dd84d834a01f10576b67caba6d9021e3e032c11550e404d22f2520200222d16f731c41926b03ec54c6f5ef281cc5833e4adab92625ef8e389ba7e19d17e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe

MD5 f5466eaab2fd1a07bc02e9eb64ed7ad7
SHA1 cac9130c9303a97cd62acdbb6e56f9c8665ecb2c
SHA256 ce483fdccf2bcbe0359fb7208876167a0ef6e897c32f5115bee5cd802c58823a
SHA512 16b79f87cf4824839f2c81514b8a6a4ac880fe2b89ed147fe2bb0b13ec55d6627a832e507a0c189c117605caf1f562a3e49ce8e347d3287ecb0ab92766b23ff2

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ar1so11.exe

MD5 f5466eaab2fd1a07bc02e9eb64ed7ad7
SHA1 cac9130c9303a97cd62acdbb6e56f9c8665ecb2c
SHA256 ce483fdccf2bcbe0359fb7208876167a0ef6e897c32f5115bee5cd802c58823a
SHA512 16b79f87cf4824839f2c81514b8a6a4ac880fe2b89ed147fe2bb0b13ec55d6627a832e507a0c189c117605caf1f562a3e49ce8e347d3287ecb0ab92766b23ff2

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe

MD5 60dd201bc7d2074f64681ab5b9611fba
SHA1 7ba295310961de0f929d825c5ed976ab89f3dc5b
SHA256 2f4d9bf2477ad970e556620e0033ac02cb4c9e58a72dceeaa26e2d68552f962b
SHA512 d66312cdc9541a77c4b688e940e47d1672065b6aaa215d2dbbb516a7f7b9b477a4d84bac1222b5bb5afc17206cb31a1b62a8dfc93169f64ebcd04c41c9638533

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Ke880Oc.exe

MD5 60dd201bc7d2074f64681ab5b9611fba
SHA1 7ba295310961de0f929d825c5ed976ab89f3dc5b
SHA256 2f4d9bf2477ad970e556620e0033ac02cb4c9e58a72dceeaa26e2d68552f962b
SHA512 d66312cdc9541a77c4b688e940e47d1672065b6aaa215d2dbbb516a7f7b9b477a4d84bac1222b5bb5afc17206cb31a1b62a8dfc93169f64ebcd04c41c9638533

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_1944_EDUZSTKSOJXSOZAA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2132_PLYLIOMPVQPCCRWM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_220_ZEPHPFAMSBOJXGWI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4000_YAYKHSLWXRQOBXMW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1140_ELMMGNKJKDAMNFYB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_2572_QDDJQREXAPMZZTIM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe

MD5 a47c10eb8f72b14ba09ea12c5bb20454
SHA1 1e249ec31140e1c052c1ffa0f5355de8084f3002
SHA256 c95d5ad88d1bca772e02f2f52ea1807d0475b97f26196bae5c7f8fb43ff5f56e
SHA512 8c64bd22d508d69eb5d48a8394040ff915c78203c9f1ac740219dff6c11091b5ddb1b270774e2df5ef1160a52edb182476004483053a05b82fb643aab338bd41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4DZ9uU4.exe

MD5 a47c10eb8f72b14ba09ea12c5bb20454
SHA1 1e249ec31140e1c052c1ffa0f5355de8084f3002
SHA256 c95d5ad88d1bca772e02f2f52ea1807d0475b97f26196bae5c7f8fb43ff5f56e
SHA512 8c64bd22d508d69eb5d48a8394040ff915c78203c9f1ac740219dff6c11091b5ddb1b270774e2df5ef1160a52edb182476004483053a05b82fb643aab338bd41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 acd6006dac977c3ed604f266eacc510d
SHA1 86f66641c3a273a7fd8206a66d2b2663d91d96dc
SHA256 5a8361b5d5a57af8a573d09a8ec0d93e374cf5a20fd270402bd37fb14539ef33
SHA512 10d4f56bc36a562ed1819c6be3ab515b267994d343500729a4ae9efa385b97b9ec4037efa04a2b6f2097205a00b23b325b215ee1b96606b0f7b1cdcd9d78feae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6796d5f8483c81214fa0d2c56c2e0a4d
SHA1 52c9487d19d5a89a9658ac7eaaaf5762aeb3301b
SHA256 5ac48b52ad360838b324c0af33a24b538cda00276b6e8015a604517d02d00678
SHA512 3c7328ad577b741396cfe5920f2914579e933858e5502f5555b4f26851b46267edca8f679184e8655df7b952b55f8bb2cea2e8690319cf0f33b507459036480c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dc4dc990897750443936bbd1198094f5
SHA1 818c14870f275fd982f78adf42e52dce4829b7c3
SHA256 652e75fe71b0147254cd915a12b2029a6023a0fc2d01c1c9f8ce55cce2743405
SHA512 ed6b7710363795c1881bab0711b6736b487fffc95d828e473bee1b2d3a72a778c4e459163b858cc54a0af929b9f827fec76cfed8e761704c30b933fed7a3ee0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dc4dc990897750443936bbd1198094f5
SHA1 818c14870f275fd982f78adf42e52dce4829b7c3
SHA256 652e75fe71b0147254cd915a12b2029a6023a0fc2d01c1c9f8ce55cce2743405
SHA512 ed6b7710363795c1881bab0711b6736b487fffc95d828e473bee1b2d3a72a778c4e459163b858cc54a0af929b9f827fec76cfed8e761704c30b933fed7a3ee0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 acd6006dac977c3ed604f266eacc510d
SHA1 86f66641c3a273a7fd8206a66d2b2663d91d96dc
SHA256 5a8361b5d5a57af8a573d09a8ec0d93e374cf5a20fd270402bd37fb14539ef33
SHA512 10d4f56bc36a562ed1819c6be3ab515b267994d343500729a4ae9efa385b97b9ec4037efa04a2b6f2097205a00b23b325b215ee1b96606b0f7b1cdcd9d78feae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ee7d5c7679e34aa63e88afb5d493bc51
SHA1 5a020597baeba7d004497648d5a27d27159aca98
SHA256 6640652bb05873a01ff99330749814909701422739d6dfb07858f42835acee88
SHA512 71edd16879053f3e9912c7582b88b58c5bd9e5be4942744ba1c7da6efd73c647b05c530517a91e4bd455a82d295e4829ce05336411430dba5854ac82412436fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\579f9275-0fab-4843-b0be-01333e736c19.tmp

MD5 29de7f9c397f762c004999a78d9c1a0f
SHA1 e09cfd2051810a2c3ec1636fdb8c038e33b90fbf
SHA256 dec9865de7d0e65345329bb9c2cff0120b97f0480ec0b24ddfd78fa208654e15
SHA512 48100f1cccf48b7279de40db0ad97ec98f9f89020ea12d50087995175d0530b0389c5076e99e42046f1fdb868a43a517e644d2d3d21d2702546501f73834ad51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ee7d5c7679e34aa63e88afb5d493bc51
SHA1 5a020597baeba7d004497648d5a27d27159aca98
SHA256 6640652bb05873a01ff99330749814909701422739d6dfb07858f42835acee88
SHA512 71edd16879053f3e9912c7582b88b58c5bd9e5be4942744ba1c7da6efd73c647b05c530517a91e4bd455a82d295e4829ce05336411430dba5854ac82412436fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 acd6006dac977c3ed604f266eacc510d
SHA1 86f66641c3a273a7fd8206a66d2b2663d91d96dc
SHA256 5a8361b5d5a57af8a573d09a8ec0d93e374cf5a20fd270402bd37fb14539ef33
SHA512 10d4f56bc36a562ed1819c6be3ab515b267994d343500729a4ae9efa385b97b9ec4037efa04a2b6f2097205a00b23b325b215ee1b96606b0f7b1cdcd9d78feae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 29de7f9c397f762c004999a78d9c1a0f
SHA1 e09cfd2051810a2c3ec1636fdb8c038e33b90fbf
SHA256 dec9865de7d0e65345329bb9c2cff0120b97f0480ec0b24ddfd78fa208654e15
SHA512 48100f1cccf48b7279de40db0ad97ec98f9f89020ea12d50087995175d0530b0389c5076e99e42046f1fdb868a43a517e644d2d3d21d2702546501f73834ad51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7bfc3f7d1d66ccc1a1fdc467f6d22602
SHA1 3b23d8351703d0e07cf49b2c71b8064b8a000228
SHA256 3e4074c7de77feaa097cac036e8cb8a22fbc57d79bbe1826fb6f67c110fb0d61
SHA512 ed8afa278a9c086061d8e370174434cc1cf2399e5fd18cf657d6ef9c7d13e1f27e48ff18a4378cb4e21f12c2d32cc05241bc46bec5702f3144c435fc7d11294d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6796d5f8483c81214fa0d2c56c2e0a4d
SHA1 52c9487d19d5a89a9658ac7eaaaf5762aeb3301b
SHA256 5ac48b52ad360838b324c0af33a24b538cda00276b6e8015a604517d02d00678
SHA512 3c7328ad577b741396cfe5920f2914579e933858e5502f5555b4f26851b46267edca8f679184e8655df7b952b55f8bb2cea2e8690319cf0f33b507459036480c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7bfc3f7d1d66ccc1a1fdc467f6d22602
SHA1 3b23d8351703d0e07cf49b2c71b8064b8a000228
SHA256 3e4074c7de77feaa097cac036e8cb8a22fbc57d79bbe1826fb6f67c110fb0d61
SHA512 ed8afa278a9c086061d8e370174434cc1cf2399e5fd18cf657d6ef9c7d13e1f27e48ff18a4378cb4e21f12c2d32cc05241bc46bec5702f3144c435fc7d11294d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ee7d5c7679e34aa63e88afb5d493bc51
SHA1 5a020597baeba7d004497648d5a27d27159aca98
SHA256 6640652bb05873a01ff99330749814909701422739d6dfb07858f42835acee88
SHA512 71edd16879053f3e9912c7582b88b58c5bd9e5be4942744ba1c7da6efd73c647b05c530517a91e4bd455a82d295e4829ce05336411430dba5854ac82412436fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7bfc3f7d1d66ccc1a1fdc467f6d22602
SHA1 3b23d8351703d0e07cf49b2c71b8064b8a000228
SHA256 3e4074c7de77feaa097cac036e8cb8a22fbc57d79bbe1826fb6f67c110fb0d61
SHA512 ed8afa278a9c086061d8e370174434cc1cf2399e5fd18cf657d6ef9c7d13e1f27e48ff18a4378cb4e21f12c2d32cc05241bc46bec5702f3144c435fc7d11294d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6796d5f8483c81214fa0d2c56c2e0a4d
SHA1 52c9487d19d5a89a9658ac7eaaaf5762aeb3301b
SHA256 5ac48b52ad360838b324c0af33a24b538cda00276b6e8015a604517d02d00678
SHA512 3c7328ad577b741396cfe5920f2914579e933858e5502f5555b4f26851b46267edca8f679184e8655df7b952b55f8bb2cea2e8690319cf0f33b507459036480c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8773308cfaf79a6115aa7388a543156e
SHA1 03107071b27e7cf3f869c8a0ccef5d374b8312c3
SHA256 c9222ca36d574b12ebde7a634fe544f8a277e7fa6c04ef3e3c15e9122e8d0427
SHA512 6e7d82ac12bc3b2310c9d794ba8103a50e7dcd1eecf06f25119764ac6cfb4d4b567139d7fd81fb57e8578009ea973c0aa8c8ac76fde6cb333736b1a2a1edc510

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 29de7f9c397f762c004999a78d9c1a0f
SHA1 e09cfd2051810a2c3ec1636fdb8c038e33b90fbf
SHA256 dec9865de7d0e65345329bb9c2cff0120b97f0480ec0b24ddfd78fa208654e15
SHA512 48100f1cccf48b7279de40db0ad97ec98f9f89020ea12d50087995175d0530b0389c5076e99e42046f1fdb868a43a517e644d2d3d21d2702546501f73834ad51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8773308cfaf79a6115aa7388a543156e
SHA1 03107071b27e7cf3f869c8a0ccef5d374b8312c3
SHA256 c9222ca36d574b12ebde7a634fe544f8a277e7fa6c04ef3e3c15e9122e8d0427
SHA512 6e7d82ac12bc3b2310c9d794ba8103a50e7dcd1eecf06f25119764ac6cfb4d4b567139d7fd81fb57e8578009ea973c0aa8c8ac76fde6cb333736b1a2a1edc510

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cc5ba01b62ebfde194b71f5f5eacf76b
SHA1 7f46cca5b30421080323abb74a297c08480fded8
SHA256 212dad3a4cd51db23c9daef0302ead44e4385ce323b1bf68061fb8cdcea7518b
SHA512 9cfb2c2791ecd18731d06a0b2967b4fe34cd9a7a6b48cdfd8cc44f384f54b616adcd88274c7434e9c027c05f43224aced7e6f5366c4bb8f07b5953bf99c6835b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 84113b3408dbd43026eec7361f9ab25e
SHA1 e9420bbba14b199b10ec3c4a8fcd34dc627e47c6
SHA256 05ddc8b1f83b2017c2f7ed3818c0ff28868d7466fd94145909dd58af2fa8cd16
SHA512 191b6128b78cabfdaad2fae3008a69a2a51923b34b13e1ca836810ec817e85aa6a036d49a3f6d47d26514dbd2f8e8012d18ec93f247eccc800c89a3e9276a650

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c1771bbbc3940c6d9e4791963afdb639
SHA1 91cd1a0edeca81022b72e61896ba93c23f181407
SHA256 248dbe919171df475fc83c32b57bfd305100676272308f90e3568698b806ce44
SHA512 0f767db1c128209d87965e42ae75c0d1dce5df5c657e60c287bea50722890ae8c08a65a373b991bbfecbdfde7ce44ed3dafe74d5f635e98c356cf36e906a2984

memory/7712-321-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3a748249c8b0e04e77ad0d6723e564ff
SHA1 5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256 f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA512 53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

memory/7712-322-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7712-330-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7712-328-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cd5dfab0354abba8b75b9671dc5b4cf1
SHA1 7a44e666f30e5d9b6de00b20d49577c6946a1b53
SHA256 bc53b1a06799f39a3a37d1c7dac17d8887caf5216857ba6f0f4b518d6e4517ef
SHA512 0e213464598122c334ebf2dc9ac7e88e60ac23aa2c179c49151ef225f339bbfb3b2ecf9d2c3b8c623b7be3fba1ded0aaef94d8e00064301290a8b24f750c45f1

memory/3052-362-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3052-367-0x0000000073E80000-0x0000000074630000-memory.dmp

memory/3052-372-0x0000000007B90000-0x0000000008134000-memory.dmp

memory/3052-379-0x0000000007680000-0x0000000007712000-memory.dmp

memory/3052-389-0x0000000007870000-0x0000000007880000-memory.dmp

memory/3052-390-0x0000000007740000-0x000000000774A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/3052-397-0x0000000008760000-0x0000000008D78000-memory.dmp

memory/3052-398-0x0000000007A80000-0x0000000007B8A000-memory.dmp

memory/3052-399-0x0000000007820000-0x0000000007832000-memory.dmp

memory/3052-400-0x00000000079B0000-0x00000000079EC000-memory.dmp

memory/3052-401-0x00000000079F0000-0x0000000007A3C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 835fb1dd62449c6360c42ed75db77554
SHA1 35e4781fe369dbbfece666ca24013d3003562363
SHA256 8bdd16027867cc32159f97d87f1dd4c0717c1ca69ec7f1eb1ff780ade0598c16
SHA512 4d93902e83d3c3a31db51aada95e7890d7066d1ffa4e24467566dbb008d5cdbd20890f77a3e8fc0ba0194561d2c3d319d3a4f6802ee39b59f3405ef69a72bd8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d443.TMP

MD5 890ecade8ab457cb7a03383283ca57d0
SHA1 8f00fb09f9c688d019f3fd13f42ff41c89c64303
SHA256 af9bed5f6a1e5f1fafbd02901ae19ec0468e2382c25de2fac9d68a9bd51971a4
SHA512 1795736cf73a50f21fdb287bfe511cb2be2622c93ddec3cd7a001a688c1d572dbb767a22d2c0d9d359b3288b9bc2308ede4f185a14bcdf00c3eb9696b873c651

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 667e1aa8f0cf2764c31959c67a9e0a23
SHA1 5d3958d779e9c2ccdc238e46acfad769c5966135
SHA256 e86832aaca71fec4924ab48d1ecab4a1cc5a0e0bab390f0a40fa3df682c148f9
SHA512 a42a3275acadef8b4e75b2170b8100c63c4d212a5a7b3e46252cf8bc95b5548f770037eaab8e703be04bd314407ee9c5f3bc3a466382e5db1fa5092c13dd1776

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

memory/5440-581-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5440-582-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5440-583-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5440-585-0x0000000000400000-0x0000000000488000-memory.dmp

memory/3052-592-0x0000000073E80000-0x0000000074630000-memory.dmp

memory/3052-636-0x0000000007870000-0x0000000007880000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dbcb1d84cfeae6a62a3c446834e391f2
SHA1 6e89bb99069c97010f4f537a20953c7c6184869b
SHA256 c5f7d3044c99426280df24ec492c72a6b7230d3da2ccc617b416daf66efb9123
SHA512 7522ef98338d3989e7e38d84aec7442f436fc309ce82d48a78ffd3f7fee7533ef9b127c1ad8a4bd929d7ce10b35b135eeeabf077bec51a9aad2ad6c42a3f3036

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bf9ad5ddb41442476e1beeeac81a94a8
SHA1 f6595ffda573c4d1b577f9a118eb36b74f218adc
SHA256 c13fa07d0794a98e87e00bbc9067cc9a49bc61fd620210cc4b8be4fddd9e8e70
SHA512 a8e401d718e0e1f24e3c6b68f547ad684e85e76c665caf0f0e1a00aa97cfacf8f0a2bb8cc2f31a3d56b3a8c8f088554fa9cde7cc39df1fc9e4cc4a9a310ab3a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 0e382e30b967a29ee32ae10b749938ac
SHA1 ed4f59e9b9536a7f1d5c6503b7b456e64518267d
SHA256 d26e8a00f0c7574ca412109e1294847653be60f99808333e4f7c4e7364f62092
SHA512 ed5af1f80678d3b9332d457772e8b038c5204dd0e7f415db42c790b71c07ce6128aa4b88d72ef2d99ddd28f49fcf9669a2533a49a114a7bd93baa8089689f3a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe5953e3.TMP

MD5 695369355de9201737b0f607af748fe2
SHA1 ad61efb702e12ca322bb8bb4d4de3ba34af1ae6a
SHA256 972220fa02e836f10efb5cd3e54eb959dd3eb5c5a278ce7c68738ba532e94531
SHA512 4a288731c2257a89e0bf1f81db9e44a908e4113cd99a784f0c67c301c4c3d68109c7842471e5d64133c197de9fb28bf0fe0187d5cc3619fbcd9388b3a44f69e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 41c6e0a1fb62621838d247e475fd931f
SHA1 a12c299179260dd7e943b249c13b13b32848d6ee
SHA256 660a621d33404a91ffc0ab141c6c05ba53d7cafa95a4c4da36ef14b296916397
SHA512 798fae62de0fbbcc4d6b87040eeb1aef3c0ab47d8172413ff314c660c83c2e21d56e062884454b9e96be154486e3d56f32da591696492dc2f5f7ae1bf52f287f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e7b69145947dadb22d33af6f677bac69
SHA1 e1d41a9740c0078f58cf91f0e60f71f27d12b1f3
SHA256 587af08d5d0deb1cc87312a6118ef3c31ab3b1577bb408dfa954ce4188d0b674
SHA512 95c8fae31a6762fb9fafdf21454cc84715ed306648ab8740fdc358dcf6d4a5aad8b8dc7129ced5680f6bce42657a00c87aabfc5fa6015156d8e854e89e43e4f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c1a714c89ae2adad88582a2bea329feb
SHA1 359e1f11adc2efdcff8ec43e5a3c0536251bd4dc
SHA256 aecaee88651c0dfae0dc1710f6e96477c61faf96244d4eb621f44f2589dde886
SHA512 d63fd9d10b094d5bc8aeb6b5a15e45a02ae0900671082236f45073bb088b61cb3fb45f4da6a4a74bdc4f3bfc084c34e640c4bbddb5de86925826ab06880e5bec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f24ab90be9e764954486cc97e65cfe7f
SHA1 a4b0f04365de576c099ca1bfccc205219929638e
SHA256 5f26d63adb819fd438fc6c6d163b892eafb99ec9bfc9417cc65654764d3da83d
SHA512 73059f4c456aa70c807d0b4db01cd3b284ec621c4f4bb023630c85e986ec0c19ff802b19f9fd6c0db994c3a596873152f0f291673214115e4d8c1f2e6b4c76a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\62047081-1ed0-4c6c-ad7c-b20ab507b43b\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4ad4cf15a97b71b9357f8c107d5091a5
SHA1 c0cb4b2c5e13600865be36750b9c50e6d63fa12b
SHA256 e3e1745ef83e53127e3a95ada6739c4ba6923d252161a208ef056afe79297429
SHA512 c269badac919477c97b79f1b2dce60174479f08c906ffe4d763e24505dcbf2bbc8f633f92904af85d1cf570a26211225a39be03912c2fc46d93aa778fead2d5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 de8d1cdc690a97bc5cbe7e120beab39b
SHA1 7805f2352646ba3c589832812e4c7c079194c533
SHA256 65b08a38d80d78b488d4f471b4d3343f45c0ea4a99ab0eaf2d4a551380145a3d
SHA512 e57995318c9ae718a21ef08cde0edfd360d1785ac14992f4ea572bd5b245e014652a4854fcddfcf3ee76f05259ead59efa3102e33b742aaa08da778b682a9513

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 55a42f572106f607662fa35f2c0046ee
SHA1 44db1c9d93beaa409db2d49738a801f3751cf194
SHA256 dfd6d9384c8a438a7d14ff9dfbc76d91e292e4a472b9f178618a4621bf0b7732
SHA512 a613d3b674b5c3dcbb9962fa4117e2eb18181166834633d018dae50919087203f927b52a8f94ea30139f98a64804f0a08d06d0652a7480edec23d9b96353d20e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 8f2ad6d84bed6054dd98ae6766cc7e6f
SHA1 0bd8050429ec1c6625ba96cec7f78461708008bc
SHA256 e9f1c93130525f309a525cdab34abc9612cd2c6c10b80c3caaf808b98c519350
SHA512 1ef7afd5fcd80b33f30556120b8cbe9a5930e59712513f661424288622cdf36bf89cb44c627eb3566425afb96ef3f9b96be2803814a1a6cabab750f441da75f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59a232.TMP

MD5 7c14b405c64d8ee5f8c4df5e6ff945fa
SHA1 27dcdb4538ec03f6f134a66e42255cee15d2096b
SHA256 7351a62f1e7d74cf6d778e945ccc07bb7c29968cb57ca926524e6f81c29baced
SHA512 0b7a49019fb5f6dcb3c38b94cbafa08286d2271d7d83e150fea5eda35baf00e49e97807260c6e3c1b9075fa2729c0acad30976825ddcf0a64823de73dfaa34ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\474dab45-9d33-4a29-af9f-22c1a3780b8f\index-dir\the-real-index

MD5 02f00fa858810b74b3de18dc937b0856
SHA1 f85980e14bd794878270d34c8b1e6e08b91d4400
SHA256 8710b5c98798e9fa76bcb2c2a7b0161f11f68c425811b47b352fa1c2c4276559
SHA512 aaed48780e1bf9ab85fdd6ada605db23c45058af6c9b448128ccfebb6b76030d59986e03f1f84b00bbfa1c2f534f3e8ed41007d9cb47be2c3d25b07d9dd55b2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\474dab45-9d33-4a29-af9f-22c1a3780b8f\index-dir\the-real-index~RFe59a57d.TMP

MD5 b717f126f96f1eab8540709f7ab8f24d
SHA1 09c9891bea361c037d1054cfb29ad7577b47a377
SHA256 da00525f120084d2e406237fe75e286bb1e5aefd2f4be8938259abbec71b7f80
SHA512 4ecc53e07992e9f24f7dcf6783aabb239e81740fe6aac21420608e664c39176d9e89820be5c61ba2a9dce18cedb09a9898cfb0481bc05cfcb6fc46f8cfa5382b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 02dfe12b224bc3416f9f7c48bd4b9d5f
SHA1 c5b5ddfd32878c0dabf16097bf7418f7f3615819
SHA256 a4a8ddddd8bbc8a48bffb516b7d3c8bb2d2f8a9a72bed7c5cb4a10691ed04d4f
SHA512 2432d3a6baad69bf3b5228c76811a636532793795e3d1c1c78bda99f1bbffd270488eece03dbb0b127132047310ac57b2e8ce270ea2833c74a73ad466d3e53e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 292f5a013f803971acdae881486c60f7
SHA1 313d3ecc906cf5bf7d56321786e8bff1818fc694
SHA256 81027561a380c8853e62a4a0bb86735b57a865f10e45b26434c2220e7a95e0aa
SHA512 3201744999df9b51d5c7fa40f1351d7a1ee1b4f23832f285f56c6c093b5f262621c0db37ebe86d80c48341983870334d88ab8aff067129f8d9c97f15f2b36c0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f8b1a282b360c4a0a8c99981aa3c9b10
SHA1 037c6224e5ed741167ca47ab847d6d2cce71aa18
SHA256 5b4996c910641b555438e9d2dd40d472eed17dea2143c6cd56f535da3bffd853
SHA512 90bd78e28905cb3c22c0f5542b8b9edf06cbc309c3b3bb7232eb4ec51df857adc1b848d7cb85f7e3b8048c6c7b218df629b798cb0d1b0a69d8cbe13eb5c04376

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8b12d55a37c732fdfdfae1982263592c
SHA1 503eafeb9eaf6f5a0cff5c8607f7b93cb9466003
SHA256 723a07a9e14098d9f1fad7acc5934ccba1ea2f3ed3267e03efed9a468fd27c3a
SHA512 e5203d6783b9b8443f12688e088077d7b834abe0b1718f795559aa0dc754d656f5f69adfa13a172e1356d675868afa34791dbc4a233c86467f5b8c06b16e49e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\940faa03-49de-4864-a09c-5fddb8058cab\index-dir\the-real-index~RFe59fe6b.TMP

MD5 6812d3f27160f29dfdd195bce5b6d388
SHA1 533cc2ff75393d8527a07aad8a38a82c34d144d4
SHA256 2525b6f8d4b979eec89db9aee1abafb177b0a17979899c10d94e93ea33651b0a
SHA512 7ade12368230d72d917b6c397f7a7c286ab59c655efc6fd65a854acda83e29ae6fb1fd74e3cab3e188a25d951be72c3a4dc2bb56d66ea26d80f9d2284a5b3786

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\940faa03-49de-4864-a09c-5fddb8058cab\index-dir\the-real-index

MD5 c095c010fc546786ff62154de499d0b5
SHA1 c23fc390dcba77602d16a46a41b06b893d27b57b
SHA256 8cd8d0fb9768e2d92915a60294e8e25d82e15f1dc590001244d8de3f75e192f6
SHA512 7b7e0060603f0474005ff331ab8e05fd0d4dc1a69a8477c49858ca351572eaee756de441e57a3a5cfd1a2e3cc6e234ccb281e49a218ac8a7d10101ce9a2720fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 fc3fab4b56fabf7a50f2a4198af2a41c
SHA1 3f792dfbd15c2c19735d76ddff2e5a8b7c67300d
SHA256 6f9354927079fc0aec7b106ec72dd87c84900b9e4a98727899f9e1ca9db97481
SHA512 808d0998c8266545e3fa1fed62058f3ad720155d7b02e35ad8fa9bb3931d5b8a1747b046fb6ca3888c538479b365849ed783270a904da9d5f98f0220ae51a7f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 646ff4e8a953d6db8d9e5e2fcbb83c19
SHA1 476b65a8ed86adcf48146c26357c578b011bae92
SHA256 730616db03de60b48b80af7ae98c66a903d7bd9d133118b5cbb0732ce25d16ee
SHA512 bcfc98a406514af09c1b41145a7a0405ca48814c5234bceac5dc6cdc723318a772d0c344d6fe1ffb487459004a1ad6fbf2ffd564950f4c96c73097bbc1510bc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f22a682c-addc-4c3b-91bf-07b864c74d6c\index-dir\the-real-index~RFe5a2116.TMP

MD5 6eb7a7afcb9cbe6cc781842ddf172d82
SHA1 e75d2b8b66cd0857ab23698454843612c2702a35
SHA256 2b4b600d2d7c0819221d26cefcc6a69ec2ad68a8e17571bf49976ea727ee9fb2
SHA512 4bc8428e877c1bbb025d690261e0df4bd3a6254dcf13d91f6b5e091e043d72eb176f8ee62e053345ed1ff9081f367bee79b2a18c4ae622095c83efcefa69eab8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f22a682c-addc-4c3b-91bf-07b864c74d6c\index-dir\the-real-index

MD5 58c6ab42db8d2e10a12c465c113d5eb5
SHA1 ef6c8f2c4e69acfb4d6fad7bf9a43d7b7673a49c
SHA256 6dca8488f3d3c67a36c163eb04c93b34d715a9443b1850492db753ef9dfa340d
SHA512 64560d735be05f0b005d7222774e3c2d3abfafa35c3cc3e8788a92de10dd64d62d1d71c9aa55c7fae0ac9a1a4485b678de95a7cc5cee6e2445f0cf9d7fa7264d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 175e70376c83e7209f221f1f6a083b18
SHA1 ec1006261ed0ff65a809881cf08377fb97f13766
SHA256 9ab9e37dafa47b5fa4f26e878ab533e8f9fe0027f7ff8478caca71669000b7c6
SHA512 ec1af77d6e23de702ca0fd05c5ec16a2d432232600a793d740dfc1578bbb1c0d5f9f6de5215960679f26457dbab5dd9ca48ac1c2978b2d13a75d42b240bc0689

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b8c208d32196bfcf8c7b4aa608915bd7
SHA1 8b8cba3487f1ba272eb9fbf4608ffaf2d6539494
SHA256 ef34a28640e790c4b2774cf611235c98cdf90fbdb44ded8f554b7fe507ead4f6
SHA512 e931226bc1e32645e3a1581f041d18881b668dae6b67e481d5f54cbe98b9d6d20592f127071e96f63bec72329761ed90d057be1a3d0b451669fda720d560c379