Malware Analysis Report

2024-12-08 01:14

Sample ID 231111-mnwfwsee97
Target NEAS.7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391.exe
SHA256 7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391

Threat Level: Known bad

The file NEAS.7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Detected potential entity reuse from brand paypal.

AutoIT Executable

Suspicious use of SetThreadContext

Program crash

Enumerates physical storage devices

Unsigned PE

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:37

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:37

Reported

2023-11-11 10:39

Platform

win10v2004-20231025-en

Max time kernel

149s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AK6QH53.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kB7gX59.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1368 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AK6QH53.exe
PID 1368 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AK6QH53.exe
PID 1368 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AK6QH53.exe
PID 2448 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AK6QH53.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kB7gX59.exe
PID 2448 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AK6QH53.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kB7gX59.exe
PID 2448 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AK6QH53.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kB7gX59.exe
PID 2260 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kB7gX59.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe
PID 2260 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kB7gX59.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe
PID 2260 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kB7gX59.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe
PID 2216 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3824 wrote to memory of 804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3824 wrote to memory of 804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4912 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4112 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4112 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 3068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 3068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AK6QH53.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AK6QH53.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kB7gX59.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kB7gX59.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff9e41846f8,0x7ff9e4184708,0x7ff9e4184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9e41846f8,0x7ff9e4184708,0x7ff9e4184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9e41846f8,0x7ff9e4184708,0x7ff9e4184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x160,0x170,0x7ff9e41846f8,0x7ff9e4184708,0x7ff9e4184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9e41846f8,0x7ff9e4184708,0x7ff9e4184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x88,0x16c,0x7ff9e41846f8,0x7ff9e4184708,0x7ff9e4184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x140,0x16c,0x7ff9e41846f8,0x7ff9e4184708,0x7ff9e4184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ff9e41846f8,0x7ff9e4184708,0x7ff9e4184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9e41846f8,0x7ff9e4184708,0x7ff9e4184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,2341829996024712983,18053826630051622328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,13849267622380279417,3255409407943975079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,13849267622380279417,3255409407943975079,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,18389805278733555993,11760750756295016492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18389805278733555993,11760750756295016492,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9543630454671923604,5936646984294447894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9543630454671923604,5936646984294447894,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,12953566497526211075,5060924849122821227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,12953566497526211075,5060924849122821227,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9e41846f8,0x7ff9e4184708,0x7ff9e4184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,2341829996024712983,18053826630051622328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4aN8xZ8.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4aN8xZ8.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1568,3555326199601378499,17557762024486181899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,4846199598802987993,14495925603438406856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7180 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7180 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Wf60rr.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Wf60rr.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 7180 -ip 7180

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6aE706.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6aE706.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,12893721744030019405,12444719524588426884,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7268 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 steamcommunity.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 104.244.42.129:443 twitter.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.paypal.com udp
US 3.224.228.139:443 www.epicgames.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 139.228.224.3.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 68.232.34.217:443 video.twimg.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.133:443 t.co tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.163:80 apps.identrust.com tcp
NL 23.72.252.163:80 apps.identrust.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 facebook.com udp
NL 157.240.201.35:443 facebook.com tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 fbcdn.net udp
US 104.21.53.57:80 killredls.pw tcp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 fbsbx.com udp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
NL 23.222.49.98:443 api.steampowered.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
US 104.21.53.57:80 killredls.pw tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AK6QH53.exe

MD5 1a467bd24fa9f0b1cfa4b09a307e94f0
SHA1 b70c74658a76076ac848010797cf763014649f29
SHA256 736ff56eadeca8ef55285e2a219a684d2b147a8a1ee49871a2b1c151d731a492
SHA512 74a9d69a4d20f77894fc67add81f2f56837194681de506026ec85eee0e486fe8725053d2ef08efa2f49dbfb6f74d887391fea855b940480637fec90c2b0494ed

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AK6QH53.exe

MD5 1a467bd24fa9f0b1cfa4b09a307e94f0
SHA1 b70c74658a76076ac848010797cf763014649f29
SHA256 736ff56eadeca8ef55285e2a219a684d2b147a8a1ee49871a2b1c151d731a492
SHA512 74a9d69a4d20f77894fc67add81f2f56837194681de506026ec85eee0e486fe8725053d2ef08efa2f49dbfb6f74d887391fea855b940480637fec90c2b0494ed

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kB7gX59.exe

MD5 606a39af080049b9e1aa01d9ce0c6122
SHA1 7bb2ab27aea4ed2d2c5617a4e676ab41db7b2178
SHA256 c562ee8cf76a60d17dd14b17deac712111b0f64052133bdb029bfdeb0ce6e736
SHA512 51775fab6beaa498a432a893b409b0cabab09275aef666d8958ff24b918760dd409b8803195404c2dbbdbb1077f0ff0854005a65bdd5c97e4129edf9009d668a

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kB7gX59.exe

MD5 606a39af080049b9e1aa01d9ce0c6122
SHA1 7bb2ab27aea4ed2d2c5617a4e676ab41db7b2178
SHA256 c562ee8cf76a60d17dd14b17deac712111b0f64052133bdb029bfdeb0ce6e736
SHA512 51775fab6beaa498a432a893b409b0cabab09275aef666d8958ff24b918760dd409b8803195404c2dbbdbb1077f0ff0854005a65bdd5c97e4129edf9009d668a

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe

MD5 3061dde645ca42bdf80f91aecdded43e
SHA1 5351ded22af027d3c4291bbe10cae35c2fd3a3ec
SHA256 12c9107af2fef14534f4476d0b83c84e093e2b6ec8fbb43cc5a5d79f11acc4df
SHA512 4f3f40c787db1454271f22a48586ababd3a36a239b5f0e75b9f3b38345d651dd0337fd7713de375f55577ee3a8b073ab44292a704161ff85f8a52e6b19e37dc4

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3oR174sV.exe

MD5 3061dde645ca42bdf80f91aecdded43e
SHA1 5351ded22af027d3c4291bbe10cae35c2fd3a3ec
SHA256 12c9107af2fef14534f4476d0b83c84e093e2b6ec8fbb43cc5a5d79f11acc4df
SHA512 4f3f40c787db1454271f22a48586ababd3a36a239b5f0e75b9f3b38345d651dd0337fd7713de375f55577ee3a8b073ab44292a704161ff85f8a52e6b19e37dc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_3804_LHHHAIQDNKVAWLLT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3420_SLTRPRTUOPGHOWHJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1540_KQZPEMBAZRHRFYPF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4912_KXMCPZBGMIOLBHLC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_3824_JMAIVUFJZSCMPDOC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_4116_AQGGBMVUPVONRNCR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\60d3d0a6-4b4e-472b-9bee-439f71d19982.tmp

MD5 70778a56e669c9ddf5592659c5a9d371
SHA1 c33e3246896c18645ad627a8a389b3d8352afae1
SHA256 e1b994cfd15eb300e81b9fe528e0921c78a9d61d1603bd136fbd408387c57b2d
SHA512 1fc1c9c8beb69dff5990c4f80211a74898650c380a84d5aab0e7ca9d62ae0a5f72905e65351dd1b5d79052ac67aca06c99f141d446f8d7519af07c4736ef7946

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 388efc2b4c722f2b590e0ad41202ec7c
SHA1 ab12911cb8fa85f29637399a40668b064bfb7dc1
SHA256 e4af39d031f858f9d07a0c6bff3e886c05abb812f06ebef97787b6e53dfeb9c6
SHA512 2cd93be4879bbec8692ae57fec5a32a641cd9d405176a8742da1911b7be8de009e6d51b22d443e113fec1878b582165ce291f1c5e8402c5ec8c2632f3e434a0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 388efc2b4c722f2b590e0ad41202ec7c
SHA1 ab12911cb8fa85f29637399a40668b064bfb7dc1
SHA256 e4af39d031f858f9d07a0c6bff3e886c05abb812f06ebef97787b6e53dfeb9c6
SHA512 2cd93be4879bbec8692ae57fec5a32a641cd9d405176a8742da1911b7be8de009e6d51b22d443e113fec1878b582165ce291f1c5e8402c5ec8c2632f3e434a0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 70778a56e669c9ddf5592659c5a9d371
SHA1 c33e3246896c18645ad627a8a389b3d8352afae1
SHA256 e1b994cfd15eb300e81b9fe528e0921c78a9d61d1603bd136fbd408387c57b2d
SHA512 1fc1c9c8beb69dff5990c4f80211a74898650c380a84d5aab0e7ca9d62ae0a5f72905e65351dd1b5d79052ac67aca06c99f141d446f8d7519af07c4736ef7946

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 189d0bae38bf7aa2e3d3a704cc629ca7
SHA1 918531bbceedfcadff54bc5b6b7be4bf083826f1
SHA256 e3d61821cff8b4dad033bbcdf6fd053df343ee113dd74e87cb1953c3395b35f4
SHA512 afd356956ca4bea28984c101ed40618c7bba28199b6a4f2b326e8d00cf54d5cc98fc37084fb81365cba6ac31dc1a18fab0512f79fca428974e0110aaecd4c266

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 189d0bae38bf7aa2e3d3a704cc629ca7
SHA1 918531bbceedfcadff54bc5b6b7be4bf083826f1
SHA256 e3d61821cff8b4dad033bbcdf6fd053df343ee113dd74e87cb1953c3395b35f4
SHA512 afd356956ca4bea28984c101ed40618c7bba28199b6a4f2b326e8d00cf54d5cc98fc37084fb81365cba6ac31dc1a18fab0512f79fca428974e0110aaecd4c266

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f2809ccbe667ba6e319d2b8c9363ff94
SHA1 2777dabd420acb5559f7b89b05555948659903b0
SHA256 7bc9ca2eca5e2d912d0718d8a5639d75ad2148a3f5fa2d2725111125a6736e38
SHA512 88866c481ac05ae81ca4835e04f1632524e8ca2377c151f818e2211d6c9278ad9d7a84460ab79b13c6e5a0407b8fc0e5744dbf7e155607e5e903c702d683e025

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d682f4d1-2ae2-4523-88b4-c5c453d31a57.tmp

MD5 2bad62cddaa1eec656380b8663f3bda3
SHA1 bc3250b2e8a3cd573ce77496bb5e6b67a458c5de
SHA256 91e0bbe23cbedb0ad3c04fb49e8a0919d6075a0c69cb4a4132cdf496accd0596
SHA512 9dabe20111a526efe3eeb69312f96bd11f90054aa19560c203c2b944fb275bc08f51ab79c7f18add04957d9357e2aed496db7afebff7ed6efe2c82e60794516f

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4aN8xZ8.exe

MD5 8aac4d41ead6423b9a11a054b0281f82
SHA1 d54dae895b314fcd3be9533858f407abd9569333
SHA256 5a604e6252c8f88e69257f8687d8d2c10a9489268d518436e8b52e0217d990b1
SHA512 3ad44c25a80e3164435e82732f40419c95edbabbe8d59aa6ac37bbbf8e71575be78a2cb1a62d84004101e0b93941608bc1673e4607b88beb1fc7f231aa4ffc96

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4aN8xZ8.exe

MD5 8aac4d41ead6423b9a11a054b0281f82
SHA1 d54dae895b314fcd3be9533858f407abd9569333
SHA256 5a604e6252c8f88e69257f8687d8d2c10a9489268d518436e8b52e0217d990b1
SHA512 3ad44c25a80e3164435e82732f40419c95edbabbe8d59aa6ac37bbbf8e71575be78a2cb1a62d84004101e0b93941608bc1673e4607b88beb1fc7f231aa4ffc96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f8146a6d87db3b3068ca25e853561323
SHA1 ae6112a510399ff7d8a623a6e12713721c913862
SHA256 69e777dadd3e4004f43377c123a001a5e1df0899354246e4fa75b7dfcdc68088
SHA512 480520186f2bb24ebaa996c7bd16c8602e17f759aee3b4348aec2a4da427211ea46acabde4f5b64b7fc6253f234ec7b2c20fba5ec7ecf44fb9610a886829cedf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2bad62cddaa1eec656380b8663f3bda3
SHA1 bc3250b2e8a3cd573ce77496bb5e6b67a458c5de
SHA256 91e0bbe23cbedb0ad3c04fb49e8a0919d6075a0c69cb4a4132cdf496accd0596
SHA512 9dabe20111a526efe3eeb69312f96bd11f90054aa19560c203c2b944fb275bc08f51ab79c7f18add04957d9357e2aed496db7afebff7ed6efe2c82e60794516f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f8146a6d87db3b3068ca25e853561323
SHA1 ae6112a510399ff7d8a623a6e12713721c913862
SHA256 69e777dadd3e4004f43377c123a001a5e1df0899354246e4fa75b7dfcdc68088
SHA512 480520186f2bb24ebaa996c7bd16c8602e17f759aee3b4348aec2a4da427211ea46acabde4f5b64b7fc6253f234ec7b2c20fba5ec7ecf44fb9610a886829cedf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17a8415a2e6513e9bbd436b86c1a488b
SHA1 85877d7b9bf28d89f3ff3e2fa6d6ab112a10dfc4
SHA256 387a994fde5d010841dc147ffba659ed0082586777fd1707cce7eb83ffaf01a5
SHA512 8b0899c279d4d398b538880ebcad36c44e216924a2fae1a34e37db11e4f63b56f40ee527fc6c70db512c58f4bd91aa55dc0ebeed0d8002ee6dfc01645bcd852e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3e896e3e-9150-4a57-b2c2-6b266aef7eaf.tmp

MD5 f2809ccbe667ba6e319d2b8c9363ff94
SHA1 2777dabd420acb5559f7b89b05555948659903b0
SHA256 7bc9ca2eca5e2d912d0718d8a5639d75ad2148a3f5fa2d2725111125a6736e38
SHA512 88866c481ac05ae81ca4835e04f1632524e8ca2377c151f818e2211d6c9278ad9d7a84460ab79b13c6e5a0407b8fc0e5744dbf7e155607e5e903c702d683e025

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17a8415a2e6513e9bbd436b86c1a488b
SHA1 85877d7b9bf28d89f3ff3e2fa6d6ab112a10dfc4
SHA256 387a994fde5d010841dc147ffba659ed0082586777fd1707cce7eb83ffaf01a5
SHA512 8b0899c279d4d398b538880ebcad36c44e216924a2fae1a34e37db11e4f63b56f40ee527fc6c70db512c58f4bd91aa55dc0ebeed0d8002ee6dfc01645bcd852e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f2809ccbe667ba6e319d2b8c9363ff94
SHA1 2777dabd420acb5559f7b89b05555948659903b0
SHA256 7bc9ca2eca5e2d912d0718d8a5639d75ad2148a3f5fa2d2725111125a6736e38
SHA512 88866c481ac05ae81ca4835e04f1632524e8ca2377c151f818e2211d6c9278ad9d7a84460ab79b13c6e5a0407b8fc0e5744dbf7e155607e5e903c702d683e025

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 388efc2b4c722f2b590e0ad41202ec7c
SHA1 ab12911cb8fa85f29637399a40668b064bfb7dc1
SHA256 e4af39d031f858f9d07a0c6bff3e886c05abb812f06ebef97787b6e53dfeb9c6
SHA512 2cd93be4879bbec8692ae57fec5a32a641cd9d405176a8742da1911b7be8de009e6d51b22d443e113fec1878b582165ce291f1c5e8402c5ec8c2632f3e434a0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 70778a56e669c9ddf5592659c5a9d371
SHA1 c33e3246896c18645ad627a8a389b3d8352afae1
SHA256 e1b994cfd15eb300e81b9fe528e0921c78a9d61d1603bd136fbd408387c57b2d
SHA512 1fc1c9c8beb69dff5990c4f80211a74898650c380a84d5aab0e7ca9d62ae0a5f72905e65351dd1b5d79052ac67aca06c99f141d446f8d7519af07c4736ef7946

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2bad62cddaa1eec656380b8663f3bda3
SHA1 bc3250b2e8a3cd573ce77496bb5e6b67a458c5de
SHA256 91e0bbe23cbedb0ad3c04fb49e8a0919d6075a0c69cb4a4132cdf496accd0596
SHA512 9dabe20111a526efe3eeb69312f96bd11f90054aa19560c203c2b944fb275bc08f51ab79c7f18add04957d9357e2aed496db7afebff7ed6efe2c82e60794516f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8a0f409ffdc891f88d78c5537088a20f
SHA1 3a36b2afc60b30481bbc05b5e413f63c7ebffd24
SHA256 44314a3f69fc7f35199b365d8864aa79ee0cebd39952561411aea02e414fb012
SHA512 b7650a852e7c713ba413aa75ec628817dfc935636f2224d55cba6d4bfa0bbd37be6cb3bc47b952921e536c7f5b4aa0747ad8882ecaecd398cc88a3fb1aafe4cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 189d0bae38bf7aa2e3d3a704cc629ca7
SHA1 918531bbceedfcadff54bc5b6b7be4bf083826f1
SHA256 e3d61821cff8b4dad033bbcdf6fd053df343ee113dd74e87cb1953c3395b35f4
SHA512 afd356956ca4bea28984c101ed40618c7bba28199b6a4f2b326e8d00cf54d5cc98fc37084fb81365cba6ac31dc1a18fab0512f79fca428974e0110aaecd4c266

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c1629a780ba4d329bb8ea3a9158c81e1
SHA1 897d80f97029974b2d72dae5c84b33f356098dc9
SHA256 9d7b3bf3e3aba6d96ab02bd4b86d017b68028c1dbf0594c690063206d248851d
SHA512 96d105e6c26b7628e814d48f4f17983bad3ad3a61e59110ae071409d4416aa27580671bf0a3a7b4ad406a0ae91241680693d3219bbc3c6dc40e158e514004eec

memory/7180-316-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7180-317-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7180-319-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7180-321-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8b41496185f8e37e5318a6eb678e9981
SHA1 96c7513b377ccd00d8c1d1d5fc5d4270a31f9434
SHA256 649b9a5a92ccb8fcb4dfa94526fc4fa1749b48a324a27b6f6ae18d1e81a9614c
SHA512 645f3a9421e0befd2a757f1920839c9ac9c160f5d31531fa017c54a32947f90519e0a116015796cd64f9f28fbd3ffeebc7790cd713de7b7817181074251b28e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e2565e589c9c038c551766400aefc665
SHA1 77893bb0d295c2737e31a3f539572367c946ab27
SHA256 172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80
SHA512 5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/7252-384-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7252-389-0x0000000074AE0000-0x0000000075290000-memory.dmp

memory/7252-390-0x0000000007D60000-0x0000000008304000-memory.dmp

memory/7252-391-0x00000000077B0000-0x0000000007842000-memory.dmp

memory/7252-394-0x0000000007A20000-0x0000000007A30000-memory.dmp

memory/7252-397-0x0000000007960000-0x000000000796A000-memory.dmp

memory/7252-398-0x0000000008930000-0x0000000008F48000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1af3c93153cc5b24c5b35fc7325f1d8c
SHA1 4defd27c47d7c75a260bda16c8a353c67a88a3ac
SHA256 821c284202556afd329ea0fc477954321c7430cffb9ef9af9747d650cd28cebe
SHA512 2be4595b8ca43ec97242cc77bfc2c4928fff0cc6c249eca69e740120dd1428830eae3ce2196fb8ada598a61725ea40256560d488f9d148d07ad49bd253b5eaeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e2d2ec9e2ba0c6811a3b1f33091ed498
SHA1 7e17131c6956c2b2a72ab1d0cd2f406b5b15b4da
SHA256 b0028631158ea2acfb0ebc2851505afe6242ef9c7f41b1b40399a4f1d6565f86
SHA512 8488a139ab3d59aa2b431a719dab67f29fbda3ecaf720b3a70a30171e3e60496432f2cd1d66d8875d3b818fc2448075df6e2b3e156f0d119df9699b8870b4daa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 185f298426736f14d5dff9d030837299
SHA1 c02363657c0a13511a621989cc9c91176b4129e9
SHA256 50a7837d28415b5cdb35c6071d6eaf5a567db6f66331a62be457ad3846571015
SHA512 3b10e994ad959971de48b82335f82e6eb61bc6c4330c037449f15db9876fbdbf80807c9accb10880a0856549c97a779ec49f82f44f7d5e1bc40978a137d35430

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fd3c.TMP

MD5 efbb64ef0ad0da3948afd82a13508a03
SHA1 164fd0d456464c0bde9023b76841b6d277da7e5e
SHA256 8dcd084bcc0e0f476794ba85dbf35b8bc28142d95b7a3c85e9a560ed0815f5e4
SHA512 ed1abaa71d9baec018790e32f96e53a27da5b3a6a023af4b22d413924b077a89e4d08b1d572928a3ec1f2e7ee160953079a9ff0c1be61e38964696c039e28296

memory/1896-480-0x0000000000400000-0x0000000000488000-memory.dmp

memory/1896-481-0x0000000000400000-0x0000000000488000-memory.dmp

memory/1896-486-0x0000000000400000-0x0000000000488000-memory.dmp

memory/1896-491-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7252-511-0x0000000007B40000-0x0000000007C4A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8510c4d23cf3b2f2cd8ce8d1f9579682
SHA1 59a1ea2268c328f76ac2645f01c3bea885cf3254
SHA256 6aa40768ea4b9ed9296d59852ccc3ddf3bcf205fa7275756fc6e17837c9c154d
SHA512 d66d7c3cefaa4d3812d5c55556c99cf5dc42a82817474bfe027e6978f463066cf2fba0ee3ef573404bbe9ddbcceac05f8a671771aa4adc4ab3f64db0c7617dfc

memory/7252-518-0x0000000074AE0000-0x0000000075290000-memory.dmp

memory/7252-527-0x0000000007A20000-0x0000000007A30000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

memory/7252-535-0x0000000007A50000-0x0000000007A62000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/7252-566-0x0000000008410000-0x000000000844C000-memory.dmp

memory/7252-589-0x0000000008450000-0x000000000849C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b6304ce6f7f9ac181ee857696d1b12ce
SHA1 50f8585cbce5a52ce3a2152ef756cc0ca8e46414
SHA256 76dcc0d47ecb9d8791c48c604a267fc875b01e272de47422ce5c0bfbca91da6a
SHA512 52cc46b8952815c349850d8e76815b41db2893aaa6ffb121f3c8c74d216361f638d9baf9a91ca7d6b4e35fe1f3e1ba542b03db507469fbc005c76ccac891c325

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 6858bf6562a1802c45872d00ad6116dd
SHA1 5a16d335c0b2abdadccd6913c77d6991d533997f
SHA256 717c7d1805a4f9d813842ea724fab9ee4a2cf4b9fc19ce377d79a0c72b9bc9f7
SHA512 6aaadef8bd4b8c6267c85f4b190e9599a1227dff9e09ac782049a4d5932afa36fe8b4ae2025f5fc06274afebbb692ef2b03a4d5ec86fcf5520abdf4e5a1ae02f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe583c58.TMP

MD5 43fb71118018e44880f64cee025b7594
SHA1 8131032a6824df83300ab4c6055d85533856c640
SHA256 3ac2cb6fc7754e81b94884274c47f602be29bd3f78fd8b93a7095c14d6f8be43
SHA512 e6d3ae7807f1d387e4aded03b2d87a1909ad2651d23244df1d5292e415afedd54cc76a02527b3051477dda8dedd26d74e68648e1d2467b86380cbb21cf0c0d01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1fb2664a-053c-400c-84d6-7219dfda040d\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 46ef98b97776116a43357ebb7c1df4a4
SHA1 0a4daf295a366186b39d07277535280ce79aa898
SHA256 415159cd0a78610680d3c81dde068dc7af5f999d146c0493b163f5d871ab2ffc
SHA512 20bd10148548dba43c8a0fabf7f28eb3a5dc77c0d4ad3bcf94a1818846d8cb1ab52d22ae3cbe29aad7ddc95b806aa85078d8fa8de163ae3f15ba193c26dbd36c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 433f7b165004c1385bd1d8d8419e8daa
SHA1 2bbe3848f228516ab84c0fd9009fe9d076164398
SHA256 b0c0a66f5d0d3b4263bc882e8131788e413bb2810a75417f4615eef6194443ed
SHA512 9d6e550d876f2f070add25fe011ccea2fe11ca60012bfe8de8cb9b79bfecbd0412cf81beb187d4f0794db47c0c996581c25439b61b2944f90d859848910a7fab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 25127a94cf24915900a98b8f521d0d0a
SHA1 94b9d5fe4f92ca8b04ef744397fdd2d6fcdd523e
SHA256 77a0287d4c1eeba2ae946cecdf6ec6b2197221196c91c5347ab4c0e0e2b1f598
SHA512 3bfc2fe161afa3cecf63ed0159aebc37805a2e06a74a0a9dd9fe4c1a2e4fbff730df328d95a29e4887df2341f6e5d83fff43d706b0c7ec85b06b054bf852cf4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bc02962e0d3f590de5481550b51d7bb0
SHA1 a649b4972c15a402b96c405241b9913d95913e66
SHA256 15dd6b79b5b4d1ab91bb07802757e864bdad04eeba9bf30e75df0fd4ca2f017f
SHA512 53cb4cebed895d8c429de93282d01853a4a984faee578a1ff894fa97064f443cabdeb2410fff2b09374e6eea37edb14c8a5737dad514f3e99cebd0a307a64438

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ac36e4263542e8e2b219650319fea825
SHA1 a953d867fc403c7eb590a9974b2a575a4ebb1492
SHA256 2f2e61f9525e44bac669ff02190e611f42d6f4b6594136c7365c5a3b7f55d22f
SHA512 45953e66e36718378e45918350315b1b956df19841d6459eb070f860a31649fba73f41b215f500f928ffc500023856ba6f1fca9a747349e8b3537550026b3b3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 352c1f0a57cae48b2472a20a6c381ce6
SHA1 2beb10ff16bc6d3b0a117e67025c864b291e9ede
SHA256 5a285bb968547f7a5d09edb77cb6be605183b643728adda3b26dac7143bac471
SHA512 7d5549bee190fd46fd33e251f125a18b214b21217ecc41769cfbbc5de83016ad15ee48147adc90ab829356dec8eca2cf36daf465a3f97501058a53f4e16578c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1f0b1f339e812b78424072f99ad50705
SHA1 628bd83b57f7cb48a1e0d385b51c991567bb29aa
SHA256 101674e3ab03a2793de74949b1760198ff0b63cd6763b9e185500ac007b4469b
SHA512 29ea80082cdeb4ea63b9a959419aeab6245d42e66ca13d5ffa47e0cf3a6fefe02f79b6a55689caa52d7c85f1dce34b09fe125fa310d2dcb639736417422370d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\6c74567e-9b79-4407-b0d0-3400c034d0e8\index-dir\the-real-index

MD5 637f7ff01943a878c7569909888b82d1
SHA1 075794d20d990dc725c1948a6614ca64c857c63d
SHA256 b29699defdbf4bc3b9c82bb960900c925d04b8bb732faad14244b0457adbde9d
SHA512 a8f9a51497950ecfd5b2040490fe74dbfb931928f9fb286e18444d3d284e6e529df26f11285179454d3b83039cfccb02e33c8e7b4a5ac0d7b8504f9954236aa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\6c74567e-9b79-4407-b0d0-3400c034d0e8\index-dir\the-real-index~RFe5891ea.TMP

MD5 e72a6a9388176b889ff41f92ee4ddec3
SHA1 e686cd415e048480fa8042cd3233de13549020b8
SHA256 ce4906c975b070e7d29a3e3d06057dec0ddeeadce2265b3f15e4b2c94fab0c74
SHA512 61eb8ae5b69b17f451073f8ff290d04f09da6c8ef7160097ba0ac6b5d7de0cfdd8036c082ac55539fa5a7c30974f27243626f7edc055b3351b2877d2280fa146

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6171372db2bb653a06c5b8b22640d6c0
SHA1 24b1def52d7e6b5a7d8193c7654c6bbf93776ac0
SHA256 891377a0c8f83013e5460f71ab488e2d6d85a7beaf77d6aceb243675f93a23ca
SHA512 a53014c0bf20cf4b3f28b4282a44fb61e58da7f86ba88965f48a5416a13b9f2af67257bc864f593a8f6c6af7aee8d09b83f7e3054f006afa5c20b41b6999474b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58be4a.TMP

MD5 640f9111295b40a55f25b9c64b5d373a
SHA1 625f44e5dbe0f4d6c8b0912e9eba8315a52d2973
SHA256 cfcab4ba39a9fcf72a155fca39e20be1cd0dbe46171a45358b795c2a406cc919
SHA512 99f2d8886d56db50c52bae86eb88018c4c81cf67ef73c9e4ee37ea9c221e9c7296192812d470b3dfef3e11fdfcd21d609d7c73186e51ff4bd0af63464f00312b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3a250320306c9f7281c96165a82b9cab
SHA1 16cc5c07b1e9b1ddc78c86c01ec59782d5f756fe
SHA256 2b36ae6b2be72bd17866345c29ac123bdd64abb9d0dea50d79c57b1a5d4f4152
SHA512 42c60242ebc46d76d257ab1361ea7ba05887cf802d332476e6e27c3c23fe1b6abccfff15c1e37da85300772c9e980bb0962d069740f12c5cb7b27818bc5b6190

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1de733ec457903e2dee20df1745bc9e8
SHA1 2533e87b65448d273b14620e0dd342b38b5d6e25
SHA256 cc6249a005fc59ecf80915e1ed0489e83ba56b15e1f3c15496b5e7af95ebeb4d
SHA512 fdf618dc0bda7603afd88ccd5f17c7cdf39523fdc60189cb5d4f4d3508addbf873f4f3e2f35cc60972dec0805a2eb54757fc24f79bd13eabe5322dbbecf82de3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\15407d4b-9561-41ca-a50f-666edc4573e8\index-dir\the-real-index~RFe58c994.TMP

MD5 8e83bf6ca8797544d514d0887c059f7e
SHA1 6fc435bab824af51055bee157ed66b67907f0ce8
SHA256 fff86b96c72720084c07fb174bf51151041d6d07a515efd8b942f3429d0bbcdb
SHA512 f549f02a9946aa09d094d04c9f69b3549cf7e37758fcb506598816a1c67963bdbc528a6d8e73f72a50bde5906ff46e060f09d6b913fab4f647bfaf798c0de2e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\15407d4b-9561-41ca-a50f-666edc4573e8\index-dir\the-real-index

MD5 60f4b3c390f86a5063e45e76aeb92eba
SHA1 aeaa6e709d4a4c43873a9a40ae03db9ff2d47d24
SHA256 1e01c5d0b6806ec2ea47dcbded6f6a9a30b91dca2a5f4b9cf4626c02984a3261
SHA512 222e737d794e5e3a1d9e5bdd28c28524fdcb1f0fef8ff79b46d6ffe29c19db8f721da3084efdd2ff82deaab19a8d5dbfb32b2d2181d92b92637663129e1b1621

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a6ff7e25bd5c05fa667c9d7d3545afd2
SHA1 245824fa64becbc681854f6e6f6c3d0595d9039f
SHA256 7c75832e5f004626fe82b7dd633f291949d6a82844618bb4b64aa8d3f204bbac
SHA512 377389cc187789ec0185f83009c553789943e9312fa10027b4293dadb4c7ac27202b0366072994194fa2f05eabf2f127a197f29d5ee98652424a2c04e9027b07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1bb0afa045b68aca947d8059090559d4
SHA1 c61d34e6758cd74db093ff145926ab7ebd92e7ed
SHA256 111535c44b48b558cd69482946ad4b19390164ad1e2db3f92f3d69f2262fb3d2
SHA512 424f4f633ae4a9f398b562dadd6c8722ab5b2dcda03ee26b11e5d10c965ae7a1506252f6b376663650ef8b6e169bcb1bb5b2016d959d6bf156993905964d439d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f1c0595bf6a49ea2e770f4ca82d9caec
SHA1 0b9c63a2a9b2b4801323d6ac5b0e0006a52f686c
SHA256 77067931080982b0c4a84267f09aa35fc5a7ee0de2bcb26ea16d425ff97ec360
SHA512 eb87e47a02dd8f9eae57febb48ce3f62151c3fd6c604bde847e5e2a9c29beadc8e3655464338b98650a21226ec330de5cc011a268f0b1815932a88fd18098aa7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c99de0ba5c0bfd84540e2d8d288d7827
SHA1 376f9ce363be731cd400ea2bf52e92b5e6f1edcd
SHA256 3c63ebad1ff59c4eb81a435d37f9cbab092ddf7638b1a144b3687c17d3366974
SHA512 2a82a4c10f4052d37d5200cffd7ff62370b768ac5d3bb60d3e1534e4c3444193435789565037f8d60d35a02cd5744e3b2b0dabb08881f1c7e1036509e3b7ca92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 304a359ed2300e175b0988df2130e868
SHA1 e754e54b51725e59aa908ef22b66ef5200ee129c
SHA256 2ef4270fbcc2d342dea6547df654315564084e31c89f9b0fdb1b992532b6d0df
SHA512 abc3914aec1989bf8023996cc988fe7ac7ee91576103c1e59a5921841e504e905b08ea6982b4ddb5dcb7286e63d6e301cb4bbfee69b8a9ddb7fbb1151e0d5b91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0a9442e4c4d19f62beff69c60bb61569
SHA1 10cc281e42cd1c906dc3cc949f52df8b6447f5bd
SHA256 c7f4ba3d95cfeaef5fe7e32ca106b8b01887cb287f23a2b2cb651069ad7dc2b8
SHA512 76fc312d246b1e10ccf83d7b33e1b380051e1f98725558b2d3f027dd36b141efdf562a27e60e1f35180506264e503f909c0fd9f460400c7a242e2df780589a98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 973b8437603ebe115d083290d0bae1c3
SHA1 cf8aa9275e2dbcc3eda6817ca6131b0fd7915149
SHA256 70ab50d1d4ec1510594367940a5f430fa4bc8c86ad5ed5807cb32e46830002b5
SHA512 f0189d072ca9f148924bb519dd9ed7956df8a496c8ab77023784acf134a0a9fd3c378c46ae476a9f38fd4849eac86291894df9d89d927beeeedbfc196621a85e