Malware Analysis Report

2024-12-08 01:12

Sample ID 231111-mnnq2sdf8v
Target NEAS.d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2.exe
SHA256 d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2
Tags
mystic redline taiga infostealer persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2

Threat Level: Known bad

The file NEAS.d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga infostealer persistence stealer

RedLine payload

Detect Mystic stealer payload

RedLine

Mystic

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:36

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:36

Reported

2023-11-11 10:39

Platform

win10v2004-20231020-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iq8wt88.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5116 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iq8wt88.exe
PID 5116 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iq8wt88.exe
PID 5116 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iq8wt88.exe
PID 2848 wrote to memory of 492 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iq8wt88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe
PID 2848 wrote to memory of 492 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iq8wt88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe
PID 2848 wrote to memory of 492 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iq8wt88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe
PID 492 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4384 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4276 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4276 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 4912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 4912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3284 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3284 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4532 wrote to memory of 4004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4532 wrote to memory of 4004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 5268 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 492 wrote to memory of 5268 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5268 wrote to memory of 5316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5268 wrote to memory of 5316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 5424 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iq8wt88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wr8330.exe
PID 2848 wrote to memory of 5424 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iq8wt88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wr8330.exe
PID 2848 wrote to memory of 5424 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iq8wt88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wr8330.exe
PID 2808 wrote to memory of 5884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 5884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 5884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 5884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 5884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 5884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 5884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 5884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 5884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 5884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 5884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 5884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 5884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 5884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 5884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iq8wt88.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iq8wt88.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff61bc46f8,0x7fff61bc4708,0x7fff61bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff61bc46f8,0x7fff61bc4708,0x7fff61bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff61bc46f8,0x7fff61bc4708,0x7fff61bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff61bc46f8,0x7fff61bc4708,0x7fff61bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff61bc46f8,0x7fff61bc4708,0x7fff61bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff61bc46f8,0x7fff61bc4708,0x7fff61bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,12145668575882256095,9980348765962920731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14792730695654586569,9422957803577304564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,12145668575882256095,9980348765962920731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14792730695654586569,9422957803577304564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,10527750583752903985,2567198017792947283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,10527750583752903985,2567198017792947283,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wr8330.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wr8330.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff61bc46f8,0x7fff61bc4708,0x7fff61bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7fff61bc46f8,0x7fff61bc4708,0x7fff61bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff61bc46f8,0x7fff61bc4708,0x7fff61bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff61bc46f8,0x7fff61bc4708,0x7fff61bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,16020544268620407439,8077681073432685589,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,7285298360783544647,11073685484563825165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,349493975276032271,12048812797048087882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,349493975276032271,12048812797048087882,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,5748430990321738088,9794228579073530105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,7285298360783544647,11073685484563825165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,16020544268620407439,8077681073432685589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,13132798393302890471,16577755556218027196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,13132798393302890471,16577755556218027196,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5800 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x33c 0x240

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3yY84pT.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3yY84pT.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 8744 -ip 8744

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9120 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9120 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8976 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14950092557675820057,10883766717521279259,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4296 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 34.197.8.43:443 www.epicgames.com tcp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 43.8.197.34.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
DE 172.217.23.194:443 tcp
NL 142.250.179.131:443 tcp
DE 172.217.23.194:443 udp
NL 142.250.179.182:443 i.ytimg.com udp
NL 142.250.179.131:443 udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
NL 142.250.179.195:443 udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
NL 142.251.39.106:443 udp
NL 142.250.179.195:443 udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
NL 23.72.252.160:443 tcp
NL 23.72.252.160:443 tcp
NL 23.72.252.160:443 tcp
US 192.229.221.25:443 tcp
US 192.229.221.25:443 tcp
US 192.229.221.25:443 tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.163:80 apps.identrust.com tcp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
US 157.240.5.10:443 tcp
US 157.240.5.10:443 tcp
US 157.240.5.10:443 tcp
NL 23.72.252.176:443 tcp
NL 23.72.252.176:443 tcp
NL 23.72.252.176:443 tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
N/A 224.0.0.251:5353 udp
NL 172.217.168.227:443 udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
NL 23.72.252.160:443 tcp
NL 23.72.252.160:443 tcp
NL 23.72.252.160:443 tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 74.125.100.7:443 udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 7.100.125.74.in-addr.arpa udp
US 64.4.245.84:443 b.stats.paypal.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
IE 20.166.126.56:443 tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 151.101.1.35:443 tcp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 152.199.21.141:443 tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 152.199.21.141:443 tcp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 98.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 104.244.42.194:443 tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
NL 142.251.36.14:443 play.google.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
NL 142.250.179.195:443 tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 142.251.31.132:443 tcp
NL 142.251.39.106:443 tcp
NL 142.251.36.6:443 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
NL 216.58.214.14:443 youtube.com tcp
US 93.184.220.70:443 tcp
NL 199.232.148.158:443 tcp
US 104.244.42.197:443 tcp
NL 142.250.179.182:443 i.ytimg.com udp
US 8.8.8.8:53 rr5---sn-5hnekn7z.googlevideo.com udp
NL 74.125.100.106:443 rr5---sn-5hnekn7z.googlevideo.com udp
US 8.8.8.8:53 106.100.125.74.in-addr.arpa udp
US 192.229.221.25:443 tcp
NL 172.217.168.227:443 tcp
US 157.240.5.35:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 142.251.31.132:443 tcp
US 142.251.31.132:443 tcp
US 142.251.31.132:443 tcp
US 142.251.31.132:443 tcp
US 142.251.31.132:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 157.240.5.35:443 tcp
NL 199.232.148.157:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 152.199.21.141:443 tcp
US 152.199.21.141:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
NL 74.125.100.7:443 tcp
NL 74.125.100.7:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 151.101.1.35:443 tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 74.125.100.7:443 udp
RU 5.42.92.51:19057 tcp
NL 142.251.36.14:443 play.google.com udp
NL 74.125.100.106:443 rr5---sn-5hnekn7z.googlevideo.com udp
DE 172.217.23.194:443 udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iq8wt88.exe

MD5 8781d21374f20e37fa14e7f37be9f229
SHA1 823668f7d0b13d0670fa492cb26a2bcb046dfb82
SHA256 ee6c3d200e422a003a04d80fc9b0ff6c4269107a9dc965885790835f37e80c18
SHA512 0e572eb3249bfe0e824dfc1d66d64a5cbc6e82547e12adf5f9def32737fa66a60bf505b2cfc710cced21aa9e4555172fc7f2c86500706b22286eb3a4d571fbff

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iq8wt88.exe

MD5 8781d21374f20e37fa14e7f37be9f229
SHA1 823668f7d0b13d0670fa492cb26a2bcb046dfb82
SHA256 ee6c3d200e422a003a04d80fc9b0ff6c4269107a9dc965885790835f37e80c18
SHA512 0e572eb3249bfe0e824dfc1d66d64a5cbc6e82547e12adf5f9def32737fa66a60bf505b2cfc710cced21aa9e4555172fc7f2c86500706b22286eb3a4d571fbff

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe

MD5 dbfb0262a24b23a2fd76e9314d471456
SHA1 0e004d28cbc8262c5e4191ec3057fdf01b0dc640
SHA256 55bb6da3929b183cfbd1a9041fc131dd2904c369578daf1c028804088e585ecd
SHA512 778eba94cd03cbc736c4bac978503e265f1f5c957941ff2f8fe9d3d1cd3ddf8f5c680d3a925ca13513ddf29909e8434632bf065537dc32073f82190bac8e0554

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xM82Fj6.exe

MD5 dbfb0262a24b23a2fd76e9314d471456
SHA1 0e004d28cbc8262c5e4191ec3057fdf01b0dc640
SHA256 55bb6da3929b183cfbd1a9041fc131dd2904c369578daf1c028804088e585ecd
SHA512 778eba94cd03cbc736c4bac978503e265f1f5c957941ff2f8fe9d3d1cd3ddf8f5c680d3a925ca13513ddf29909e8434632bf065537dc32073f82190bac8e0554

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wr8330.exe

MD5 cc9f1dd855c2b910e1aaa709d99153c1
SHA1 a3d3854674ef5a09f9e42f36253d0512a7841af9
SHA256 520c810b1b754ee09c562eb88e354b369bc85f66cda3184aefad2f871251b79a
SHA512 55b54ba72ec70d7733d5fda90a0dd0fa613c732668ef3a1c3bbec88e4aa612bc2a780b42dcc1eade583e4b878cf0d5ad70154dd223689452b0a6305d7f1130e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

\??\pipe\LOCAL\crashpad_1840_LVARERHNPHXSHGER

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4532_QTMUQETHRIGTEPJC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_4384_HDXCPVTFKROILHZT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4276_ZTTXGYQGANZOZOMN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wr8330.exe

MD5 cc9f1dd855c2b910e1aaa709d99153c1
SHA1 a3d3854674ef5a09f9e42f36253d0512a7841af9
SHA256 520c810b1b754ee09c562eb88e354b369bc85f66cda3184aefad2f871251b79a
SHA512 55b54ba72ec70d7733d5fda90a0dd0fa613c732668ef3a1c3bbec88e4aa612bc2a780b42dcc1eade583e4b878cf0d5ad70154dd223689452b0a6305d7f1130e1

\??\pipe\LOCAL\crashpad_1356_LWSUGFJUYQHAOHBR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2a82aed50ab2517c7bca76a164f8a4d0
SHA1 52cb6c1e750a697f145e94444dcb3ed75abddc03
SHA256 f4823b15590114e0b8866a27d748294617c3a0c3355f980efd33269f7eba0515
SHA512 fd5bf6dd9f285bc343802394efce2467920879e7a3809151d93a93d58626f49dfad1bd23ef58298c0e9eae1f6c0387c5b010c8f828bfa8170ce4449ef1a01957

\??\pipe\LOCAL\crashpad_3284_VTTAMRIYGNEAACAF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2216_MAYECKDPUICVNSFV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ce03da38c30e9bbbc5e8d87b2138d7b9
SHA1 8c52aaa130770f1f828f35294a58da52e3fcf97a
SHA256 4a72624329a42eaa3a508ec3036c49b7f49c81e08dbd3ae3ba7f61dab1b8b15c
SHA512 3326f3f5e41e8d4314e27154a970ff7722a88f2aeee8f23f5e9de308702779ac283e274e73ea4849d6e0962b29957fbeeeea195beb11c9acedd53ba971b20ddb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fc888c20-19f2-4161-be0a-36a62b1e7f61.tmp

MD5 81142a9a466a5327312f4fab6377ba80
SHA1 bee29681641b8e15b729b6872277280de82058f5
SHA256 1856e7e97f179d9a8037dd4e4463a22c4d14948a1754e41c2e425e054d3d7cfe
SHA512 45fb6876068973790d6e2ea441ed561f51c6ba3d3d4e4c948ab09c904a8497dcb62c0dc2b57e5bc65a1e19812c4db362920f47f38cd9fffb73ee909434395866

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0dd3fe836142da1e0a0818c4703e0d5d
SHA1 e41595bfe560f0bb23653c3973d21ccf72f00b9c
SHA256 498f1fda2f2eab41a351c8d56360fa4477506af0c3ed046202dba9b848c5e499
SHA512 8ab34043451bd5d7f5534e28f2ca52ff2468c51148427dc04724c4e64972a7ae75d516804f4a5e7355c728107f610c4d043b9555731d7263f9ac1d95355a8388

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\065d41e4-356c-4c54-8e43-48e002443186.tmp

MD5 eea1a70956704ca0a25817968a484f80
SHA1 df8b64877365a836cf65124da6588657a4e5e8f4
SHA256 b67fa7132e4c4ce12b7b2b999415b2b64c99c02e5ad1ece21d6f8576027d6725
SHA512 183086f6ce4a3cc49466a91a0c397d535752f72d8079577069b712907ff8fdc13d047ed0b9ceffc06aa8eaf73a76e013f65f6741f95a6da9cd2bd1e75c8b1c12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4a9345de534fb7e5d3c2e350c9ae2e96
SHA1 cef8941daf736d530971dc3c78b286530a06e645
SHA256 bfb62d2aafaa19194a77ed2b9ada10afa091e4c45a64088963c09c4ae363c7cd
SHA512 c47e3d08d06ee780479715f11a2f2fa8d39811f97c6c86cecd6004187fa9a8918b0318d2142407fbc019ebc7f203e6653d72c4102dad8b21dcb400c439b26555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 eea1a70956704ca0a25817968a484f80
SHA1 df8b64877365a836cf65124da6588657a4e5e8f4
SHA256 b67fa7132e4c4ce12b7b2b999415b2b64c99c02e5ad1ece21d6f8576027d6725
SHA512 183086f6ce4a3cc49466a91a0c397d535752f72d8079577069b712907ff8fdc13d047ed0b9ceffc06aa8eaf73a76e013f65f6741f95a6da9cd2bd1e75c8b1c12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 81142a9a466a5327312f4fab6377ba80
SHA1 bee29681641b8e15b729b6872277280de82058f5
SHA256 1856e7e97f179d9a8037dd4e4463a22c4d14948a1754e41c2e425e054d3d7cfe
SHA512 45fb6876068973790d6e2ea441ed561f51c6ba3d3d4e4c948ab09c904a8497dcb62c0dc2b57e5bc65a1e19812c4db362920f47f38cd9fffb73ee909434395866

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4a9345de534fb7e5d3c2e350c9ae2e96
SHA1 cef8941daf736d530971dc3c78b286530a06e645
SHA256 bfb62d2aafaa19194a77ed2b9ada10afa091e4c45a64088963c09c4ae363c7cd
SHA512 c47e3d08d06ee780479715f11a2f2fa8d39811f97c6c86cecd6004187fa9a8918b0318d2142407fbc019ebc7f203e6653d72c4102dad8b21dcb400c439b26555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2a82aed50ab2517c7bca76a164f8a4d0
SHA1 52cb6c1e750a697f145e94444dcb3ed75abddc03
SHA256 f4823b15590114e0b8866a27d748294617c3a0c3355f980efd33269f7eba0515
SHA512 fd5bf6dd9f285bc343802394efce2467920879e7a3809151d93a93d58626f49dfad1bd23ef58298c0e9eae1f6c0387c5b010c8f828bfa8170ce4449ef1a01957

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ce03da38c30e9bbbc5e8d87b2138d7b9
SHA1 8c52aaa130770f1f828f35294a58da52e3fcf97a
SHA256 4a72624329a42eaa3a508ec3036c49b7f49c81e08dbd3ae3ba7f61dab1b8b15c
SHA512 3326f3f5e41e8d4314e27154a970ff7722a88f2aeee8f23f5e9de308702779ac283e274e73ea4849d6e0962b29957fbeeeea195beb11c9acedd53ba971b20ddb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5e870b4eba40d24310638fac594e3601
SHA1 af5f2cda82359447f5dd83d6b97810e69730bcd1
SHA256 4841c2c24e6f2078133093baaa96841baaf4524a8b8ca9b8e55c28ce4104d67c
SHA512 5f9a2cbaadc8eadd1bd888c2a4c503a21ee2fa3e6f755036168e1b65e1006702dd7bbe0b5c3e1ca913b67f77799aa272ecd979e36b1cc6f39cf6581cb1699fd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 81142a9a466a5327312f4fab6377ba80
SHA1 bee29681641b8e15b729b6872277280de82058f5
SHA256 1856e7e97f179d9a8037dd4e4463a22c4d14948a1754e41c2e425e054d3d7cfe
SHA512 45fb6876068973790d6e2ea441ed561f51c6ba3d3d4e4c948ab09c904a8497dcb62c0dc2b57e5bc65a1e19812c4db362920f47f38cd9fffb73ee909434395866

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bb65e45582724cbdbf9a1f51d9efa94b
SHA1 0d8e01f9ba38616a2432c3c7a93ace17f0746499
SHA256 d11eab65ea80e5711abba22a220a2606fce9db5c69977266b6d8ed06f0cfb8d5
SHA512 9d23bd27f8a9d2c7302ccf84833955de35ae50ba2c0c63cb3c0a777d5e739f4b71b4f7b50a28e69a4060fd5e61da6b4f1ae15713e68497d2f6ef97ce885e59b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0dd3fe836142da1e0a0818c4703e0d5d
SHA1 e41595bfe560f0bb23653c3973d21ccf72f00b9c
SHA256 498f1fda2f2eab41a351c8d56360fa4477506af0c3ed046202dba9b848c5e499
SHA512 8ab34043451bd5d7f5534e28f2ca52ff2468c51148427dc04724c4e64972a7ae75d516804f4a5e7355c728107f610c4d043b9555731d7263f9ac1d95355a8388

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ce03da38c30e9bbbc5e8d87b2138d7b9
SHA1 8c52aaa130770f1f828f35294a58da52e3fcf97a
SHA256 4a72624329a42eaa3a508ec3036c49b7f49c81e08dbd3ae3ba7f61dab1b8b15c
SHA512 3326f3f5e41e8d4314e27154a970ff7722a88f2aeee8f23f5e9de308702779ac283e274e73ea4849d6e0962b29957fbeeeea195beb11c9acedd53ba971b20ddb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bb65e45582724cbdbf9a1f51d9efa94b
SHA1 0d8e01f9ba38616a2432c3c7a93ace17f0746499
SHA256 d11eab65ea80e5711abba22a220a2606fce9db5c69977266b6d8ed06f0cfb8d5
SHA512 9d23bd27f8a9d2c7302ccf84833955de35ae50ba2c0c63cb3c0a777d5e739f4b71b4f7b50a28e69a4060fd5e61da6b4f1ae15713e68497d2f6ef97ce885e59b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bb65e45582724cbdbf9a1f51d9efa94b
SHA1 0d8e01f9ba38616a2432c3c7a93ace17f0746499
SHA256 d11eab65ea80e5711abba22a220a2606fce9db5c69977266b6d8ed06f0cfb8d5
SHA512 9d23bd27f8a9d2c7302ccf84833955de35ae50ba2c0c63cb3c0a777d5e739f4b71b4f7b50a28e69a4060fd5e61da6b4f1ae15713e68497d2f6ef97ce885e59b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5e870b4eba40d24310638fac594e3601
SHA1 af5f2cda82359447f5dd83d6b97810e69730bcd1
SHA256 4841c2c24e6f2078133093baaa96841baaf4524a8b8ca9b8e55c28ce4104d67c
SHA512 5f9a2cbaadc8eadd1bd888c2a4c503a21ee2fa3e6f755036168e1b65e1006702dd7bbe0b5c3e1ca913b67f77799aa272ecd979e36b1cc6f39cf6581cb1699fd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 70186386d062a95703946768dceea5ee
SHA1 be72e7bce72a58b4c2015c21f9fa93c2f27fd6f8
SHA256 cc720417573a7b2e795ad38c8cf235fe802a22c49b9572384380e85b8bce5c70
SHA512 6b269bf314cad2511a25afcab915d4b9e02794b8098524d8249f2e7fe7a057617cd2fefed328f245ca0f3650bfbe03da9aec1c8d6b53bb0c91d5227165cb9f0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5e870b4eba40d24310638fac594e3601
SHA1 af5f2cda82359447f5dd83d6b97810e69730bcd1
SHA256 4841c2c24e6f2078133093baaa96841baaf4524a8b8ca9b8e55c28ce4104d67c
SHA512 5f9a2cbaadc8eadd1bd888c2a4c503a21ee2fa3e6f755036168e1b65e1006702dd7bbe0b5c3e1ca913b67f77799aa272ecd979e36b1cc6f39cf6581cb1699fd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2a82aed50ab2517c7bca76a164f8a4d0
SHA1 52cb6c1e750a697f145e94444dcb3ed75abddc03
SHA256 f4823b15590114e0b8866a27d748294617c3a0c3355f980efd33269f7eba0515
SHA512 fd5bf6dd9f285bc343802394efce2467920879e7a3809151d93a93d58626f49dfad1bd23ef58298c0e9eae1f6c0387c5b010c8f828bfa8170ce4449ef1a01957

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_2808_IMTNBMIIZWCDEWXQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3cdf3eb9c5447e5cd18dd0e855c98f76
SHA1 b159d10b01ffc102b3a5ec3122b006fb7f722cf3
SHA256 8728000d799ea56e61653567fe615e30106b199bba087928b6591d83c0ae8483
SHA512 187c99c6d39a595360f5e0335173431e4048414e2555be0178e1b1a6560c845729a07749f673eb02cdd815e2128e65a515556e6bdb0da91b1acb4e1cd13cf3e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 97b7040ff5c34133b6a11f19ba97f6c0
SHA1 80270839eb51d5e5dd12137e65af73a434433219
SHA256 93e88ace626596c51929e615a80a5093c6613b1a6415080ba90bab8a645b6a5f
SHA512 71a0d6ae4b4cadb4a1d94562fa2a0967ba68875985f753893692af75bc6048a555596ba0cf4de71c2a79392dba4bb131870bb831ff9c104e3e6f8c6dd56d837c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 692583b44f4e15b53881d8b205a7d629
SHA1 ff6f63bfce147363d72785516b7cf5832e258c17
SHA256 3998ec2856994c7f16525243bd3fd5e291bc2e4f079936f2d3933c0332128cfd
SHA512 a825566061eb101df87c3a4edd72d8400003aabe03eed0a3583f4c031f800acfc947119d55b601ccea409fbd2f628b5bb1e4fbb5b33441081b240ff3c8c5c079

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 59754df54c4708e24a75a1fe3611ac47
SHA1 8c57529477e6656ad980c9ae5fb6119a87004aa9
SHA256 7c3c39f974a5b0d0d7ef0aac147ff79f487858351d9d52944271a427e4f33e6d
SHA512 fa4c9c2a5f30a0546d4ca3964cc2ca130eff890fe61691b0e52a2d22184f95bb3a3d427695bfd33b007f36fc2992bd26e553ea43c64f84dc0fdea4be574ce3ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d110f508a8bfa387d65f42630d52546c
SHA1 46194a7f2f2b6d181ad07a5e24961132dffa8fcb
SHA256 0cc895acdc25957d12d31c46c6bd826802af1cf5c4a3f1ed2ffd0a05a9384bd9
SHA512 0e91ba0b19f1b3364c1040e2b071a45c5881733e2ffbeb47a54639e6a6fe2234c5dba2ee6b688e80afcfefad2be534de5a70753c26adca5a84c96c729e216882

memory/8744-540-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8744-560-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8744-570-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8744-558-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 be6eb79b18e8a34fc871be6013a1193c
SHA1 227bb9c73d395be634e778249dee80474828346a
SHA256 c76d9752579c8981e5cb9bbd35340c9437f00666b04a8ffbfe3fd2f8676486fd
SHA512 bc8eadbf98ddad7df82aa77bf07d0d486155da814a8d2ab1cfc8e285e4d83edf5e877f1fdaf691634f35bd60a27cc26fb993e770306b12b2710344568ee6a42a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e05436aebb117e9919978ca32bbcefd9
SHA1 97b2af055317952ce42308ea69b82301320eb962
SHA256 cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f
SHA512 11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 02e06d372b0ae820b9fd7ad23cdf838e
SHA1 ab834394ef75a5416a41accbda591983d8d7f11c
SHA256 89ab3e31a97c9c17aa2b7cf64191d11c4df61224d4a6d7e8ccc2b7b83b4cf2a1
SHA512 a4a37549834b399a9f58d1b74a423a738749f3411b60d48820101a7e23ba034881ecba0e3c1ed36867981490837c1d70b163803a46e8e8508cfba92518074cd4

memory/8772-839-0x0000000000400000-0x000000000043C000-memory.dmp

memory/8772-850-0x0000000073D50000-0x0000000074500000-memory.dmp

memory/8772-853-0x0000000007C20000-0x00000000081C4000-memory.dmp

memory/8772-854-0x0000000007710000-0x00000000077A2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

memory/8772-896-0x0000000007990000-0x00000000079A0000-memory.dmp

memory/8772-897-0x00000000076A0000-0x00000000076AA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 66932e62c95ce549ed76d56caf3a1140
SHA1 8374359d2b624fbf1c202ed7b669c77ef7cb5ecf
SHA256 029a45d28a8991c6a2378d8ff87f840ccca34c142c7fb8933b635aeffc0607e6
SHA512 94c74ff98fec32a0faf97974302b5c5703406653de3b84ff1f755b6b6974a4c362d5185687a84fbed63a1023af73ab5c3443875a0da5546147070eb94a37fb4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57faea.TMP

MD5 fb4f2a6966e01b83bbd19346c218a280
SHA1 3d932d50f90211009e3d398cc7ad649fdf38fe4e
SHA256 7bea694566e109f8ea229484950f72e275bdc92276dd5cc6caaf5b8d326baa9a
SHA512 05d523e0ba9eff262fd2a91afebb33ba1167f7e11ebeca2c293634f3bd62b925b990ea7e5cc67ca89523e0c9611a9fcf73c96608c3e3cc06fd17ebd7b01c6176

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 22adb958986150b6418f71a05140a404
SHA1 9936a2ef2d6833939d7652422d3c772273dbf807
SHA256 5fe33e2c11a78a187e9a8f01d4ab6ec10690405f4a932ad262ff30eed6aa0be3
SHA512 41876d3cf51bc8c06077f17828741704f8a68e85c2391d332ea17634376b801d70745423312aad01f26630bd1ba8df18f40b987964628455a6d4711c16176a3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

memory/8772-954-0x00000000087F0000-0x0000000008E08000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

memory/8772-957-0x0000000007AB0000-0x0000000007BBA000-memory.dmp

memory/8772-958-0x0000000007910000-0x0000000007922000-memory.dmp

memory/8772-959-0x00000000079A0000-0x00000000079DC000-memory.dmp

memory/8772-960-0x0000000007940000-0x000000000798C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3d639bf9ba1779953fc2a1d903c2a981
SHA1 ad5113fd1fcba6427cff7788e45989c8da849378
SHA256 29b076c8f3d27258ae669cf145bb000bf810bf4a0d371669d04f995a8156879e
SHA512 8daefd5f2ee75a0835087129ff3ebcb5ec7a0ccf6a6589534054084e85b086b1e509319721dc55a210fbaaf362e126f0df35d5ae27af0bd31728c5e6002dfac8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580ba3.TMP

MD5 9f1fa3a921570a17aff7c59cbbbdc8ca
SHA1 c7f297cf4aa37efcc99def02de1bb13d3837fdc3
SHA256 6ccd61bafbd4dd2ba9e02f7db28b335934f09fcfd42b081e46bbe3f72adaadc2
SHA512 fe1066572404853c704fee50dd0b6a59d5ded875ca1e3d2bdb9412c2e25bbfd4f0534f85c99693d01a5cb386679d848e2870bf01229ef98212107f01cdb8709f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8747c83c-080d-42b4-91d9-015cc4d05892\index-dir\the-real-index~RFe580f7c.TMP

MD5 361c1c9e3124cdd6e5aea24a5e17bca4
SHA1 c69db2ca808ade47a78b75e544601fb482a4ee74
SHA256 e3be154dc8e543e49d34099eca37ac397eae0fd6c82b64b227210133dabe3788
SHA512 3c010e8cdb7e9a2c39ba688d72adccc4acf5cdee6eeca9f3b2c5a5aaa6bbd7381a454a699e4903e48e7b67fef6925a990f3367111d117e215f10759831bc50e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8747c83c-080d-42b4-91d9-015cc4d05892\index-dir\the-real-index

MD5 efc1f77396cf590efee162dabac948ce
SHA1 92ec77e615d0f072a33b8b6611e38fc6c598986c
SHA256 47d89c892b9a59ee640353092cf95e151b5b89a9d553335fd7435dcd36a905f4
SHA512 1b82095c7ad1aebb563cf3268ae4c3e71ffe9fc9404bf27579ed2d1bd2e508a3868db3ef045e48396631c2ccb0a20c51c9340a7df4cea7266518572d82b1627d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 445e635ae3f22b2a2d5797f71bc9b7e4
SHA1 bfb4ab86cba27ab0e43ca180af0aeaae7baaa594
SHA256 2dfbc2ebf87575d0ec403582beeda30f6a0c91fb65188498ce56ecd0037b4da8
SHA512 b3c0232a57da47e4d4ef19198ab47fe3ebeb4dcd678a57428c3113313a2632e3f04f99a05960afe5aed49aac13ef2105394a33320069c4dc5c4ba24b3f467395

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5cc3766f-e715-4dd9-8968-2978a899a136\index-dir\the-real-index

MD5 147ecf8372f1c885eb2e1da610db0dd7
SHA1 b9630a10ca6088ad8b7700fc2e215a9b729e970c
SHA256 ff8865569d66b1a6661cccd266a59f8c1f5f70f175fe2cc520f796882be97876
SHA512 91d25f3e53748778eca8fa1b6db6a5174109969b7b4d8d4b5cad5bab836d9ee33ba10c1e125ea779b8fefece8357f801465bab5eed34a11a54a7d4615b088ba6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5cc3766f-e715-4dd9-8968-2978a899a136\index-dir\the-real-index~RFe581e31.TMP

MD5 bdbf1fd42aef05859a16cdf1cc2a7bdb
SHA1 e06b053f158c72d3543164aa0e26d0f566a68ecf
SHA256 4d0ebefadc31e54a58fe099a3ae7d9a1794071ec8885e49ddfc96a7a7f13b558
SHA512 40dad9cbe3c8ff41edeb62972f78ad1b4194e17d0148f2be131afa0387276b0cddeb09015635bc0eab862406070d7714eb1220f10da2a43ad1b447886c14525e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 16446738bc53030698cf0a06f6542fe7
SHA1 1233e39fc253480749725dbbcc6b52e6042b6faf
SHA256 1f123ea06a69adfc3ef868bb3c114da49b2f9820dc9916c8f83d52f55961da75
SHA512 8ece75345e06ce5faa748629c5cafaa2f5e547fad6b0d6ce7f708ddf10fe9e00c1b7afbda0d05fb0d8fd85f117ff79e5703f524964ee07d789d375f4abeed909

memory/8772-1146-0x0000000073D50000-0x0000000074500000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\bbcbc8a9-e2f4-49eb-806b-fd4d818b052d\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 76a1d0f7d358bdf1f762089da72bd3c8
SHA1 98a6c129557c90f2515772951ff6a04288865741
SHA256 03a895ec283c556f2f000c5d2c2fcf07726ed159452008904ce6100b983f907b
SHA512 5860980c32bbbf4df7c7b26226f6354b910cd85ea023f87c8a7fa3611222d102612c7a7097342d5aa569f6bbd0bdbe3d82d77d844be7fdd59248f26bcb9eaf5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe5844e4.TMP

MD5 60d040640478d976400f5659ac28fca2
SHA1 a593fcc4c52145ea6d56f1cb4ffaf4b255249992
SHA256 2e8b013cd72180b6ca58b91bd02adc677d8e7d820ccc491b3d1c721385342710
SHA512 9aa3c226b1c6afd842f24259ef1ae4f101b6f23e7e353798d39090d152f6f43d515af5929bf12b8e46443e7eb84064654de05cbf92004572117c96860e877014

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c4bc51867ea50cf233415e7d88a2f2ce
SHA1 712d18d364f58b7104a55174482bae0d3fd73e10
SHA256 81875c7f58e9f3ab584c1fbd97ca54bbfa03b5af312cdab2eaaf3e4e9286b010
SHA512 6d5328ed71652fca187c841b5ad3d737956a87eecc5f5ed73f44ca850c2c600b5839f8f0a99ce19494f2aef51e74a79f8bbb1e599ebfd5b8b28fe037e99365d0

memory/8772-1314-0x0000000007990000-0x00000000079A0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 29960fff53002482268eb66738bf6a7c
SHA1 6031895b10297d6e3647aa19e464decb101d4760
SHA256 76418253ceb3ac9b69d6f6f001650c6be433bf0248aeaebb8b63c176e5946d44
SHA512 0eabe109fa1a63c7116fd056124a29cd86ae57334aa87f8e6d41e7ebb6ee55a472b02f852a87c2c4ed6729859f6e5685afe97782fd95d0360fe9a3a7bbb2e663

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5337d019e6aeaba5ccc9c9ba5ef85c05
SHA1 ae4abbdb760d3b9c165a21d7a0842dd1b191fa7f
SHA256 24ebe44fd2bbb1023d45134c95f71191a4a39f9da54962d91b6deeae9b679309
SHA512 8f62bb208d5f71f78f8ffc9bf4db3a5c1936fa11bd4d5ffdeecd16bc2d2552c0d064c0eaaae58f085a2953c975c5802974bb270c04c76a53d7df039a76836066

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d51e197befacf6023af74615e370cfd0
SHA1 33ef3624287529a6e2eafa48284d94abdc1a4eae
SHA256 621a407ee105ce2a20d169c3aa4ff4a27e24928724da58449aa6bd05112e3aac
SHA512 248837fc10505e31e93967f1b81412f675b01dd9ec2d63d1a869e6b1b99be5d9e8cc264c86259815e295eaa812545ad7028a177b9506ffd1bfe7ca97befbe3f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b0069e5a7e35888cf3428b0f740cca62
SHA1 7a0485bf9da70638594adc5e3972328cab71902b
SHA256 b0357b044f9fe30b5acc61a79ff04a81198e2b9d3937264d0ef8223c6761e6c2
SHA512 7b80bff57ad0c6b6681c0c12b3d716303c14bc2b0baefc6c0480fd714469a0694588bf6d763d33dfeacc15545b131beb08c6bf55e61c89f9e9d1c296652f65fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\947f22d2-b160-45b3-8df4-de8e8065b8f2\index-dir\the-real-index

MD5 f25f1f251f7e1515bbb89aa19b2ee750
SHA1 a1b2e5ebbdd7eddc432224820f654b2e64c9e05c
SHA256 22d0a46962daae8ae6df2a3a25845d3506741920e3e15107587a52199041a679
SHA512 942be91d72a4b2989139b1ecbdb22df33c7e34508ea6bba43dd8c832dd0b2ef834638870d1fb8261f93a3dcfb526ce440dc6bfceb78e66aaf84a504ee9f25a4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\947f22d2-b160-45b3-8df4-de8e8065b8f2\index-dir\the-real-index~RFe58970b.TMP

MD5 e199c9eaa8dae8085c79f8b892e8ef38
SHA1 ede0d4c12bb827977ccbdf61340ae402cdc9dbd1
SHA256 a95bfbc4ea116bffa3163e2b8847b1d5d200039e5b336607a00ba0b484246650
SHA512 2fc77e1d664951493438389e79a1dd45d5315fbe97801e651e64d42f18bd59a1f7ec3319415bbc84f5c5a0e57c07ab4c9e28f6ce7a77a8ef743dda2dc291ed26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 be4cd830ad85f6a3c3ed2d38083ee051
SHA1 94426357a3f4915381336cd02a9d88c6c8a37602
SHA256 f36e11ee9362904cf78d3c6054ea871428cbddd63b4d62456a3aed802a5ec42d
SHA512 05cc07e0b216ac826a23b3540fd05d99effeb6de4ce7eaa49718b69ffde9cfd9bfee8e9ab2b2c3577eb39b0500e48bc24507ed2dd748a36e29b7f2b5fabb8d1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cbd1e319ac1fe3f1bbce513575338554
SHA1 c35cb08f49255cf09065e6dc68998b7e83bafbc1
SHA256 f930fa41bb87659d2c49ba36751d5ff3f099344ae153692c3701d6c633a827d1
SHA512 6fbad36a1bdb99e39b5fc3c57c64f246684f5d411e005a44826485e0068365aebb368fcb50f8f56137cfa09af85e00177327a3d103900a99a214e357f72c523d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bb61f483a361d82879c104d37b2f30af
SHA1 5395bc7d30e0cc309b2f2237a9a8b332118c93f3
SHA256 f5a833127aabc657b0a09759694931e45763db97cabbaede9f00dec7adc53ee4
SHA512 5e69f099afe7e3c801cbe0166d55a33136b183470a5e6a44a9f04748923a23e19204c503b0c1dab4dbf5f98b919c05b98a454dff3616ba2085b2109e20556a39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4654691185b42e72cc18480e97c20cd6
SHA1 374f1ebb00c5b77ba2e273c251ff425ee71300e3
SHA256 30aa92d458c693272e296737c930f3940fdde53cedd5de4bbd6d1aa21db1172e
SHA512 5f94e616c0e6b0d79541fdbb7f75736f904d1e315d98b1a10db1393d3b557990657934a2656c0fa76dacf4ce3586c597aefcfc828a28c1d256d5eefd65cc1744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\bbcbc8a9-e2f4-49eb-806b-fd4d818b052d\index-dir\the-real-index~RFe591989.TMP

MD5 900284f3d6ffa12ad5ab785c8d7ebbbd
SHA1 061c4f912ef8aa5fba947876417b19941eb9f0cb
SHA256 b0e15f610381ddc6b2e9a5bfce15b0321e4045eda5b75e39e4dfbd3d9ba4e7dc
SHA512 1aff0c54a46c345f2bcf77b3656b90059375b8bcd163e9d83456fe6e4aeea59131fa21ac481e604b3e69438922c99b69389705664223987f7be3ed71c2ab2028

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 8f27a8cb0fbbe1f2579170005a414aaf
SHA1 ff2478e1e4dd30e4cc9b53b1d9f284dee6bf5a92
SHA256 10cf14f5e45082f8ccbc55287c428e88f912bcc533281b60a9805f7c50442ba0
SHA512 4d1b6726669bbd12d59b3e6f9d7f2e44082ceaf9a7a7508b0ce167aed984f60033892d89c72849bd880e81d3971fa369c2279022ac9eeb721e75350d6c84107c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\bbcbc8a9-e2f4-49eb-806b-fd4d818b052d\index-dir\the-real-index

MD5 a442e645c94171a453f62172807242d6
SHA1 f2e55144cca675ef4c6c55bca7680827e393a592
SHA256 7a9b6f35774f016d1ca599a2f347c4c624e8cea4b2b8ee18d0179184112ce52c
SHA512 3aa30ec147dd4d7c35c9063bae03f695389e1c6a336c697a396f4bd8c6cd5bbe9bc9838278b3b109f43a393f2fa09aa7f07d4f9ace257f8ab0c08fcc05bf701c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 53539ffa4579b4591da03e4bc72d3e78
SHA1 52a7fa854da30bc79bd15e844913cc3bdf3ead89
SHA256 6277dc1f7d64f5a1e2ab57f21f58567a6684a973740622f2c8618bf13845de25
SHA512 944588d3852a0e3ead698d8f7f559faa4e51223614ef7c654720cb69288e717a8aec3ada447224b0fec8a3bb97da702bfffbd49065a43af6e679719ddc3a7dab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d7002dc08dc70a9b775d05e9d594b4b6
SHA1 3ecd507f17e00838ecf81a26d1eb33efa6c6c8b6
SHA256 e833c13e8e267faf2c22e18ede6112261e705e1fbe520f346f7c4c34bd51cc24
SHA512 73b9ada15300ce20c8623ad7e8b8af3090a486ad9bc7e5921d31089e9a8410eec64fc372716202c41f024e1de18735e9c2aa654b10990046cc85c45661c0e98e