Malware Analysis Report

2024-12-08 01:25

Sample ID 231111-mwxc6aeg43
Target NEAS.237dd269593914e0571b27022a25a61f4fb3a1af73c66e39711c611f0a7985e3.exe
SHA256 237dd269593914e0571b27022a25a61f4fb3a1af73c66e39711c611f0a7985e3
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

237dd269593914e0571b27022a25a61f4fb3a1af73c66e39711c611f0a7985e3

Threat Level: Known bad

The file NEAS.237dd269593914e0571b27022a25a61f4fb3a1af73c66e39711c611f0a7985e3.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Detected potential entity reuse from brand paypal.

AutoIT Executable

Suspicious use of SetThreadContext

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:49

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:49

Reported

2023-11-11 10:52

Platform

win10v2004-20231020-en

Max time kernel

147s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.237dd269593914e0571b27022a25a61f4fb3a1af73c66e39711c611f0a7985e3.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.237dd269593914e0571b27022a25a61f4fb3a1af73c66e39711c611f0a7985e3.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3620 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.237dd269593914e0571b27022a25a61f4fb3a1af73c66e39711c611f0a7985e3.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe
PID 3620 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.237dd269593914e0571b27022a25a61f4fb3a1af73c66e39711c611f0a7985e3.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe
PID 3620 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.237dd269593914e0571b27022a25a61f4fb3a1af73c66e39711c611f0a7985e3.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe
PID 3216 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe
PID 3216 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe
PID 3216 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe
PID 5064 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2692 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2692 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2360 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2928 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2928 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 728 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 728 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4632 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4632 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 388 wrote to memory of 4248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 388 wrote to memory of 4248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 5168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.237dd269593914e0571b27022a25a61f4fb3a1af73c66e39711c611f0a7985e3.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.237dd269593914e0571b27022a25a61f4fb3a1af73c66e39711c611f0a7985e3.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x17c,0x180,0x184,0x158,0x188,0x7ff9684946f8,0x7ff968494708,0x7ff968494718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9684946f8,0x7ff968494708,0x7ff968494718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9684946f8,0x7ff968494708,0x7ff968494718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9684946f8,0x7ff968494708,0x7ff968494718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9684946f8,0x7ff968494708,0x7ff968494718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9684946f8,0x7ff968494708,0x7ff968494718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x7ff9684946f8,0x7ff968494708,0x7ff968494718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x84,0x170,0x7ff9684946f8,0x7ff968494708,0x7ff968494718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1476,11445835236903100329,16252658735904654546,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,14329589371569253980,15864433670706602296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14329589371569253980,15864433670706602296,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9684946f8,0x7ff968494708,0x7ff968494718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,13071507033565311580,13966648533755459942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1476,11445835236903100329,16252658735904654546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,9280276684298489022,5893882411559387558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,208439729607109759,7252970704651438849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,208439729607109759,7252970704651438849,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,9280276684298489022,5893882411559387558,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,13071507033565311580,13966648533755459942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9684946f8,0x7ff968494708,0x7ff968494718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4GI3vI7.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4GI3vI7.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,17694725866520649994,2814909074555362407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 7536 -ip 7536

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5sv81BT.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5sv81BT.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 twitter.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.paypal.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 151.101.1.21:443 www.paypal.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.epicgames.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 34.233.198.216:443 www.epicgames.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 216.198.233.34.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 192.229.233.50:443 pbs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 104.244.42.69:443 t.co tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
NL 88.221.25.169:80 apps.identrust.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 fbcdn.net udp
US 8.8.8.8:53 c.paypal.com udp
NL 142.251.36.14:443 play.google.com tcp
US 157.240.5.35:443 fbcdn.net tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
NL 142.251.36.14:443 play.google.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-ntqe6nes.googlevideo.com udp
AU 74.125.152.6:443 rr1---sn-ntqe6nes.googlevideo.com tcp
AU 74.125.152.6:443 rr1---sn-ntqe6nes.googlevideo.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
AU 74.125.152.6:443 rr1---sn-ntqe6nes.googlevideo.com tcp
US 8.8.8.8:53 c6.paypal.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 151.101.1.35:443 c6.paypal.com tcp
NL 142.251.39.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 6.152.125.74.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
AU 74.125.152.6:443 rr1---sn-ntqe6nes.googlevideo.com tcp
AU 74.125.152.6:443 rr1---sn-ntqe6nes.googlevideo.com tcp
AU 74.125.152.6:443 rr1---sn-ntqe6nes.googlevideo.com tcp
AU 74.125.152.6:443 rr1---sn-ntqe6nes.googlevideo.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 126.23.238.8.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 52.111.227.11:443 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.39.106:443 jnn-pa.googleapis.com tcp
RU 5.42.92.51:19057 tcp
NL 142.251.39.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 226.162.46.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe

MD5 e9b6e852e80119eb84b6df92fa0dec83
SHA1 c418fc61b9a90480f8d2356ed5199e67a5a7828b
SHA256 3c68fb2a0ddebaf0c3045ea11d88ccac9fe3f1b7c316e6dfe8d142bd4ac3adc9
SHA512 22232f8093d459a732a06e502c38dbb9046ba537ab8d994950bcd6d6be2783dc2641324c460bc7d30d0838c9d7cec267bd12a6b9675f4e4efa9ac123041b3f26

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe

MD5 e9b6e852e80119eb84b6df92fa0dec83
SHA1 c418fc61b9a90480f8d2356ed5199e67a5a7828b
SHA256 3c68fb2a0ddebaf0c3045ea11d88ccac9fe3f1b7c316e6dfe8d142bd4ac3adc9
SHA512 22232f8093d459a732a06e502c38dbb9046ba537ab8d994950bcd6d6be2783dc2641324c460bc7d30d0838c9d7cec267bd12a6b9675f4e4efa9ac123041b3f26

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe

MD5 62e50d22351188622c5062e5e09bb633
SHA1 544bfc9456f2efd8195d39e7ad1f94eb7150ac85
SHA256 685d694359c986249bcb00f253a0bf842872b681a0f8853e0f4a6db53627dfa1
SHA512 4508e068249ce953de14f4718c359442b4647fd5ac730a536479002a9afcd24d2c15d13538c2e368040439df8df415f1845ad1d024c1d895b8d4be149ddf5315

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe

MD5 62e50d22351188622c5062e5e09bb633
SHA1 544bfc9456f2efd8195d39e7ad1f94eb7150ac85
SHA256 685d694359c986249bcb00f253a0bf842872b681a0f8853e0f4a6db53627dfa1
SHA512 4508e068249ce953de14f4718c359442b4647fd5ac730a536479002a9afcd24d2c15d13538c2e368040439df8df415f1845ad1d024c1d895b8d4be149ddf5315

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_728_MPEBFSIJIUFWSIEG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_1128_QAVRFPVZPVTXODAC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_2360_WKWWHNTBFHZBWSVT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_2928_JNWBXWEMNUMBFIKL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f47f476453986cad0741203b5d22330c
SHA1 c4392781f48b93b175c1fb416670a5dfac26bcb2
SHA256 f7753f1c7b8338cfe7a35af4d5f31ca5bb398e3e57e8180a1b90f473bc0e8d48
SHA512 aaf5d8472de9d4fc3a7973945d6e550d3959dffdd632773a1c1b2d13cd97853440950047f1f3d795f4425f20bfdb9d9fe892c76f700122fa8acb830efcec1dd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9ded3e5f590601e4bcf227c9d4874920
SHA1 d339cd839ddac257dc3471264d7285621acefd36
SHA256 c1582acc6a6777556c613a3ddc39fa03fa05b99be5ba8a82601d542c520bf618
SHA512 9d225215a9d35860740cde61978a5e0cf855a0fab2e0be2597efe2f6de7650c556e9556485c1df4e8171d2bb7e41111929d2185b74f1fd40c6fb2f7c82eb2981

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\574382b2-dd48-40eb-97ac-aec41e0f260a.tmp

MD5 e7e85caa8dd08dea6fc02edd239007fe
SHA1 0617eaae7c97f66c47b540c96f45c21e246ddb3d
SHA256 844465ac828ada8277302768af54866bb28ffa06c9f28530ee9df530a941940d
SHA512 68ef7325598f0b5db3c5564dd03587a716b9a55fb6a0ccdc94b1648f7da93cc8739ec4e2e80353fed662edf6196a564994acdb5f55eb6557ff2f27f6a1078ffb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5d5da19c8ed577319f66d13d875740c7
SHA1 297ff5df4255c54db9149595e89dc88e0f27b9d1
SHA256 d8f11350b55e3f7847b94cb2809d6da14a5eea1c593a96d31ac3aa880355da2f
SHA512 44a302b94d6a1ef21b424ac2c79b1e14f32519eaeb2b124ec0cd120959e072df7dd316d2748c0427a12d970786fb88d850185e7951c8e373cbe2a2c0e4dfe2f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f47f476453986cad0741203b5d22330c
SHA1 c4392781f48b93b175c1fb416670a5dfac26bcb2
SHA256 f7753f1c7b8338cfe7a35af4d5f31ca5bb398e3e57e8180a1b90f473bc0e8d48
SHA512 aaf5d8472de9d4fc3a7973945d6e550d3959dffdd632773a1c1b2d13cd97853440950047f1f3d795f4425f20bfdb9d9fe892c76f700122fa8acb830efcec1dd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5d5da19c8ed577319f66d13d875740c7
SHA1 297ff5df4255c54db9149595e89dc88e0f27b9d1
SHA256 d8f11350b55e3f7847b94cb2809d6da14a5eea1c593a96d31ac3aa880355da2f
SHA512 44a302b94d6a1ef21b424ac2c79b1e14f32519eaeb2b124ec0cd120959e072df7dd316d2748c0427a12d970786fb88d850185e7951c8e373cbe2a2c0e4dfe2f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_2692_TFTRPRXNCFNWFGEF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4632_WUHCYNWNZMCEMQSE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5ae5ddaedd95be66fc696e2b174029a4
SHA1 a04dbf5300311167e3b2559c07f54d2518133700
SHA256 04959e5b37ec9e650122aeb2799706cb4c5e01b9c07c724aec4100838174ab07
SHA512 82ce2ff1149f0001bf0957754e86bf83f91fa0d15f410894b45d6060c5ccd5b82deacdfb39a5f4661e2be8756d5307d5c12be56cc43c006f3e32c4b04d39f883

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7b89866d973468b67245416f91b020b5
SHA1 dbcd996eef6409ef19c6e9662eb35d24e0a2d578
SHA256 fd64a9bcab0e3ea1ae01a8d0bef0516721c324cca672a5c1dbbc5d5fc3e7df21
SHA512 2b1d27b26266b67bfba089551cb89059f087eb9928d3dd67cfa1f9d51aefb09355f5dcf93684cd3d829e9640c1e4b8636b8e33a0fadc79593ab700c1d9908cfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e7e85caa8dd08dea6fc02edd239007fe
SHA1 0617eaae7c97f66c47b540c96f45c21e246ddb3d
SHA256 844465ac828ada8277302768af54866bb28ffa06c9f28530ee9df530a941940d
SHA512 68ef7325598f0b5db3c5564dd03587a716b9a55fb6a0ccdc94b1648f7da93cc8739ec4e2e80353fed662edf6196a564994acdb5f55eb6557ff2f27f6a1078ffb

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4GI3vI7.exe

MD5 679892e938487fe8fc0e653f8feefe9f
SHA1 30a77ff687fe961a88d3a29da0c241fc5557b910
SHA256 2e15631b38fd951b349a186834f7fa300312504459a067f2656cd69aae1d39c6
SHA512 daf7c0a1c7a91d0ce957b7eedd23d176f814abf954da0f5f1911dfa3b202d905f7b444f191976e54a9d6a09ba83bdf9131ad7e9cb65f0b185c3b2b12dd5db4e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5ae5ddaedd95be66fc696e2b174029a4
SHA1 a04dbf5300311167e3b2559c07f54d2518133700
SHA256 04959e5b37ec9e650122aeb2799706cb4c5e01b9c07c724aec4100838174ab07
SHA512 82ce2ff1149f0001bf0957754e86bf83f91fa0d15f410894b45d6060c5ccd5b82deacdfb39a5f4661e2be8756d5307d5c12be56cc43c006f3e32c4b04d39f883

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4GI3vI7.exe

MD5 679892e938487fe8fc0e653f8feefe9f
SHA1 30a77ff687fe961a88d3a29da0c241fc5557b910
SHA256 2e15631b38fd951b349a186834f7fa300312504459a067f2656cd69aae1d39c6
SHA512 daf7c0a1c7a91d0ce957b7eedd23d176f814abf954da0f5f1911dfa3b202d905f7b444f191976e54a9d6a09ba83bdf9131ad7e9cb65f0b185c3b2b12dd5db4e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9ded3e5f590601e4bcf227c9d4874920
SHA1 d339cd839ddac257dc3471264d7285621acefd36
SHA256 c1582acc6a6777556c613a3ddc39fa03fa05b99be5ba8a82601d542c520bf618
SHA512 9d225215a9d35860740cde61978a5e0cf855a0fab2e0be2597efe2f6de7650c556e9556485c1df4e8171d2bb7e41111929d2185b74f1fd40c6fb2f7c82eb2981

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7b89866d973468b67245416f91b020b5
SHA1 dbcd996eef6409ef19c6e9662eb35d24e0a2d578
SHA256 fd64a9bcab0e3ea1ae01a8d0bef0516721c324cca672a5c1dbbc5d5fc3e7df21
SHA512 2b1d27b26266b67bfba089551cb89059f087eb9928d3dd67cfa1f9d51aefb09355f5dcf93684cd3d829e9640c1e4b8636b8e33a0fadc79593ab700c1d9908cfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f47f476453986cad0741203b5d22330c
SHA1 c4392781f48b93b175c1fb416670a5dfac26bcb2
SHA256 f7753f1c7b8338cfe7a35af4d5f31ca5bb398e3e57e8180a1b90f473bc0e8d48
SHA512 aaf5d8472de9d4fc3a7973945d6e550d3959dffdd632773a1c1b2d13cd97853440950047f1f3d795f4425f20bfdb9d9fe892c76f700122fa8acb830efcec1dd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5d5da19c8ed577319f66d13d875740c7
SHA1 297ff5df4255c54db9149595e89dc88e0f27b9d1
SHA256 d8f11350b55e3f7847b94cb2809d6da14a5eea1c593a96d31ac3aa880355da2f
SHA512 44a302b94d6a1ef21b424ac2c79b1e14f32519eaeb2b124ec0cd120959e072df7dd316d2748c0427a12d970786fb88d850185e7951c8e373cbe2a2c0e4dfe2f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e7e85caa8dd08dea6fc02edd239007fe
SHA1 0617eaae7c97f66c47b540c96f45c21e246ddb3d
SHA256 844465ac828ada8277302768af54866bb28ffa06c9f28530ee9df530a941940d
SHA512 68ef7325598f0b5db3c5564dd03587a716b9a55fb6a0ccdc94b1648f7da93cc8739ec4e2e80353fed662edf6196a564994acdb5f55eb6557ff2f27f6a1078ffb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9ded3e5f590601e4bcf227c9d4874920
SHA1 d339cd839ddac257dc3471264d7285621acefd36
SHA256 c1582acc6a6777556c613a3ddc39fa03fa05b99be5ba8a82601d542c520bf618
SHA512 9d225215a9d35860740cde61978a5e0cf855a0fab2e0be2597efe2f6de7650c556e9556485c1df4e8171d2bb7e41111929d2185b74f1fd40c6fb2f7c82eb2981

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cc0d173deefd4c3a15a5cf80946e4203
SHA1 a7c4371156d397cd96681823ceaa842083217435
SHA256 b91c2960c7fd70bb3df3a844ab98555d1228b3d152fef80bf3302f883e8d3379
SHA512 69854891f5de3d8337c3378b647e0084aaeb6e639f944c0609bd7c891e245b4d72210749c7bca5fd6cc72179c7dae660d590044e7b21e5a62e1997f7b5607088

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5ae5ddaedd95be66fc696e2b174029a4
SHA1 a04dbf5300311167e3b2559c07f54d2518133700
SHA256 04959e5b37ec9e650122aeb2799706cb4c5e01b9c07c724aec4100838174ab07
SHA512 82ce2ff1149f0001bf0957754e86bf83f91fa0d15f410894b45d6060c5ccd5b82deacdfb39a5f4661e2be8756d5307d5c12be56cc43c006f3e32c4b04d39f883

memory/7536-219-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7536-224-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7536-225-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7536-227-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5sv81BT.exe

MD5 4b52eab7bee53739a21fb35118af29c1
SHA1 473827393a65e152c0f4001421a030d8855b7e38
SHA256 ec94abcd1ba6b77eaf794fa403abe976c125d3ce5cd8c16d688c7ca220d6ba85
SHA512 2f4963dc16cdc97df041fccc99acf9b2557c461c38845c827baf46c76eb1a4fc54ce7c2fafd4ba69322b0888914039e32c7307a9bacf125909ee72468f75a459

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5sv81BT.exe

MD5 4b52eab7bee53739a21fb35118af29c1
SHA1 473827393a65e152c0f4001421a030d8855b7e38
SHA256 ec94abcd1ba6b77eaf794fa403abe976c125d3ce5cd8c16d688c7ca220d6ba85
SHA512 2f4963dc16cdc97df041fccc99acf9b2557c461c38845c827baf46c76eb1a4fc54ce7c2fafd4ba69322b0888914039e32c7307a9bacf125909ee72468f75a459

memory/7932-250-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7932-253-0x0000000073CF0000-0x00000000744A0000-memory.dmp

memory/7932-254-0x0000000007B30000-0x00000000080D4000-memory.dmp

memory/7932-255-0x0000000007620000-0x00000000076B2000-memory.dmp

memory/7932-256-0x0000000007780000-0x0000000007790000-memory.dmp

memory/7932-260-0x00000000076E0000-0x00000000076EA000-memory.dmp

memory/7932-289-0x0000000008700000-0x0000000008D18000-memory.dmp

memory/7932-290-0x00000000080E0000-0x00000000081EA000-memory.dmp

memory/7932-291-0x00000000078B0000-0x00000000078C2000-memory.dmp

memory/7932-292-0x0000000007940000-0x000000000797C000-memory.dmp

memory/7932-308-0x00000000078E0000-0x000000000792C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7b89866d973468b67245416f91b020b5
SHA1 dbcd996eef6409ef19c6e9662eb35d24e0a2d578
SHA256 fd64a9bcab0e3ea1ae01a8d0bef0516721c324cca672a5c1dbbc5d5fc3e7df21
SHA512 2b1d27b26266b67bfba089551cb89059f087eb9928d3dd67cfa1f9d51aefb09355f5dcf93684cd3d829e9640c1e4b8636b8e33a0fadc79593ab700c1d9908cfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 39ae49269f0e5507ace45b2cb87f74cd
SHA1 0c8c45ab84fc2028770e5bdebe032011915d3121
SHA256 de1643c12514e3c1ccb4ac0ab4b4c58b59286d02faa9aff42899cf60f32263e5
SHA512 4746704ea319d95145195f606371e3289e482a211a9b2a98d66f7890fc32853bf09fea519a7a0ba2fd584dcd4a70c646c3c16ad3d6384bd237e29b675b7a2446

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fdc67f4e4ba80740c2003576ce611bde
SHA1 dc3c2111e763bbcd1194c46877d6d9cbd70d1e85
SHA256 d32970a0a8412ad842ef73e9b8a8d3c0023aaade27c8cb57fe1d6a320992b79e
SHA512 8862b05f858213a4dc0ac94f5beae4a5bc5141bb685d56b5d7529e76416b46f98bdc4ff94653c89afaf6552274f450e0bb88d7a73c9f493f681569e189c1ca68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1c706d53e85fb5321a8396d197051531
SHA1 0d92aa8524fb1d47e7ee5d614e58a398c06141a4
SHA256 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932
SHA512 d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ab448c56ed18b830c23d6d627c0c8248
SHA1 21a1e0cefd8005dfda61eb4c7119eb5302700c50
SHA256 bd6963869c586e0e241164e3ea2e90208e406235f7c2513ccc6b618f3661ce8e
SHA512 ce13fc081fab8dba18de1d58e4447753c743de6710f40a9476344e5dff45b09cc91687b9cc0a65257cb73e6421f21570a8ba0d39b4f383d2ef4985dccebd2b7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe583803.TMP

MD5 8d6e39014efb4b616b0e60824afec931
SHA1 dff43c1101d5480454eac929cb1d76cb80609d27
SHA256 06543a65802edb6e66f5e4c6cb5ef02ed00fbce2ed03eab86649bdc38b5660f7
SHA512 e1ee8a9e3de29759ad749f078b7d601121319e0cad0b48695f697d845a5f766f49e7d6d7dae29f6713ac65b6aa4f1b0835279fa30d7547e83013b7595ba1ae79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6b721d6971296900a35743f299afc11b
SHA1 a6895c3ff8848b9772560044383a4ab60eca1be9
SHA256 b57f54b4bd945935905033122703939b033a08f8d839d66496c6db521e4dcc11
SHA512 4632c248f4a6bd0cb80cc5e718ac81834910cb8e4ee7e2a226fc66ff9032a05a5629bccfcb83f9256a99c4945c0d6fb7bab943fe4ad359bb468349c26698230b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 77755216f9e4aeefaaa91a5220de4309
SHA1 c97c945b52dd732d19d3776f635fe68c7e528fa2
SHA256 a6ba185b20142c6a23c661ab513c87b602320ddfe2da30d060dbf4d35eadadf1
SHA512 ca0ae9cc9f9163e964a3d9a1e45ecb90127b12fa420022ee261e49da5a89a4e1a6fdbda1c25a259849a9a853e27ccabe463370c4b7689812d7c0058079f4df54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584169.TMP

MD5 3ac8a74dc8ab90a3c1e2e03d11b5cde4
SHA1 f4e5c5a23fff44d467f50de08ec7da40959ab43b
SHA256 d45a7675ea877ed1766821853340d93c7646b9fc53c7b7131cae2c9c5d76d65e
SHA512 fd785b35b7662cdcd802cf119c7fdd32b13b2c1ce140561b81bada13604133005920716ef2a692470bf0483478c85f7e21b5462defe6212a1d20368b2cb1e2f5

memory/7932-627-0x0000000073CF0000-0x00000000744A0000-memory.dmp

memory/7932-637-0x0000000007780000-0x0000000007790000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2accf6b18b54d602070a0b1ef6f0ce67
SHA1 5fc15ab2603db6ae31761aa07cd51ef83025fbf9
SHA256 cbfa7a03ded48d8c3b85b37d07f521516be85e7cdfd3d393b3b4663b8672351c
SHA512 7fe3462cf918b46261816a746316438e0480c7226680eacaea9fe62a6365959eb0ecfd6f4c6736b667337db8fc7cdc923332db7f74303e4f079e2bdc4bb2700a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 20ca34e5670816e0b5e07bab92ecb9aa
SHA1 dda59c36ec057e31a07b057b13f833cc3abf00ce
SHA256 957f5ffe01cdd723753d9ac720ba8a75ec04c0014b5adff987e77da9b98e8ed9
SHA512 16d152910096bb8f83c57dcdf186d45762e1ecf50f5d7cfb8367463087967d99d122058bb96d9c4aebe69ae26fef3d67ec294175f0b9b34b92ada60a9093c85b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ec71d02a100446fc170e9b67f64fa8c3
SHA1 d1a49e87f2163f161926fc60a79b8143dade120c
SHA256 3e8ea8ef6a1a9e50e1a6b8a2b7351d1d4a7081f6478508d2021873f0e8f234d3
SHA512 bd4453c53a8ce6a19ce1210c88dc29127a8dc33e67fdf8afad9ff0e95f3a35978f01b8b082a93d4252f4ab3d4738dd71709227f50f2a430d68bc09d9d8ff9c01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\72adc8f8-f248-4532-ae2f-e9c62d4a6342\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 af3b55aebdebbf1be7a60d6f2d912246
SHA1 cd6050ffc72f2054e633f5f8bc81d7426dd1c754
SHA256 efd0f8d534b32596aecbcc46e8ac71fa6a1ce292bb6f7aedd00edc23455e8c4d
SHA512 655c04edddf5121eadd9880abdbb7653a4ac71726c896717a62cb4b0c9089bfada24ce6849cf3f69829bdd221285cbee02f69912951d033b7ec57f088a4c58ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe5864df.TMP

MD5 477cd72a9b5f643e2b23f40de0e6637f
SHA1 d04da5e5b9c44bdb1dc53e425d1e1419a697dfd8
SHA256 be7c0e42548dad02534145be242c8bfdffbe6ef251f93575c1528d633725e81f
SHA512 96778edcbcb92d2322f9e0f5d266819e85878d6a8e929b14af992cf755cf925c8856aacf738574bfa5c0ea83ba30f99d3e0e810e148cdd33afcc99dfe8cb427b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8a0261b0391102c5a4e1e5bc2ee8565a
SHA1 c71dbb3740cd9503a90e0bc01f3811db372d3ec1
SHA256 cb8ab16794d8b3608e269e95082f216fe8e9e718039f622c40e24b1f7fce0ff7
SHA512 9197f93b3501b656625f1aad4f9390482dea1d0f2999e2031262257bb3e01ee7d003e6f326b542b4041a8cc2f7ce053af7eba8b17801e1cee4c4f8beb947af56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7b4695c326b3e276562a4ae26192e6c9
SHA1 e25fafbdca5b5681f150db6093df5c4970d57143
SHA256 9a30003a81c2c5d2c5990ec27add2cd79f8fc5509062acc66d2f92478c8ed39a
SHA512 30d760c9c84ee95a8098f3f87b99a8998b3e4e4abdca9bb91f4e38b838e98e493a6fa1faf712ca0025605cb01caff3f4e9b8fe1c51336c48487e4822d8e98867

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e8d561ab4f0a8688c45d42e6017707a6
SHA1 04b4ffec6d798775f1e72e0b890e6f8fbaca4755
SHA256 09ff8cf40655cdc37a50cc11615c4d0e83a17c6af39746c8dd687f67313a1b08
SHA512 51ffb43db8dc047f1e0b85c95a05cdc0f2d529ff181c855ea380a1dc9736c04bb20b88c0f6a9b5d74031143c4ad8f46a0e44229bb7d356b08ea9c36646470d02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 20a2f0dd023c3b9468849724f52599c4
SHA1 cca40185f7352f21a8eb8a1d127f7e5306e1b172
SHA256 6612324e8b82f5da62461a5f176cc5d91f4487ea2d9eef3ea6f6c5c247601db7
SHA512 a226f77254f6ac54322da2f40e00f9f1949ecb59e622d474fada616cf314ec61c3b40573ded923bace9572a4bbe4c742c0a5772bdface6f7a37c5704b4827793

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b292.TMP

MD5 a1e4a1ee07dad85a5004321fd4658335
SHA1 2f04284fb2ff5168b41ad44e8b28e23b9b4b01f8
SHA256 16ef020d4e7d85dbdc4c9edb8217ca002831044a7349b0b34aa2225325194e0f
SHA512 3829874d8855b4332abe298ecbdb8e5d7f8ca14c5de01d0abd643d8c6e52557224b19ae93d4949a8d4fbe839472cfb494627b81e4a157e98604d2e3d609871e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\b53c6da5-8b86-439a-93b7-4c2c617db915\index-dir\the-real-index

MD5 d557f8befff503e610f6674690185c49
SHA1 aabd69588edf55d1f415ba395c879d2ba867784f
SHA256 7e7b4ef9ca1e8705741af505b4f4bb2376078166d05b633f2a73f288ede4341f
SHA512 9ea734f4b60a2b50cbf558bc21be41c5cc4485c74b4f0af4dfa42dffa20436eb11bd8fefdc65ec403687ec81effd9d01095d9826ce94977fc55a30dc4d744ce8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\b53c6da5-8b86-439a-93b7-4c2c617db915\index-dir\the-real-index~RFe58b726.TMP

MD5 c991080f5dc9013b1fc4350f26f986a2
SHA1 75d7c9a179b70dc22c4f7fca669c91d27c22cce9
SHA256 c1ce5c8ca1a4c32b59eb78469fa8ed755a163b15010cc8f86346c33ddb95e640
SHA512 ac0936a15bb41b713fbd0b91dbd4f4a4cca6069cc66ba3be64cada1e8594587c0413515bd49210a4a8acc164dd1e8659b9cd196faf14218939ac6c3577a573b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\59eefe05-4260-41bc-a381-b5f69177e4b9\index-dir\the-real-index~RFe58c6a6.TMP

MD5 8798194f84d118720cba5df9e7107219
SHA1 d6378c867a3adc6c62b234caf0dc2aeeea7f5647
SHA256 0d691e40872eb6b6ca7186ed100156630f901bb469c6110d350522885be43afe
SHA512 de833f4dc635c1843219634031afdc28a7eae94ebb8780c71e14cb00a192ec74620f54fb1cc3457ddd5b837b236475fd3f8d3847fade0af21e4f2b2f518279f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\59eefe05-4260-41bc-a381-b5f69177e4b9\index-dir\the-real-index

MD5 9113081271fb1bd44481f85f60b674b9
SHA1 bcddab5ebaeb191c3d42b71a4d90b70efe10e573
SHA256 cb71e9ff54e2d4177366feb0182ae94ee1ebd7a3f24bf1d8cda5e6f3a5f333b5
SHA512 affab449e392b45a866105599758d0e56d4b42de70ef29ceed51e7dcfaa15d9090d64afb7365f4ff0ee2c2eee514f3197021dd730c83311bafd5771b098cab1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 23eeef76531ce69b58a2fb45de824cff
SHA1 f903db40cb22b49ed1e7e19d20bdf3c16a7265e5
SHA256 b79c05724c1e50ba7c820d3efd4f60b1b132158e522578ebfc4ead339ffbf35d
SHA512 0045c2d6813d410cb391da672eb994af99bfbb8569f097d844457015c5dd29219509d9fd536459d79f8909796add4c9895a26f946e298d4491385a9a9b64c3d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f771958d8873a70350d5a35b4d45a423
SHA1 d9e5274660b830dfba87bb031a41c23e1a3ac182
SHA256 0da07a54de9434bcd8c8afd816c54002dea9a9a5e35719d1e920a09875c7f7e1
SHA512 71f1d36ba7a94079c064c171743b1cdc56a5d03812063fa42c62c4fdf6039c53c81a6095dd66aad0fbd6f235da888594931a4ee027c126b75ddc16cdc9524a1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 01387656700ea603c6d38671f6a7b752
SHA1 32290dcfba939fe0d2b5a13905a9428c0e845d7a
SHA256 f7ea34005a7bf7ef7bef7a31a0026f53e520af701687c7d82dcbe5aab8ac190f
SHA512 5a88d0d8f07287df8dd7a7618e0bfd474f56fab24efc1aa75481f50a7da9e1d4023e42c8cf6ff7e6939da401a4dd1e3486399d594cb756a292478c4f4d1abc12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0da5ee6e-071c-42dc-a002-0a613cdfc16e.tmp

MD5 d85f053aca1ef2b4314e8777872c2852
SHA1 c13cc150fa0aa97f9594bc8d307c3f484a2aeb46
SHA256 956c79e44704cb0d8780aa5d8c60c61a350593729d46f1cc4d34d457b45eac83
SHA512 9d558f08fe21160d0c08c0eef5accdac27e4b55a06146cecf1390513d5c53b68f9f9ee554bd35b70d6a19ed59d940d751ff72db325e8c573924dd2e19d88ffa2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 195ad04abf7de095c6be48f05221228a
SHA1 9ed02d3575287286a1b57426faa29620c6e75411
SHA256 2a7807e64b36bfd144e8973b534104cdca1f7c38ad369dfdb9306c62ae2e7842
SHA512 53f73fd7c1d118afb6cc6143465ba51f0327c1c6fba4b9ffb0b4b89beb05133434bd923134afd34eca3b477b1188b8c84e07a6d1a09bd58a87c94035e24e9f93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 e0fa7789897e9d6cbbe98c8d1d133147
SHA1 f52ecfa07408cfd28d14cf1882dd45e48d29c1ea
SHA256 fc9ba266ca1487bbbacb6f3702d6c80d10a73d738307428f3133db2156d81b28
SHA512 f636d0901f841367eb99e5d50236295dc23f1d0ae4f26fbf0643bad50a014c466cc1991d25594f44cc2ceb9db1371e69cb73bd4f34f7582fbee4b19b6e67e745

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\72adc8f8-f248-4532-ae2f-e9c62d4a6342\index-dir\the-real-index~RFe593994.TMP

MD5 c409b90bc963d1f6fbb122a14a44155e
SHA1 c126426286c8205d6fae23e5470ba6dd112c71f0
SHA256 743cae59fdf85aea45fd9f8c4040675eb2b35a37f2117d958df45fdc85d7ac44
SHA512 49ca6ee46b09a3fae0534e1e08d3f0ef3928def00cbfe289fde6162657c385eab17bc0cb048d52414b672dc38a7e681a0b78d8cd29b4715a9d36e51f6d383cf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\72adc8f8-f248-4532-ae2f-e9c62d4a6342\index-dir\the-real-index

MD5 f085fcb8af6fcb0bb984cdd5ee86cc08
SHA1 e7446bf3300240a6f8be271361dff979c13a025d
SHA256 8c112cdf92310aa517e27792a42c31b4b7702a250b68663d8a16dae4d8374de2
SHA512 0fb367f32f25228ee7a605580dbca0ff9d33b615719026d83e6c9632967101ac09e6f9311e20007ebfccfce4758d7c502a7ad74f1c991c1f085142f378080e2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 baefcf82534cb0a5b48694b96093b766
SHA1 afd189fa4bc04c665067461dea2307b4a9148eeb
SHA256 d23e1a8eabb1648e333e8e03cd3abb614eda0eaf0cfd51358460d5e5243eeeff
SHA512 198147a09ac54da3d6d729fa4c9c3e8fc8505a3eee1c66402477695608fe6388a1d22e9d527f120a890035500752b34186d88637116cdb66dfe9a0424ee060ce