Malware Analysis Report

2024-12-08 01:00

Sample ID 231111-mpdbpsdf9w
Target NEAS.8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc.exe
SHA256 8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc

Threat Level: Known bad

The file NEAS.8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

RedLine

RedLine payload

Detect Mystic stealer payload

Mystic

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Detected potential entity reuse from brand paypal.

Suspicious use of SetThreadContext

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:38

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:38

Reported

2023-11-11 10:40

Platform

win10v2004-20231023-en

Max time kernel

159s

Max time network

167s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iY1FW15.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4068 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iY1FW15.exe
PID 4068 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iY1FW15.exe
PID 4068 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iY1FW15.exe
PID 4244 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iY1FW15.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe
PID 4244 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iY1FW15.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe
PID 4244 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iY1FW15.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe
PID 4820 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3624 wrote to memory of 3828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3624 wrote to memory of 3828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3972 wrote to memory of 2596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3972 wrote to memory of 2596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 1444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 1444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3792 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3792 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4140 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4140 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 832 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 832 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4636 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4636 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1580 wrote to memory of 2332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1580 wrote to memory of 2332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 5172 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 5172 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5172 wrote to memory of 5292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5172 wrote to memory of 5292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 832 wrote to memory of 5568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iY1FW15.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iY1FW15.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffeca2e46f8,0x7ffeca2e4708,0x7ffeca2e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffeca2e46f8,0x7ffeca2e4708,0x7ffeca2e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffeca2e46f8,0x7ffeca2e4708,0x7ffeca2e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffeca2e46f8,0x7ffeca2e4708,0x7ffeca2e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffeca2e46f8,0x7ffeca2e4708,0x7ffeca2e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ffeca2e46f8,0x7ffeca2e4708,0x7ffeca2e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffeca2e46f8,0x7ffeca2e4708,0x7ffeca2e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffeca2e46f8,0x7ffeca2e4708,0x7ffeca2e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffeca2e46f8,0x7ffeca2e4708,0x7ffeca2e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,3615475143181714139,5649763009116004179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9238734824751488156,16638661204748341666,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,16393065724539966322,8634219685957595418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16393065724539966322,8634219685957595418,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4LV8Wh1.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4LV8Wh1.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14557446308814691382,18204119466754191212,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14557446308814691382,18204119466754191212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,9238734824751488156,16638661204748341666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,3615475143181714139,5649763009116004179,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7596200180497908048,2436110205779917421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7596200180497908048,2436110205779917421,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,2851896584115872219,12306922376092371961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,2851896584115872219,12306922376092371961,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffeca2e46f8,0x7ffeca2e4708,0x7ffeca2e4718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10877349476913198694,16902335143135432078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10877349476913198694,16902335143135432078,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2766590076342402838,4541338263560360489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5sY30Ng.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5sY30Ng.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 7424 -ip 7424

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=9172 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x438 0x4f8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10876738652863170600,15574053855962353365,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4980 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 3.228.27.61:443 www.epicgames.com tcp
US 3.228.27.61:443 www.epicgames.com tcp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 61.27.228.3.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 steamcommunity.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
N/A 224.0.0.251:5353 udp
US 151.101.1.21:443 www.paypal.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 192.229.233.50:443 pbs.twimg.com tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 104.244.42.197:443 t.co tcp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 www.paypalobjects.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.171:80 apps.identrust.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 254.210.247.8.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 104.244.42.194:443 api.twitter.com tcp
US 104.244.42.194:443 api.twitter.com tcp
NL 142.250.179.182:443 i.ytimg.com udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
NL 142.251.36.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 c.paypal.com udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 157.240.5.35:443 facebook.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.250.179.170:443 jnn-pa.googleapis.com tcp
NL 142.251.36.6:443 static.doubleclick.net tcp
NL 142.250.179.170:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
RU 5.42.92.51:19057 tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 rr3---sn-5hnekn7z.googlevideo.com udp
NL 74.125.100.104:443 rr3---sn-5hnekn7z.googlevideo.com tcp
NL 74.125.100.104:443 rr3---sn-5hnekn7z.googlevideo.com tcp
NL 142.250.179.170:443 jnn-pa.googleapis.com udp
NL 74.125.100.104:443 rr3---sn-5hnekn7z.googlevideo.com udp
US 8.8.8.8:53 104.100.125.74.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iY1FW15.exe

MD5 448b33ef6967f99e5cb2b93d302de38e
SHA1 1e2ad9bb03edf61c4a3bff0b4fb81f160f99e71c
SHA256 cb6f01d5a11e2aa77f87a832d8e2b4d8b781e31a1e3257c2278e94d4f4353ed3
SHA512 69786c231c5701e732afc37f238d11ed36b0a0a1b7fd9c4f567ae14866a89b668370973812753cb6f1180024c3bec681d2e79642da6ab772e747a7dac6074734

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iY1FW15.exe

MD5 448b33ef6967f99e5cb2b93d302de38e
SHA1 1e2ad9bb03edf61c4a3bff0b4fb81f160f99e71c
SHA256 cb6f01d5a11e2aa77f87a832d8e2b4d8b781e31a1e3257c2278e94d4f4353ed3
SHA512 69786c231c5701e732afc37f238d11ed36b0a0a1b7fd9c4f567ae14866a89b668370973812753cb6f1180024c3bec681d2e79642da6ab772e747a7dac6074734

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe

MD5 62ace63dd62035cc0e2d2d724d58f28f
SHA1 b57efb0c0d87404c1903a3c35c434dcb7e9cdc28
SHA256 8977c5825adfcd3e37c01e731af1d0af62d2563a32f0780f439710d23a25c3e4
SHA512 12b7cfc8e9a2be3945238fcf6c28dfc8e153f088d16841acf154b1537df0a7398638600514e62fb846ccd1c75c131a845302ca6ab7a319d7aecc84cff1555f08

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3TB215ve.exe

MD5 62ace63dd62035cc0e2d2d724d58f28f
SHA1 b57efb0c0d87404c1903a3c35c434dcb7e9cdc28
SHA256 8977c5825adfcd3e37c01e731af1d0af62d2563a32f0780f439710d23a25c3e4
SHA512 12b7cfc8e9a2be3945238fcf6c28dfc8e153f088d16841acf154b1537df0a7398638600514e62fb846ccd1c75c131a845302ca6ab7a319d7aecc84cff1555f08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_3792_AKASEQGARQOCUFRY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_3624_ODHYRUHPIFFBHBTR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_4140_FHVXSIFXCPROHIBZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_832_KDKPWCFKDVPJVATQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4468_KXKUZAPYZNEOUMSV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4636_FYPCBTEPTSNYALUA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4LV8Wh1.exe

MD5 3acea52ff0fa2271a5ad83b11be96562
SHA1 3875fe351714c2909df83bb5d75959a3c6788bbe
SHA256 2587f061e56f2e328686b5bb7ee061ec67874b86da21b6a2886f59da3132c564
SHA512 7787809ad7cdf3bc34f086dcaebf348daa851c5560fd597a06881df34381a347ca7f1eaa539e1b9743df7881eb04e7d1ec3dbe5660acb25c3c5aad8e8c811eff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_3972_KBVAXFJEPTWNXIWK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1e9b6e506f608a527cf851a01355548b
SHA1 ee6a6d4a5897cbddc2d8e79c1b6fb2d6b4355d3d
SHA256 9f54351a874d8b6c5ea6d5e0724f752dea5770656b1763a19db00278c6fa9663
SHA512 84c2763810c288a1214a2011aaba0324d16057c22f41ba5d9f32ec78f7dd908f3fcf55423c63e30f50a4efcb333b290e78d2b324a4fe3a45e74a0771865598f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4LV8Wh1.exe

MD5 3acea52ff0fa2271a5ad83b11be96562
SHA1 3875fe351714c2909df83bb5d75959a3c6788bbe
SHA256 2587f061e56f2e328686b5bb7ee061ec67874b86da21b6a2886f59da3132c564
SHA512 7787809ad7cdf3bc34f086dcaebf348daa851c5560fd597a06881df34381a347ca7f1eaa539e1b9743df7881eb04e7d1ec3dbe5660acb25c3c5aad8e8c811eff

\??\pipe\LOCAL\crashpad_1172_GWLYRLSHUWMJUUXX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1e9b6e506f608a527cf851a01355548b
SHA1 ee6a6d4a5897cbddc2d8e79c1b6fb2d6b4355d3d
SHA256 9f54351a874d8b6c5ea6d5e0724f752dea5770656b1763a19db00278c6fa9663
SHA512 84c2763810c288a1214a2011aaba0324d16057c22f41ba5d9f32ec78f7dd908f3fcf55423c63e30f50a4efcb333b290e78d2b324a4fe3a45e74a0771865598f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\40ae1233-6a10-4a81-b6bf-14907deb057c.tmp

MD5 630ce0bc9e15c7ac3e350b057e20e7b0
SHA1 86db971ac27f3217636a25448327cf42c13ae0c5
SHA256 4d3fe86e19d0e278a6fce4387bb66ddfa152e5d28188eeecaa8e414bd9d22892
SHA512 8106107ae219ecbc31435be21a2ba09a1d1e3ee09f9942e2206385892479715eab4df366ff94febaa5ab14296980428a2fe96d1bd39377f368e980ca023dfdb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a3f6cdaa516c2d6af6012a584ecbb4f7
SHA1 b03aaf585e284908904904610ca48a753196b450
SHA256 453456a35a25d0eb423099f2f04b45286fb6b21aeba82e60aca19e27be12426e
SHA512 60ff27ad7e06828068984d2c38d91c9ce833c020defac129f97f6d92691b1c860414ec6b6ed0e272ec690800048242cfe2dfa2d803379890efca50c0a6053d41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b89b9142-d78f-4b10-be43-a72b3a3e221b.tmp

MD5 1b325c2c2badf2ccd11dfcfddabe60eb
SHA1 0e8761eba1864543afcdac109c30fbfe91130d49
SHA256 644b18ec8858f29434bf9fcbb58838105c40f06da7f01371e4299ab5da57d3e4
SHA512 f98e6f1c878e31171450c418ae93a2ff01e0722b9dd2253fdb49eea7bce98376d719be07f09cd151aed771e150d797328cf7340204683cb4f844be3e3d0270bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a3f6cdaa516c2d6af6012a584ecbb4f7
SHA1 b03aaf585e284908904904610ca48a753196b450
SHA256 453456a35a25d0eb423099f2f04b45286fb6b21aeba82e60aca19e27be12426e
SHA512 60ff27ad7e06828068984d2c38d91c9ce833c020defac129f97f6d92691b1c860414ec6b6ed0e272ec690800048242cfe2dfa2d803379890efca50c0a6053d41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a8146809801dd741c60061051907ee5a
SHA1 0e40b33986a6955e9c3c2769d82be28ef01ba538
SHA256 1954099968b5134a1d17d5e0a35541d44aa7fee1f4444548a56da3ca8ed0f57c
SHA512 920419942dc3194cb231e9d87c4457d7d0fb67718971f19a69dba1d6880b531980e975b8acaeb3fc95b9f466c9039a3c260da339efd93eadb52943923d3c8aef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a8146809801dd741c60061051907ee5a
SHA1 0e40b33986a6955e9c3c2769d82be28ef01ba538
SHA256 1954099968b5134a1d17d5e0a35541d44aa7fee1f4444548a56da3ca8ed0f57c
SHA512 920419942dc3194cb231e9d87c4457d7d0fb67718971f19a69dba1d6880b531980e975b8acaeb3fc95b9f466c9039a3c260da339efd93eadb52943923d3c8aef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\aa294e55-c8b2-4ac9-9026-616e262c2fec.tmp

MD5 d30914c45940d7c078f2a40d22059d5d
SHA1 12b002190057913c7a265004149f32d8284d9e3f
SHA256 e12dc99d159595baad01fc34695b4067e45c873648ebac8b6c829e65f139bfb4
SHA512 c11e9db79c0cbd7ca392abfef49ba5e81e1be5a966d15cf41c4f6d10d4d5660f8490dc77016b55c23e6c506c9d37235ee659ffb3c4f5a212bde9d1afe4e657c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 630ce0bc9e15c7ac3e350b057e20e7b0
SHA1 86db971ac27f3217636a25448327cf42c13ae0c5
SHA256 4d3fe86e19d0e278a6fce4387bb66ddfa152e5d28188eeecaa8e414bd9d22892
SHA512 8106107ae219ecbc31435be21a2ba09a1d1e3ee09f9942e2206385892479715eab4df366ff94febaa5ab14296980428a2fe96d1bd39377f368e980ca023dfdb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1b325c2c2badf2ccd11dfcfddabe60eb
SHA1 0e8761eba1864543afcdac109c30fbfe91130d49
SHA256 644b18ec8858f29434bf9fcbb58838105c40f06da7f01371e4299ab5da57d3e4
SHA512 f98e6f1c878e31171450c418ae93a2ff01e0722b9dd2253fdb49eea7bce98376d719be07f09cd151aed771e150d797328cf7340204683cb4f844be3e3d0270bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 84e738ce3c1181307600eb7bea7d5a03
SHA1 c5b87c77b142a4b3bbbe2c48ed1ed076607005ea
SHA256 e46a6c311573d97cde2bc367fd01302efaa162213bf32c345e65739fc9b65fc8
SHA512 f4c1d449a1ae31a949a45d052fcddc6d5d3acaca6ec0beb5c4d61bfe590e43ebc512392fa39abcaaf7c5bb7c8da0ff092ad5d77078f24481c3c441dd50b54238

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a5c3cb435432364d82b4421eae7a041b
SHA1 b563d6ac259ff03dc56211dde756cccef24ee573
SHA256 bd7692fc8f97e02a9a97abd1573f4cfc1be607d92f8b4d9a1781cdb02f3308f5
SHA512 0f4a058a9afeb86558f987c9c12105307a9989783d710ae0bbcec4ff804a8722845d5b6e074bf3a812f03e3e64e232b782534d714be310e6c1eb6e6a2a55bc8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1e9b6e506f608a527cf851a01355548b
SHA1 ee6a6d4a5897cbddc2d8e79c1b6fb2d6b4355d3d
SHA256 9f54351a874d8b6c5ea6d5e0724f752dea5770656b1763a19db00278c6fa9663
SHA512 84c2763810c288a1214a2011aaba0324d16057c22f41ba5d9f32ec78f7dd908f3fcf55423c63e30f50a4efcb333b290e78d2b324a4fe3a45e74a0771865598f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d30914c45940d7c078f2a40d22059d5d
SHA1 12b002190057913c7a265004149f32d8284d9e3f
SHA256 e12dc99d159595baad01fc34695b4067e45c873648ebac8b6c829e65f139bfb4
SHA512 c11e9db79c0cbd7ca392abfef49ba5e81e1be5a966d15cf41c4f6d10d4d5660f8490dc77016b55c23e6c506c9d37235ee659ffb3c4f5a212bde9d1afe4e657c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a5c3cb435432364d82b4421eae7a041b
SHA1 b563d6ac259ff03dc56211dde756cccef24ee573
SHA256 bd7692fc8f97e02a9a97abd1573f4cfc1be607d92f8b4d9a1781cdb02f3308f5
SHA512 0f4a058a9afeb86558f987c9c12105307a9989783d710ae0bbcec4ff804a8722845d5b6e074bf3a812f03e3e64e232b782534d714be310e6c1eb6e6a2a55bc8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a3f6cdaa516c2d6af6012a584ecbb4f7
SHA1 b03aaf585e284908904904610ca48a753196b450
SHA256 453456a35a25d0eb423099f2f04b45286fb6b21aeba82e60aca19e27be12426e
SHA512 60ff27ad7e06828068984d2c38d91c9ce833c020defac129f97f6d92691b1c860414ec6b6ed0e272ec690800048242cfe2dfa2d803379890efca50c0a6053d41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a8146809801dd741c60061051907ee5a
SHA1 0e40b33986a6955e9c3c2769d82be28ef01ba538
SHA256 1954099968b5134a1d17d5e0a35541d44aa7fee1f4444548a56da3ca8ed0f57c
SHA512 920419942dc3194cb231e9d87c4457d7d0fb67718971f19a69dba1d6880b531980e975b8acaeb3fc95b9f466c9039a3c260da339efd93eadb52943923d3c8aef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d30914c45940d7c078f2a40d22059d5d
SHA1 12b002190057913c7a265004149f32d8284d9e3f
SHA256 e12dc99d159595baad01fc34695b4067e45c873648ebac8b6c829e65f139bfb4
SHA512 c11e9db79c0cbd7ca392abfef49ba5e81e1be5a966d15cf41c4f6d10d4d5660f8490dc77016b55c23e6c506c9d37235ee659ffb3c4f5a212bde9d1afe4e657c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ba4f286119c45f91665df773061083b6
SHA1 803fe14ea311d583fb820df640cf71b7b0e183dd
SHA256 d5871b93b62b9c094f00a7a47c09fa4b0e7bd3adc9b08bec5e8b0518f45b2cb5
SHA512 d4a527f704157b195940ca7e6218bbb76d459c2bce007d3941e16b52ad0aa02b2400e750f2deb93544d99f8bd65dab331071584415aa1e5c9a0c815a2dee0583

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ba4f286119c45f91665df773061083b6
SHA1 803fe14ea311d583fb820df640cf71b7b0e183dd
SHA256 d5871b93b62b9c094f00a7a47c09fa4b0e7bd3adc9b08bec5e8b0518f45b2cb5
SHA512 d4a527f704157b195940ca7e6218bbb76d459c2bce007d3941e16b52ad0aa02b2400e750f2deb93544d99f8bd65dab331071584415aa1e5c9a0c815a2dee0583

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 48db5c2fee089d29da51febe1f6b4f81
SHA1 6a9ceb160a5dfd2372dee5611ad37864f31bca1c
SHA256 10cada92e2ad5d1252638605b35dd04816ede12d46bd8fa52818958d9cc56fc0
SHA512 fa94871d4993118d5ed2847d1ed6ffb413c8d47140290255a6a54cf55a1b60ef928f0d3704353b7c14ec287f217f5e2a4294d21774e35a0aebc4ed5913a91458

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f24f6ca6490c9ac621dad482e3b6571c
SHA1 917caf1a92c6fa4489865b5f813da04324626109
SHA256 4755cfcbecc51f6bf0abfa13e6f0890a4eca39946e56205b9cec820ee7f43f31
SHA512 57a4065b6dfa895cb51d07390ed4d7223c6843a17436dcbc3361b4485f2f6441d22f08935eff1461aed4d7d228d7a62d60873def93b269e81d63b3266f0e666a

memory/7424-448-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7424-453-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7424-454-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7424-456-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 0b8abe9b2d273da395ec7c5c0f376f32
SHA1 d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec
SHA256 3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99
SHA512 3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b411d64e250cef317a84a3988da3c9dc
SHA1 9b87f29248812f37d5bf5760df8301b9d9dc431b
SHA256 e7f09a52a3e83500e2b05ab10342c7fdb1a1153fc32daa5e0291807d35ef8301
SHA512 26989a9306102eca640d77ffcaa9767e92b9984e3bdaa40ccf7f1ef54a9b02648317f423e448dea70a9dc7c53f73210179dcf2eada7a6483f25636abd8c0d3ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/6828-536-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c5d03d4434c33962f926befd793c047f
SHA1 7fd7b0d333ac2bbe330d9f9a68b5fb64b5fc1d97
SHA256 458509b1b299c773fd3d7b3ab88b4c064bdbeaefc2e938e164c5d3d8581a943a
SHA512 f1ae04a3ff40c90e26f5d79d8a600710e7a594ad6750570933dcf419aac1571c98e87e661d87a6ad81db91cc53a19ce2635d5ce893c4f65b286f461e30ee0b9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588623.TMP

MD5 8a33e9361560b85755725aec60a8e131
SHA1 f730b23dacb831af3bce757baefeb8f573f4a190
SHA256 48906f432533524a0e6779f9c48246d2b3ef4db0446e997d1d1c0bd9ac17955c
SHA512 516e1e3e3b41753f7ec1ec06aa5e59b78afd2e88732beb21ac2cfd318550b903a2ebdf45032f84ccbee67a2da3b6f8d93217df683a3dd97e349cd5fb1b84e69a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e5ee3b362dcd3cb703bd72953190c219
SHA1 a6570396c3eefed64d54836b404b2a7d4e04949f
SHA256 01c3a50c872c6450558d27de5299fab96809184047b4b9e01b3ebc792779b8a1
SHA512 6add2525c4eb01d5d4c6d5b6fe9b2175e7d2d462fe59154c7383cc8200fd2e86baabebe291b6cfad608747caeb722eae2510242c264f662ea85666e7746ef273

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cb48957d4915f580e3d11055db56a45a
SHA1 bd16ad9c12a8b6c3f60c209ff011ec3d6f406224
SHA256 6149767c32ffee98258a03864bdc4d5af3cb827935da599557d3f67148464e38
SHA512 67f5f50b5a5f46a6286ac67663d0111e81440b68e67c6ed78449e37d8a040440069ab37fbd2e57e64640035efa9923b79b6f9342a068a1b1187e411377dd9196

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_twitter.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7a09a2808de9fdc86610fe350787dd06
SHA1 b5ec4b4d0fa727f6f54d3eea4379142bddf7fbfa
SHA256 329ff521b049e650defe6070828d597e5f4238082399a730f804ba869b4539fa
SHA512 1c2e8822452444cde686f236323e516e894994847ef2b7d200623a54636816f392aadd4765fedd4e19b43e1f723e02350d1540f4bd98866b22ec9259b154e987

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

memory/6828-706-0x0000000073980000-0x0000000074130000-memory.dmp

memory/6828-707-0x00000000077C0000-0x0000000007D64000-memory.dmp

memory/6828-708-0x0000000007210000-0x00000000072A2000-memory.dmp

memory/6828-709-0x0000000004D10000-0x0000000004D20000-memory.dmp

memory/6828-710-0x00000000072C0000-0x00000000072CA000-memory.dmp

memory/6828-711-0x0000000008390000-0x00000000089A8000-memory.dmp

memory/6828-712-0x00000000075A0000-0x00000000076AA000-memory.dmp

memory/6828-713-0x0000000007490000-0x00000000074A2000-memory.dmp

memory/6828-714-0x00000000074F0000-0x000000000752C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 41ad94c06e73cb348451a65cda3432f9
SHA1 b5f60fd9c3835ea4926c6aac94b2199a762c64fe
SHA256 24da746082563b7251797954c6839080705451c9fb572d4dc741a1967472fa04
SHA512 947af6bca08d9b5ff662d79d07b8c0e7c1833fe583697165afad9fb53ef776fc964ca28f21612bf7c5b359250858c44981c02732fd4a344127e8b407bb4eb5a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f181b4290617fbb8cdb91bd9621ba574
SHA1 1e4f9ac01872655997006f9dcfa40a75cc222181
SHA256 d2f54b56672b026b2bb413d4c42786e96fa78db16ceaba693b554a85fa66bbb6
SHA512 f0c97ec031623dd8565c93b2452b75210888bd707306e3d9894c93946ddcb28928980cd0a204c9a47c956d4e7cb90ae96098391fbaaa4b3d827f2e86b18efaa3

memory/6828-805-0x0000000007530000-0x000000000757C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2ce4e9889f8427b92290eda37b57eced
SHA1 dc08f3cc13297c9421b6504ad117ab44225ac152
SHA256 92f60367da09cfcd1e695e6dbfe1a0519d96cc85a965a8e4fb403e3b49fecf7e
SHA512 d1f8393cc16c6ef2f316ff89d294cee045a8d0150fa9453dac0b3be6153b3419e699cacac9a8822ecd4e1a74cc0181449b84441ccd6462c8bacaed48134a092b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d5bb7247331e0934166a7867da98b1f4
SHA1 8a8573ccee583e1670ff41d6a31ec447280a0d63
SHA256 351326ba28b12a5367964bb045a5e7d7f200fc2d5b6b902e317254e2e12a945a
SHA512 c38fb0809e3b8ae8c0432bcb0baf5b8d1a209daf141e6bd61ba74a75a528cffab1673a872950c63313def2358e91bc034e88c2ecae61590889a755291fdfcb6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\4b0e9d1f-ff32-4ed5-a1c5-e348463d588f\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 7469d18faaf1fb908c0d8d26c37765bb
SHA1 2ea66e9d33517e1485f751b3c4dab54facf2ad50
SHA256 ddc27c24aae06f700221e32421c814fb12ee1ca3df6dd130962df8088a7a57c8
SHA512 99fe067d143de0a6d99d5fd7ce7916d669307b1ff80c9d2589837a9c99616681687caf7d03d6238bb6fd8d1cde83dd99f7d929a083ba864d9bb1a632ca1d04a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe59261c.TMP

MD5 51dea6bf2c771602cb9d34d5eaf41a93
SHA1 777bac60794ef16b3c572415e0d08721ce1c93fd
SHA256 bbeedb33885fc9ded0a85765aace25d0d4930a7e2af7f8e005b9ce484a234960
SHA512 600e0eb57d5e51783c6665f54f98e28891cc03beb0d38f5428ca1d8827a624adfdc6109713863e1949396ad607de993c1f1519faab2197841d47a7cab3c20e03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 275e475bc10fa80f019edf8cfa0d1032
SHA1 a441e046a1c80bb904e90281112d9d1c70e01dae
SHA256 445a057d7197d77d876b222e3b80c42aebedeedfada3e3265c3cc5fe26735304
SHA512 94158dbfec7b53ed843a650e94ec77d47bef615768834df608c5b342ffac4d36db70e28eca932c7a69c3dab471bff9a35474a727c458fbb266d32d08da15d4ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a9cd9bf583847136f86e0b6cb547fcf0
SHA1 5dea7e3b8aa4ecf22eeafbe8fd87a03db6dafdd1
SHA256 0b0572827de96d5a8e2d02717ed41b195c94b7a22083807e99cabbebdb1b06fa
SHA512 12a1506457e8c732571a9055531fb372326b11f74511659e0afb34c9b9dbea7434d3dd920258f150bd9372fa7074ca07e3fc0bb4c450065686ecb5c3c2e8381f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 13ce1de53fedba5723326965ed99bbc6
SHA1 e840bafd63cc3eb6d616ebadd36ee1fca31b057f
SHA256 e42079a16b0459db9eb20b523b0e2a2f5efcafac872ca863ccf2e48ba9d05d09
SHA512 23ed20fb5310b157d1102195391ecc1cae88bf1c395154200569725ece91e489d6523ff8963adedce2ac9e8eec9ac1bcc6ecfb1d50cae7ff5a082f6a8dba86ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/6828-1135-0x0000000073980000-0x0000000074130000-memory.dmp

memory/6828-1144-0x0000000004D10000-0x0000000004D20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7285473e-c079-489e-881c-adf706fa44c2\index-dir\the-real-index~RFe59408a.TMP

MD5 bb8a90cf2e0bb82865eb707d1ddb958e
SHA1 577e5e2d61a5f332afc458efc38e42ab6d438d69
SHA256 dd69087ae07fc20458a3ba37edb48a572f3a765769258fb18e037badbaaf64ea
SHA512 c6fc421d0a8c19ba5a6cd7c753a2f6e2399b8d72098a06297d2c44228859db1b81be0896c44931241b9bcbd26bbc03baa8f4411368e31b7036fa5b397524d621

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7285473e-c079-489e-881c-adf706fa44c2\index-dir\the-real-index

MD5 131c20a1e75460ac7cb27574d88304f2
SHA1 39e90752df3268693ced05f567e6e2ee22a7f011
SHA256 d7cb42e8d2e71a4287ee99a1e39f7cb3e0c78624a109977d4cda9657c9a52e59
SHA512 04ef5df36caa2e725363c40f12d308ad98143465d119840c474068fc7b95ff9503ed1c6c97fefc83a3009ae52d6f6c27342d68477d29ec58a6d292ce0f469e3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8d4420fe3dd6e361b31470c1de1a6477
SHA1 0482ff78d1bb2cf00499bbf2a872e8c50b7a008a
SHA256 790e08e1ee418ea69f5953811671077f302ec4558134d03b67fb78397fea6caf
SHA512 828076a426f77ecee17fc93026919893b1cd43afd8f9d778a71731fa2c7d9b84f6a9bc1afca065eb638d8af909e30dcd5819b810fd58c04824f8e2c65e0c27e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1d9f6a5100d5afb9d943bc95ce75a111
SHA1 7810552434cfc557239c37e51b9d6dab44c9f841
SHA256 f2e352e729c758d701ab2d421016b7da5fb5064612cec62120011cfc708fc3b3
SHA512 adadaf0ff7945999d81371f06599882d8e0e0bb820df911fdb1d51fee6cdcdfef4d9ed8397d61f399686298dc6ea31375853f55b6dfd7bd8737fde19fdc1915b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595ed0.TMP

MD5 ec89171f047b3f2c0644fd54d421d1d9
SHA1 76b8066ff6dc99597223503971927446ebc80e7e
SHA256 fec847576bf9fd7911a94804bb2dec13e7c4099bcf18993bf8ddc97f47ec7b60
SHA512 ef8e30d8591fdac81f9cdc4c4e7f6d0ffab20756c0a1a269a47a3f4690219702874185dd56bcb228d597e906e196c6f79aecad4a65bb8d969489c76038f37a23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 8971187194ebe413a8bad5e4ce3ce72b
SHA1 e73c2e53d7c2942e571925f5934e3bb1dc0627c2
SHA256 19f8af88285b72adfe425ff758b61981c8ad80739e880fe9814d14506f4633ad
SHA512 1295094ef7daca2d3a5e41733935793e36738403e088dae085ea5a6c241d937a9438133d3ecb0169b3eec2af6829b47b0c190ba2f940586496d284d64856ef4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2055c797c12634b947279cd3887ed1aa
SHA1 5b53ebd2abaaa6a9da10d0d34608722e44457f89
SHA256 fe80e47bcf444ed59266a709409daa724c66c4674dca24f89fbc5181505654e1
SHA512 a0dc80ae2599f9165ef98a888e735702fe38682ccb6a491129c49177227af3b8dd26d1da92546f8cd821c8581925d41dcad45e22f15d6ca325ed244ed454f2f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ccf463b6942107a45c115cf5a843c81e
SHA1 af1a77d81a33df801eaf7cff95630dfdc27836f1
SHA256 3cd2ca41a048e439bfab50035a601aae59b81e16f07a6e227d2e66cdaa807b4d
SHA512 d3003fd1663379e0d99df4c823155340fb88c60ee5e470fb18b38d0f6f233831c1386225975a7e8ce6392ccbb992ae369ce7560fbef7f96a0e8ce30043dd344b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2cef34eb-8717-4f72-9bb5-51d4589d061d\index-dir\the-real-index~RFe598dfe.TMP

MD5 1ada6be94e784244665b25daf4117615
SHA1 c8eaac13e1b3aef9a9d5734e5074bf742f9107ca
SHA256 e9e1123ec3cc55e4d1ca968d8cc33208e0d4a1e07794cad4a7cd23a0534c685b
SHA512 a36d12a4c51521012656dee59decde86c303d904689d552070cac9378aaee8b254ae044e9be9a041b3592fdd5025389e4f25e63248f9361b30adf1e70ab764bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2cef34eb-8717-4f72-9bb5-51d4589d061d\index-dir\the-real-index

MD5 9aeb7d063b2e309cec1bfb2a4a1c7762
SHA1 e541e91bd1be4095991f185f4d563e45c7bb4b19
SHA256 5ae6b3dbd2d9d1f2399842e7d7c3b63550038020898ad77e117dadc412f039ba
SHA512 2cd10ce3e9459b9727da48fe85d3ae844a62b37e8df2e40e936fbad8eeef5f7e59d8d8b3833a6b2c5b09d4946ac01e9b16ddf585c23046fe77c064db5cb55fc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0b3792d6000945b96711e9bf14c3a5d1
SHA1 974fc4817015f73d4621a9fc2aa48656ce6a18ba
SHA256 14502e3640ff2f338cde320543912ad2206699f6c7136b96291cc749e1214ea9
SHA512 d5982f7bf650cf03459aa57150556bd062c451693ad596eee8179fb6dc170842d3ed159c428bcb2602a771052005bb817f3e557ba20a55c008b5ad6d56ae0a09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\f7b9e0e4-b2d7-4eb0-85f1-c72ba48be743\index-dir\the-real-index

MD5 e01165a40126ac327c803dba4a01545c
SHA1 4d37bae890e0cdc75fe6a9335326aca1118b5631
SHA256 520a98b2d647ae53b1eb5ee53e3477a0185fb68d0ef1c4d6686fd05c7bc1a8d9
SHA512 b14c2e0e9761cf0bb300ae46ee8fb74496643452cb0b247f6d906d7d447e1688c6d7573e971a2df49e1182b87b939bfdd37c7e1a35921042a67b8d2fbf6e273d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\f7b9e0e4-b2d7-4eb0-85f1-c72ba48be743\index-dir\the-real-index

MD5 cbec08019bf4e4577c6ac3c57b2224ad
SHA1 220265d11dbbc08cd1f3a1b0e1d1ac059da6e460
SHA256 0a26c83fc1ce36006db2d5bde733eecd907f99d5723a2e98476a7146e9351cf4
SHA512 d7b36d65cb69ca188fcb8c23c78f10b7ffb5d901c85b2cf88e967952f96c8a03417c9d5143cf60ff5499d9dd2123123e64b3153dd84012207f2fa139b24172f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 26d59eb7ce9796db7280dcd13b24bc44
SHA1 4f286ecc47e725437f63e3b5f9467d0f5d3a8458
SHA256 c44458f54935739f4fdb92c62a336ddc65628a21085a9bc78078a6e17d82cb96
SHA512 86dab2b672b31506dedab9a03abf4a571e5fd4e12d4ff16d4c2659151971b68a98c75f3005bc975bfb8b413f2de022f5dc34152c554e9b2548b5319fdad9130b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0d0376e9fa7940e80a2c42c2426d06a2
SHA1 0c18757beafc4f95cbf2596ef3f3209a49d305af
SHA256 c74251d6fdc3f37f895c575eee85bbcee5e375c8ef62d19c05e96a0b5c588152
SHA512 aa7a10eb68caff1b9e55fc9f4e7ca43783cb9b355e3bc7bd2b1de1d86ef6f84b5ca9133bea836f481f98ecf889e7b54f82224b8446a23eb6235d24401c23424e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 528274ab1eeae77a00e075b3fa8add8e
SHA1 d13c12a41a970b5539c463d61c1318358fd95283
SHA256 95fa14b00d235ce37aefc4ab1ec5ccc7f9d276bcc4b4cf6949a06f8fd6a81d05
SHA512 03c548a483279a0d2b70e326c0f51232cab3da2b63b5a4c4310f25c463348f56dfd79cc99bac8eaa6e0e7f4a5f8de7ca9e22ccac4ea09171669a1e19f2933fe7