Analysis Overview
SHA256
237dd269593914e0571b27022a25a61f4fb3a1af73c66e39711c611f0a7985e3
Threat Level: Known bad
The file NEAS.237dd269593914e0571b27022a25a61f4fb3a1af73c66e39711c611f0a7985e3.exe was found to be: Known bad.
Malicious Activity Summary
Detect Mystic stealer payload
Mystic
RedLine
RedLine payload
Executes dropped EXE
Adds Run key to start application
Detected potential entity reuse from brand paypal.
AutoIT Executable
Suspicious use of SetThreadContext
Enumerates physical storage devices
Unsigned PE
Program crash
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 10:49
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 10:49
Reported
2023-11-11 10:52
Platform
win10v2004-20231020-en
Max time kernel
147s
Max time network
154s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4GI3vI7.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5sv81BT.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\NEAS.237dd269593914e0571b27022a25a61f4fb3a1af73c66e39711c611f0a7985e3.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 6900 set thread context of 7536 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4GI3vI7.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 7776 set thread context of 7932 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5sv81BT.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\NEAS.237dd269593914e0571b27022a25a61f4fb3a1af73c66e39711c611f0a7985e3.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.237dd269593914e0571b27022a25a61f4fb3a1af73c66e39711c611f0a7985e3.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x17c,0x180,0x184,0x158,0x188,0x7ff9684946f8,0x7ff968494708,0x7ff968494718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9684946f8,0x7ff968494708,0x7ff968494718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9684946f8,0x7ff968494708,0x7ff968494718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9684946f8,0x7ff968494708,0x7ff968494718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9684946f8,0x7ff968494708,0x7ff968494718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9684946f8,0x7ff968494708,0x7ff968494718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x7ff9684946f8,0x7ff968494708,0x7ff968494718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x84,0x170,0x7ff9684946f8,0x7ff968494708,0x7ff968494718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1476,11445835236903100329,16252658735904654546,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,14329589371569253980,15864433670706602296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14329589371569253980,15864433670706602296,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9684946f8,0x7ff968494708,0x7ff968494718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,13071507033565311580,13966648533755459942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1476,11445835236903100329,16252658735904654546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,9280276684298489022,5893882411559387558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,208439729607109759,7252970704651438849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,208439729607109759,7252970704651438849,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,9280276684298489022,5893882411559387558,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,13071507033565311580,13966648533755459942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9684946f8,0x7ff968494708,0x7ff968494718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4GI3vI7.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4GI3vI7.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,17694725866520649994,2814909074555362407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 7536 -ip 7536
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5sv81BT.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5sv81BT.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 540
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,14729840886046400168,13439748535195185407,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| US | 34.233.198.216:443 | www.epicgames.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 238.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.198.233.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.49.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 192.229.233.50:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 104.244.42.69:443 | t.co | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 199.232.148.158:443 | video.twimg.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.169:80 | apps.identrust.com | tcp |
| NL | 88.221.25.169:80 | apps.identrust.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 171.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 34.195.142.151:443 | tracking.epicgames.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 18.239.36.103:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.103:443 | static-assets-prod.unrealengine.com | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | 103.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.142.195.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 157.240.5.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| NL | 172.217.168.227:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| NL | 172.217.168.227:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-ntqe6nes.googlevideo.com | udp |
| AU | 74.125.152.6:443 | rr1---sn-ntqe6nes.googlevideo.com | tcp |
| AU | 74.125.152.6:443 | rr1---sn-ntqe6nes.googlevideo.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| AU | 74.125.152.6:443 | rr1---sn-ntqe6nes.googlevideo.com | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| NL | 142.251.39.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 6.152.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| AU | 74.125.152.6:443 | rr1---sn-ntqe6nes.googlevideo.com | tcp |
| AU | 74.125.152.6:443 | rr1---sn-ntqe6nes.googlevideo.com | tcp |
| AU | 74.125.152.6:443 | rr1---sn-ntqe6nes.googlevideo.com | tcp |
| AU | 74.125.152.6:443 | rr1---sn-ntqe6nes.googlevideo.com | tcp |
| US | 18.239.36.103:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| NL | 23.222.49.98:443 | api.steampowered.com | tcp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.23.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 120.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| NL | 23.222.49.98:443 | login.steampowered.com | tcp |
| NL | 23.222.49.98:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.219.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.219.19.104.in-addr.arpa | udp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 216.58.214.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 106.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe
| MD5 | e9b6e852e80119eb84b6df92fa0dec83 |
| SHA1 | c418fc61b9a90480f8d2356ed5199e67a5a7828b |
| SHA256 | 3c68fb2a0ddebaf0c3045ea11d88ccac9fe3f1b7c316e6dfe8d142bd4ac3adc9 |
| SHA512 | 22232f8093d459a732a06e502c38dbb9046ba537ab8d994950bcd6d6be2783dc2641324c460bc7d30d0838c9d7cec267bd12a6b9675f4e4efa9ac123041b3f26 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kj7Hz91.exe
| MD5 | e9b6e852e80119eb84b6df92fa0dec83 |
| SHA1 | c418fc61b9a90480f8d2356ed5199e67a5a7828b |
| SHA256 | 3c68fb2a0ddebaf0c3045ea11d88ccac9fe3f1b7c316e6dfe8d142bd4ac3adc9 |
| SHA512 | 22232f8093d459a732a06e502c38dbb9046ba537ab8d994950bcd6d6be2783dc2641324c460bc7d30d0838c9d7cec267bd12a6b9675f4e4efa9ac123041b3f26 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe
| MD5 | 62e50d22351188622c5062e5e09bb633 |
| SHA1 | 544bfc9456f2efd8195d39e7ad1f94eb7150ac85 |
| SHA256 | 685d694359c986249bcb00f253a0bf842872b681a0f8853e0f4a6db53627dfa1 |
| SHA512 | 4508e068249ce953de14f4718c359442b4647fd5ac730a536479002a9afcd24d2c15d13538c2e368040439df8df415f1845ad1d024c1d895b8d4be149ddf5315 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3In550zI.exe
| MD5 | 62e50d22351188622c5062e5e09bb633 |
| SHA1 | 544bfc9456f2efd8195d39e7ad1f94eb7150ac85 |
| SHA256 | 685d694359c986249bcb00f253a0bf842872b681a0f8853e0f4a6db53627dfa1 |
| SHA512 | 4508e068249ce953de14f4718c359442b4647fd5ac730a536479002a9afcd24d2c15d13538c2e368040439df8df415f1845ad1d024c1d895b8d4be149ddf5315 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
\??\pipe\LOCAL\crashpad_728_MPEBFSIJIUFWSIEG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
\??\pipe\LOCAL\crashpad_1128_QAVRFPVZPVTXODAC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
\??\pipe\LOCAL\crashpad_2360_WKWWHNTBFHZBWSVT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
\??\pipe\LOCAL\crashpad_2928_JNWBXWEMNUMBFIKL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f47f476453986cad0741203b5d22330c |
| SHA1 | c4392781f48b93b175c1fb416670a5dfac26bcb2 |
| SHA256 | f7753f1c7b8338cfe7a35af4d5f31ca5bb398e3e57e8180a1b90f473bc0e8d48 |
| SHA512 | aaf5d8472de9d4fc3a7973945d6e550d3959dffdd632773a1c1b2d13cd97853440950047f1f3d795f4425f20bfdb9d9fe892c76f700122fa8acb830efcec1dd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9ded3e5f590601e4bcf227c9d4874920 |
| SHA1 | d339cd839ddac257dc3471264d7285621acefd36 |
| SHA256 | c1582acc6a6777556c613a3ddc39fa03fa05b99be5ba8a82601d542c520bf618 |
| SHA512 | 9d225215a9d35860740cde61978a5e0cf855a0fab2e0be2597efe2f6de7650c556e9556485c1df4e8171d2bb7e41111929d2185b74f1fd40c6fb2f7c82eb2981 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\574382b2-dd48-40eb-97ac-aec41e0f260a.tmp
| MD5 | e7e85caa8dd08dea6fc02edd239007fe |
| SHA1 | 0617eaae7c97f66c47b540c96f45c21e246ddb3d |
| SHA256 | 844465ac828ada8277302768af54866bb28ffa06c9f28530ee9df530a941940d |
| SHA512 | 68ef7325598f0b5db3c5564dd03587a716b9a55fb6a0ccdc94b1648f7da93cc8739ec4e2e80353fed662edf6196a564994acdb5f55eb6557ff2f27f6a1078ffb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5d5da19c8ed577319f66d13d875740c7 |
| SHA1 | 297ff5df4255c54db9149595e89dc88e0f27b9d1 |
| SHA256 | d8f11350b55e3f7847b94cb2809d6da14a5eea1c593a96d31ac3aa880355da2f |
| SHA512 | 44a302b94d6a1ef21b424ac2c79b1e14f32519eaeb2b124ec0cd120959e072df7dd316d2748c0427a12d970786fb88d850185e7951c8e373cbe2a2c0e4dfe2f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f47f476453986cad0741203b5d22330c |
| SHA1 | c4392781f48b93b175c1fb416670a5dfac26bcb2 |
| SHA256 | f7753f1c7b8338cfe7a35af4d5f31ca5bb398e3e57e8180a1b90f473bc0e8d48 |
| SHA512 | aaf5d8472de9d4fc3a7973945d6e550d3959dffdd632773a1c1b2d13cd97853440950047f1f3d795f4425f20bfdb9d9fe892c76f700122fa8acb830efcec1dd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5d5da19c8ed577319f66d13d875740c7 |
| SHA1 | 297ff5df4255c54db9149595e89dc88e0f27b9d1 |
| SHA256 | d8f11350b55e3f7847b94cb2809d6da14a5eea1c593a96d31ac3aa880355da2f |
| SHA512 | 44a302b94d6a1ef21b424ac2c79b1e14f32519eaeb2b124ec0cd120959e072df7dd316d2748c0427a12d970786fb88d850185e7951c8e373cbe2a2c0e4dfe2f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
\??\pipe\LOCAL\crashpad_2692_TFTRPRXNCFNWFGEF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_4632_WUHCYNWNZMCEMQSE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5ae5ddaedd95be66fc696e2b174029a4 |
| SHA1 | a04dbf5300311167e3b2559c07f54d2518133700 |
| SHA256 | 04959e5b37ec9e650122aeb2799706cb4c5e01b9c07c724aec4100838174ab07 |
| SHA512 | 82ce2ff1149f0001bf0957754e86bf83f91fa0d15f410894b45d6060c5ccd5b82deacdfb39a5f4661e2be8756d5307d5c12be56cc43c006f3e32c4b04d39f883 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7b89866d973468b67245416f91b020b5 |
| SHA1 | dbcd996eef6409ef19c6e9662eb35d24e0a2d578 |
| SHA256 | fd64a9bcab0e3ea1ae01a8d0bef0516721c324cca672a5c1dbbc5d5fc3e7df21 |
| SHA512 | 2b1d27b26266b67bfba089551cb89059f087eb9928d3dd67cfa1f9d51aefb09355f5dcf93684cd3d829e9640c1e4b8636b8e33a0fadc79593ab700c1d9908cfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e7e85caa8dd08dea6fc02edd239007fe |
| SHA1 | 0617eaae7c97f66c47b540c96f45c21e246ddb3d |
| SHA256 | 844465ac828ada8277302768af54866bb28ffa06c9f28530ee9df530a941940d |
| SHA512 | 68ef7325598f0b5db3c5564dd03587a716b9a55fb6a0ccdc94b1648f7da93cc8739ec4e2e80353fed662edf6196a564994acdb5f55eb6557ff2f27f6a1078ffb |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4GI3vI7.exe
| MD5 | 679892e938487fe8fc0e653f8feefe9f |
| SHA1 | 30a77ff687fe961a88d3a29da0c241fc5557b910 |
| SHA256 | 2e15631b38fd951b349a186834f7fa300312504459a067f2656cd69aae1d39c6 |
| SHA512 | daf7c0a1c7a91d0ce957b7eedd23d176f814abf954da0f5f1911dfa3b202d905f7b444f191976e54a9d6a09ba83bdf9131ad7e9cb65f0b185c3b2b12dd5db4e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5ae5ddaedd95be66fc696e2b174029a4 |
| SHA1 | a04dbf5300311167e3b2559c07f54d2518133700 |
| SHA256 | 04959e5b37ec9e650122aeb2799706cb4c5e01b9c07c724aec4100838174ab07 |
| SHA512 | 82ce2ff1149f0001bf0957754e86bf83f91fa0d15f410894b45d6060c5ccd5b82deacdfb39a5f4661e2be8756d5307d5c12be56cc43c006f3e32c4b04d39f883 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4GI3vI7.exe
| MD5 | 679892e938487fe8fc0e653f8feefe9f |
| SHA1 | 30a77ff687fe961a88d3a29da0c241fc5557b910 |
| SHA256 | 2e15631b38fd951b349a186834f7fa300312504459a067f2656cd69aae1d39c6 |
| SHA512 | daf7c0a1c7a91d0ce957b7eedd23d176f814abf954da0f5f1911dfa3b202d905f7b444f191976e54a9d6a09ba83bdf9131ad7e9cb65f0b185c3b2b12dd5db4e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9ded3e5f590601e4bcf227c9d4874920 |
| SHA1 | d339cd839ddac257dc3471264d7285621acefd36 |
| SHA256 | c1582acc6a6777556c613a3ddc39fa03fa05b99be5ba8a82601d542c520bf618 |
| SHA512 | 9d225215a9d35860740cde61978a5e0cf855a0fab2e0be2597efe2f6de7650c556e9556485c1df4e8171d2bb7e41111929d2185b74f1fd40c6fb2f7c82eb2981 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7b89866d973468b67245416f91b020b5 |
| SHA1 | dbcd996eef6409ef19c6e9662eb35d24e0a2d578 |
| SHA256 | fd64a9bcab0e3ea1ae01a8d0bef0516721c324cca672a5c1dbbc5d5fc3e7df21 |
| SHA512 | 2b1d27b26266b67bfba089551cb89059f087eb9928d3dd67cfa1f9d51aefb09355f5dcf93684cd3d829e9640c1e4b8636b8e33a0fadc79593ab700c1d9908cfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f47f476453986cad0741203b5d22330c |
| SHA1 | c4392781f48b93b175c1fb416670a5dfac26bcb2 |
| SHA256 | f7753f1c7b8338cfe7a35af4d5f31ca5bb398e3e57e8180a1b90f473bc0e8d48 |
| SHA512 | aaf5d8472de9d4fc3a7973945d6e550d3959dffdd632773a1c1b2d13cd97853440950047f1f3d795f4425f20bfdb9d9fe892c76f700122fa8acb830efcec1dd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5d5da19c8ed577319f66d13d875740c7 |
| SHA1 | 297ff5df4255c54db9149595e89dc88e0f27b9d1 |
| SHA256 | d8f11350b55e3f7847b94cb2809d6da14a5eea1c593a96d31ac3aa880355da2f |
| SHA512 | 44a302b94d6a1ef21b424ac2c79b1e14f32519eaeb2b124ec0cd120959e072df7dd316d2748c0427a12d970786fb88d850185e7951c8e373cbe2a2c0e4dfe2f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e7e85caa8dd08dea6fc02edd239007fe |
| SHA1 | 0617eaae7c97f66c47b540c96f45c21e246ddb3d |
| SHA256 | 844465ac828ada8277302768af54866bb28ffa06c9f28530ee9df530a941940d |
| SHA512 | 68ef7325598f0b5db3c5564dd03587a716b9a55fb6a0ccdc94b1648f7da93cc8739ec4e2e80353fed662edf6196a564994acdb5f55eb6557ff2f27f6a1078ffb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9ded3e5f590601e4bcf227c9d4874920 |
| SHA1 | d339cd839ddac257dc3471264d7285621acefd36 |
| SHA256 | c1582acc6a6777556c613a3ddc39fa03fa05b99be5ba8a82601d542c520bf618 |
| SHA512 | 9d225215a9d35860740cde61978a5e0cf855a0fab2e0be2597efe2f6de7650c556e9556485c1df4e8171d2bb7e41111929d2185b74f1fd40c6fb2f7c82eb2981 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc0d173deefd4c3a15a5cf80946e4203 |
| SHA1 | a7c4371156d397cd96681823ceaa842083217435 |
| SHA256 | b91c2960c7fd70bb3df3a844ab98555d1228b3d152fef80bf3302f883e8d3379 |
| SHA512 | 69854891f5de3d8337c3378b647e0084aaeb6e639f944c0609bd7c891e245b4d72210749c7bca5fd6cc72179c7dae660d590044e7b21e5a62e1997f7b5607088 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5ae5ddaedd95be66fc696e2b174029a4 |
| SHA1 | a04dbf5300311167e3b2559c07f54d2518133700 |
| SHA256 | 04959e5b37ec9e650122aeb2799706cb4c5e01b9c07c724aec4100838174ab07 |
| SHA512 | 82ce2ff1149f0001bf0957754e86bf83f91fa0d15f410894b45d6060c5ccd5b82deacdfb39a5f4661e2be8756d5307d5c12be56cc43c006f3e32c4b04d39f883 |
memory/7536-219-0x0000000000400000-0x0000000000433000-memory.dmp
memory/7536-224-0x0000000000400000-0x0000000000433000-memory.dmp
memory/7536-225-0x0000000000400000-0x0000000000433000-memory.dmp
memory/7536-227-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5sv81BT.exe
| MD5 | 4b52eab7bee53739a21fb35118af29c1 |
| SHA1 | 473827393a65e152c0f4001421a030d8855b7e38 |
| SHA256 | ec94abcd1ba6b77eaf794fa403abe976c125d3ce5cd8c16d688c7ca220d6ba85 |
| SHA512 | 2f4963dc16cdc97df041fccc99acf9b2557c461c38845c827baf46c76eb1a4fc54ce7c2fafd4ba69322b0888914039e32c7307a9bacf125909ee72468f75a459 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5sv81BT.exe
| MD5 | 4b52eab7bee53739a21fb35118af29c1 |
| SHA1 | 473827393a65e152c0f4001421a030d8855b7e38 |
| SHA256 | ec94abcd1ba6b77eaf794fa403abe976c125d3ce5cd8c16d688c7ca220d6ba85 |
| SHA512 | 2f4963dc16cdc97df041fccc99acf9b2557c461c38845c827baf46c76eb1a4fc54ce7c2fafd4ba69322b0888914039e32c7307a9bacf125909ee72468f75a459 |
memory/7932-250-0x0000000000400000-0x000000000043C000-memory.dmp
memory/7932-253-0x0000000073CF0000-0x00000000744A0000-memory.dmp
memory/7932-254-0x0000000007B30000-0x00000000080D4000-memory.dmp
memory/7932-255-0x0000000007620000-0x00000000076B2000-memory.dmp
memory/7932-256-0x0000000007780000-0x0000000007790000-memory.dmp
memory/7932-260-0x00000000076E0000-0x00000000076EA000-memory.dmp
memory/7932-289-0x0000000008700000-0x0000000008D18000-memory.dmp
memory/7932-290-0x00000000080E0000-0x00000000081EA000-memory.dmp
memory/7932-291-0x00000000078B0000-0x00000000078C2000-memory.dmp
memory/7932-292-0x0000000007940000-0x000000000797C000-memory.dmp
memory/7932-308-0x00000000078E0000-0x000000000792C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7b89866d973468b67245416f91b020b5 |
| SHA1 | dbcd996eef6409ef19c6e9662eb35d24e0a2d578 |
| SHA256 | fd64a9bcab0e3ea1ae01a8d0bef0516721c324cca672a5c1dbbc5d5fc3e7df21 |
| SHA512 | 2b1d27b26266b67bfba089551cb89059f087eb9928d3dd67cfa1f9d51aefb09355f5dcf93684cd3d829e9640c1e4b8636b8e33a0fadc79593ab700c1d9908cfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 39ae49269f0e5507ace45b2cb87f74cd |
| SHA1 | 0c8c45ab84fc2028770e5bdebe032011915d3121 |
| SHA256 | de1643c12514e3c1ccb4ac0ab4b4c58b59286d02faa9aff42899cf60f32263e5 |
| SHA512 | 4746704ea319d95145195f606371e3289e482a211a9b2a98d66f7890fc32853bf09fea519a7a0ba2fd584dcd4a70c646c3c16ad3d6384bd237e29b675b7a2446 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fdc67f4e4ba80740c2003576ce611bde |
| SHA1 | dc3c2111e763bbcd1194c46877d6d9cbd70d1e85 |
| SHA256 | d32970a0a8412ad842ef73e9b8a8d3c0023aaade27c8cb57fe1d6a320992b79e |
| SHA512 | 8862b05f858213a4dc0ac94f5beae4a5bc5141bb685d56b5d7529e76416b46f98bdc4ff94653c89afaf6552274f450e0bb88d7a73c9f493f681569e189c1ca68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 1c706d53e85fb5321a8396d197051531 |
| SHA1 | 0d92aa8524fb1d47e7ee5d614e58a398c06141a4 |
| SHA256 | 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932 |
| SHA512 | d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | fdbf5bcfbb02e2894a519454c232d32f |
| SHA1 | 5e225710e9560458ac032ab80e24d0f3cb81b87a |
| SHA256 | d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c |
| SHA512 | 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | 4e08109ee6888eeb2f5d6987513366bc |
| SHA1 | 86340f5fa46d1a73db2031d80699937878da635e |
| SHA256 | bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339 |
| SHA512 | 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ab448c56ed18b830c23d6d627c0c8248 |
| SHA1 | 21a1e0cefd8005dfda61eb4c7119eb5302700c50 |
| SHA256 | bd6963869c586e0e241164e3ea2e90208e406235f7c2513ccc6b618f3661ce8e |
| SHA512 | ce13fc081fab8dba18de1d58e4447753c743de6710f40a9476344e5dff45b09cc91687b9cc0a65257cb73e6421f21570a8ba0d39b4f383d2ef4985dccebd2b7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe583803.TMP
| MD5 | 8d6e39014efb4b616b0e60824afec931 |
| SHA1 | dff43c1101d5480454eac929cb1d76cb80609d27 |
| SHA256 | 06543a65802edb6e66f5e4c6cb5ef02ed00fbce2ed03eab86649bdc38b5660f7 |
| SHA512 | e1ee8a9e3de29759ad749f078b7d601121319e0cad0b48695f697d845a5f766f49e7d6d7dae29f6713ac65b6aa4f1b0835279fa30d7547e83013b7595ba1ae79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6b721d6971296900a35743f299afc11b |
| SHA1 | a6895c3ff8848b9772560044383a4ab60eca1be9 |
| SHA256 | b57f54b4bd945935905033122703939b033a08f8d839d66496c6db521e4dcc11 |
| SHA512 | 4632c248f4a6bd0cb80cc5e718ac81834910cb8e4ee7e2a226fc66ff9032a05a5629bccfcb83f9256a99c4945c0d6fb7bab943fe4ad359bb468349c26698230b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 77755216f9e4aeefaaa91a5220de4309 |
| SHA1 | c97c945b52dd732d19d3776f635fe68c7e528fa2 |
| SHA256 | a6ba185b20142c6a23c661ab513c87b602320ddfe2da30d060dbf4d35eadadf1 |
| SHA512 | ca0ae9cc9f9163e964a3d9a1e45ecb90127b12fa420022ee261e49da5a89a4e1a6fdbda1c25a259849a9a853e27ccabe463370c4b7689812d7c0058079f4df54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584169.TMP
| MD5 | 3ac8a74dc8ab90a3c1e2e03d11b5cde4 |
| SHA1 | f4e5c5a23fff44d467f50de08ec7da40959ab43b |
| SHA256 | d45a7675ea877ed1766821853340d93c7646b9fc53c7b7131cae2c9c5d76d65e |
| SHA512 | fd785b35b7662cdcd802cf119c7fdd32b13b2c1ce140561b81bada13604133005920716ef2a692470bf0483478c85f7e21b5462defe6212a1d20368b2cb1e2f5 |
memory/7932-627-0x0000000073CF0000-0x00000000744A0000-memory.dmp
memory/7932-637-0x0000000007780000-0x0000000007790000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2accf6b18b54d602070a0b1ef6f0ce67 |
| SHA1 | 5fc15ab2603db6ae31761aa07cd51ef83025fbf9 |
| SHA256 | cbfa7a03ded48d8c3b85b37d07f521516be85e7cdfd3d393b3b4663b8672351c |
| SHA512 | 7fe3462cf918b46261816a746316438e0480c7226680eacaea9fe62a6365959eb0ecfd6f4c6736b667337db8fc7cdc923332db7f74303e4f079e2bdc4bb2700a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 740a924b01c31c08ad37fe04d22af7c5 |
| SHA1 | 34feb0face110afc3a7673e36d27eee2d4edbbff |
| SHA256 | f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0 |
| SHA512 | da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 20ca34e5670816e0b5e07bab92ecb9aa |
| SHA1 | dda59c36ec057e31a07b057b13f833cc3abf00ce |
| SHA256 | 957f5ffe01cdd723753d9ac720ba8a75ec04c0014b5adff987e77da9b98e8ed9 |
| SHA512 | 16d152910096bb8f83c57dcdf186d45762e1ecf50f5d7cfb8367463087967d99d122058bb96d9c4aebe69ae26fef3d67ec294175f0b9b34b92ada60a9093c85b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ec71d02a100446fc170e9b67f64fa8c3 |
| SHA1 | d1a49e87f2163f161926fc60a79b8143dade120c |
| SHA256 | 3e8ea8ef6a1a9e50e1a6b8a2b7351d1d4a7081f6478508d2021873f0e8f234d3 |
| SHA512 | bd4453c53a8ce6a19ce1210c88dc29127a8dc33e67fdf8afad9ff0e95f3a35978f01b8b082a93d4252f4ab3d4738dd71709227f50f2a430d68bc09d9d8ff9c01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\72adc8f8-f248-4532-ae2f-e9c62d4a6342\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | af3b55aebdebbf1be7a60d6f2d912246 |
| SHA1 | cd6050ffc72f2054e633f5f8bc81d7426dd1c754 |
| SHA256 | efd0f8d534b32596aecbcc46e8ac71fa6a1ce292bb6f7aedd00edc23455e8c4d |
| SHA512 | 655c04edddf5121eadd9880abdbb7653a4ac71726c896717a62cb4b0c9089bfada24ce6849cf3f69829bdd221285cbee02f69912951d033b7ec57f088a4c58ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe5864df.TMP
| MD5 | 477cd72a9b5f643e2b23f40de0e6637f |
| SHA1 | d04da5e5b9c44bdb1dc53e425d1e1419a697dfd8 |
| SHA256 | be7c0e42548dad02534145be242c8bfdffbe6ef251f93575c1528d633725e81f |
| SHA512 | 96778edcbcb92d2322f9e0f5d266819e85878d6a8e929b14af992cf755cf925c8856aacf738574bfa5c0ea83ba30f99d3e0e810e148cdd33afcc99dfe8cb427b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8a0261b0391102c5a4e1e5bc2ee8565a |
| SHA1 | c71dbb3740cd9503a90e0bc01f3811db372d3ec1 |
| SHA256 | cb8ab16794d8b3608e269e95082f216fe8e9e718039f622c40e24b1f7fce0ff7 |
| SHA512 | 9197f93b3501b656625f1aad4f9390482dea1d0f2999e2031262257bb3e01ee7d003e6f326b542b4041a8cc2f7ce053af7eba8b17801e1cee4c4f8beb947af56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7b4695c326b3e276562a4ae26192e6c9 |
| SHA1 | e25fafbdca5b5681f150db6093df5c4970d57143 |
| SHA256 | 9a30003a81c2c5d2c5990ec27add2cd79f8fc5509062acc66d2f92478c8ed39a |
| SHA512 | 30d760c9c84ee95a8098f3f87b99a8998b3e4e4abdca9bb91f4e38b838e98e493a6fa1faf712ca0025605cb01caff3f4e9b8fe1c51336c48487e4822d8e98867 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e8d561ab4f0a8688c45d42e6017707a6 |
| SHA1 | 04b4ffec6d798775f1e72e0b890e6f8fbaca4755 |
| SHA256 | 09ff8cf40655cdc37a50cc11615c4d0e83a17c6af39746c8dd687f67313a1b08 |
| SHA512 | 51ffb43db8dc047f1e0b85c95a05cdc0f2d529ff181c855ea380a1dc9736c04bb20b88c0f6a9b5d74031143c4ad8f46a0e44229bb7d356b08ea9c36646470d02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 20a2f0dd023c3b9468849724f52599c4 |
| SHA1 | cca40185f7352f21a8eb8a1d127f7e5306e1b172 |
| SHA256 | 6612324e8b82f5da62461a5f176cc5d91f4487ea2d9eef3ea6f6c5c247601db7 |
| SHA512 | a226f77254f6ac54322da2f40e00f9f1949ecb59e622d474fada616cf314ec61c3b40573ded923bace9572a4bbe4c742c0a5772bdface6f7a37c5704b4827793 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b292.TMP
| MD5 | a1e4a1ee07dad85a5004321fd4658335 |
| SHA1 | 2f04284fb2ff5168b41ad44e8b28e23b9b4b01f8 |
| SHA256 | 16ef020d4e7d85dbdc4c9edb8217ca002831044a7349b0b34aa2225325194e0f |
| SHA512 | 3829874d8855b4332abe298ecbdb8e5d7f8ca14c5de01d0abd643d8c6e52557224b19ae93d4949a8d4fbe839472cfb494627b81e4a157e98604d2e3d609871e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\b53c6da5-8b86-439a-93b7-4c2c617db915\index-dir\the-real-index
| MD5 | d557f8befff503e610f6674690185c49 |
| SHA1 | aabd69588edf55d1f415ba395c879d2ba867784f |
| SHA256 | 7e7b4ef9ca1e8705741af505b4f4bb2376078166d05b633f2a73f288ede4341f |
| SHA512 | 9ea734f4b60a2b50cbf558bc21be41c5cc4485c74b4f0af4dfa42dffa20436eb11bd8fefdc65ec403687ec81effd9d01095d9826ce94977fc55a30dc4d744ce8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\b53c6da5-8b86-439a-93b7-4c2c617db915\index-dir\the-real-index~RFe58b726.TMP
| MD5 | c991080f5dc9013b1fc4350f26f986a2 |
| SHA1 | 75d7c9a179b70dc22c4f7fca669c91d27c22cce9 |
| SHA256 | c1ce5c8ca1a4c32b59eb78469fa8ed755a163b15010cc8f86346c33ddb95e640 |
| SHA512 | ac0936a15bb41b713fbd0b91dbd4f4a4cca6069cc66ba3be64cada1e8594587c0413515bd49210a4a8acc164dd1e8659b9cd196faf14218939ac6c3577a573b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\59eefe05-4260-41bc-a381-b5f69177e4b9\index-dir\the-real-index~RFe58c6a6.TMP
| MD5 | 8798194f84d118720cba5df9e7107219 |
| SHA1 | d6378c867a3adc6c62b234caf0dc2aeeea7f5647 |
| SHA256 | 0d691e40872eb6b6ca7186ed100156630f901bb469c6110d350522885be43afe |
| SHA512 | de833f4dc635c1843219634031afdc28a7eae94ebb8780c71e14cb00a192ec74620f54fb1cc3457ddd5b837b236475fd3f8d3847fade0af21e4f2b2f518279f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\59eefe05-4260-41bc-a381-b5f69177e4b9\index-dir\the-real-index
| MD5 | 9113081271fb1bd44481f85f60b674b9 |
| SHA1 | bcddab5ebaeb191c3d42b71a4d90b70efe10e573 |
| SHA256 | cb71e9ff54e2d4177366feb0182ae94ee1ebd7a3f24bf1d8cda5e6f3a5f333b5 |
| SHA512 | affab449e392b45a866105599758d0e56d4b42de70ef29ceed51e7dcfaa15d9090d64afb7365f4ff0ee2c2eee514f3197021dd730c83311bafd5771b098cab1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 23eeef76531ce69b58a2fb45de824cff |
| SHA1 | f903db40cb22b49ed1e7e19d20bdf3c16a7265e5 |
| SHA256 | b79c05724c1e50ba7c820d3efd4f60b1b132158e522578ebfc4ead339ffbf35d |
| SHA512 | 0045c2d6813d410cb391da672eb994af99bfbb8569f097d844457015c5dd29219509d9fd536459d79f8909796add4c9895a26f946e298d4491385a9a9b64c3d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f771958d8873a70350d5a35b4d45a423 |
| SHA1 | d9e5274660b830dfba87bb031a41c23e1a3ac182 |
| SHA256 | 0da07a54de9434bcd8c8afd816c54002dea9a9a5e35719d1e920a09875c7f7e1 |
| SHA512 | 71f1d36ba7a94079c064c171743b1cdc56a5d03812063fa42c62c4fdf6039c53c81a6095dd66aad0fbd6f235da888594931a4ee027c126b75ddc16cdc9524a1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 01387656700ea603c6d38671f6a7b752 |
| SHA1 | 32290dcfba939fe0d2b5a13905a9428c0e845d7a |
| SHA256 | f7ea34005a7bf7ef7bef7a31a0026f53e520af701687c7d82dcbe5aab8ac190f |
| SHA512 | 5a88d0d8f07287df8dd7a7618e0bfd474f56fab24efc1aa75481f50a7da9e1d4023e42c8cf6ff7e6939da401a4dd1e3486399d594cb756a292478c4f4d1abc12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0da5ee6e-071c-42dc-a002-0a613cdfc16e.tmp
| MD5 | d85f053aca1ef2b4314e8777872c2852 |
| SHA1 | c13cc150fa0aa97f9594bc8d307c3f484a2aeb46 |
| SHA256 | 956c79e44704cb0d8780aa5d8c60c61a350593729d46f1cc4d34d457b45eac83 |
| SHA512 | 9d558f08fe21160d0c08c0eef5accdac27e4b55a06146cecf1390513d5c53b68f9f9ee554bd35b70d6a19ed59d940d751ff72db325e8c573924dd2e19d88ffa2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 195ad04abf7de095c6be48f05221228a |
| SHA1 | 9ed02d3575287286a1b57426faa29620c6e75411 |
| SHA256 | 2a7807e64b36bfd144e8973b534104cdca1f7c38ad369dfdb9306c62ae2e7842 |
| SHA512 | 53f73fd7c1d118afb6cc6143465ba51f0327c1c6fba4b9ffb0b4b89beb05133434bd923134afd34eca3b477b1188b8c84e07a6d1a09bd58a87c94035e24e9f93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | e0fa7789897e9d6cbbe98c8d1d133147 |
| SHA1 | f52ecfa07408cfd28d14cf1882dd45e48d29c1ea |
| SHA256 | fc9ba266ca1487bbbacb6f3702d6c80d10a73d738307428f3133db2156d81b28 |
| SHA512 | f636d0901f841367eb99e5d50236295dc23f1d0ae4f26fbf0643bad50a014c466cc1991d25594f44cc2ceb9db1371e69cb73bd4f34f7582fbee4b19b6e67e745 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\72adc8f8-f248-4532-ae2f-e9c62d4a6342\index-dir\the-real-index~RFe593994.TMP
| MD5 | c409b90bc963d1f6fbb122a14a44155e |
| SHA1 | c126426286c8205d6fae23e5470ba6dd112c71f0 |
| SHA256 | 743cae59fdf85aea45fd9f8c4040675eb2b35a37f2117d958df45fdc85d7ac44 |
| SHA512 | 49ca6ee46b09a3fae0534e1e08d3f0ef3928def00cbfe289fde6162657c385eab17bc0cb048d52414b672dc38a7e681a0b78d8cd29b4715a9d36e51f6d383cf7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\72adc8f8-f248-4532-ae2f-e9c62d4a6342\index-dir\the-real-index
| MD5 | f085fcb8af6fcb0bb984cdd5ee86cc08 |
| SHA1 | e7446bf3300240a6f8be271361dff979c13a025d |
| SHA256 | 8c112cdf92310aa517e27792a42c31b4b7702a250b68663d8a16dae4d8374de2 |
| SHA512 | 0fb367f32f25228ee7a605580dbca0ff9d33b615719026d83e6c9632967101ac09e6f9311e20007ebfccfce4758d7c502a7ad74f1c991c1f085142f378080e2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | baefcf82534cb0a5b48694b96093b766 |
| SHA1 | afd189fa4bc04c665067461dea2307b4a9148eeb |
| SHA256 | d23e1a8eabb1648e333e8e03cd3abb614eda0eaf0cfd51358460d5e5243eeeff |
| SHA512 | 198147a09ac54da3d6d729fa4c9c3e8fc8505a3eee1c66402477695608fe6388a1d22e9d527f120a890035500752b34186d88637116cdb66dfe9a0424ee060ce |