Malware Analysis Report

2024-12-08 00:56

Sample ID 231111-nm473see5x
Target NEAS.8796c468bfdc78e3045bf30c2d6e8eec98503e0b2ee0fbb61dbe1c3dc4279f50.exe
SHA256 8796c468bfdc78e3045bf30c2d6e8eec98503e0b2ee0fbb61dbe1c3dc4279f50
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8796c468bfdc78e3045bf30c2d6e8eec98503e0b2ee0fbb61dbe1c3dc4279f50

Threat Level: Known bad

The file NEAS.8796c468bfdc78e3045bf30c2d6e8eec98503e0b2ee0fbb61dbe1c3dc4279f50.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

Detect Mystic stealer payload

Mystic

RedLine payload

RedLine

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Detected potential entity reuse from brand paypal.

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 11:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 11:31

Reported

2023-11-11 11:43

Platform

win10v2004-20231020-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.8796c468bfdc78e3045bf30c2d6e8eec98503e0b2ee0fbb61dbe1c3dc4279f50.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.8796c468bfdc78e3045bf30c2d6e8eec98503e0b2ee0fbb61dbe1c3dc4279f50.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hh0Tx22.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4252 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.8796c468bfdc78e3045bf30c2d6e8eec98503e0b2ee0fbb61dbe1c3dc4279f50.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hh0Tx22.exe
PID 4252 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.8796c468bfdc78e3045bf30c2d6e8eec98503e0b2ee0fbb61dbe1c3dc4279f50.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hh0Tx22.exe
PID 4252 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.8796c468bfdc78e3045bf30c2d6e8eec98503e0b2ee0fbb61dbe1c3dc4279f50.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hh0Tx22.exe
PID 2668 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hh0Tx22.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe
PID 2668 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hh0Tx22.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe
PID 2668 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hh0Tx22.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe
PID 4176 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 2504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 2504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3920 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3920 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2396 wrote to memory of 4328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2396 wrote to memory of 4328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4176 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 860 wrote to memory of 5212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.8796c468bfdc78e3045bf30c2d6e8eec98503e0b2ee0fbb61dbe1c3dc4279f50.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.8796c468bfdc78e3045bf30c2d6e8eec98503e0b2ee0fbb61dbe1c3dc4279f50.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hh0Tx22.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hh0Tx22.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fffccc546f8,0x7fffccc54708,0x7fffccc54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffccc546f8,0x7fffccc54708,0x7fffccc54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fffccc546f8,0x7fffccc54708,0x7fffccc54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffccc546f8,0x7fffccc54708,0x7fffccc54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fffccc546f8,0x7fffccc54708,0x7fffccc54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fffccc546f8,0x7fffccc54708,0x7fffccc54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7fffccc546f8,0x7fffccc54708,0x7fffccc54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fffccc546f8,0x7fffccc54708,0x7fffccc54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,6863032680903519659,14085878544454842038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,2502248288636520754,7022843433564671711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2502248288636520754,7022843433564671711,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fffccc546f8,0x7fffccc54708,0x7fffccc54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,10995643804397961343,4421712746688806446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,10995643804397961343,4421712746688806446,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,6863032680903519659,14085878544454842038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,13553043544417244629,13788238504809782003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,13553043544417244629,13788238504809782003,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9512636347135590799,13259876765225611195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9512636347135590799,13259876765225611195,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9416008686089103256,14474109354447530720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2oN1872.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2oN1872.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fffccc546f8,0x7fffccc54708,0x7fffccc54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9416008686089103256,14474109354447530720,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,11399642918942393244,3766026104434980980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3SG26yW.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3SG26yW.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 8172 -ip 8172

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7720 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7720 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9056 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16092711580527877010,11395601633042978757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4964 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.epicgames.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 twitter.com udp
US 34.202.40.65:443 www.epicgames.com tcp
US 34.202.40.65:443 www.epicgames.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 65.40.202.34.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 192.229.233.50:443 pbs.twimg.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 34.195.142.151:443 tracking.epicgames.com tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 104.244.42.133:443 t.co tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com tcp
US 8.8.8.8:53 22.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 8.8.8.8:53 www.recaptcha.net udp
US 64.4.245.84:443 b.stats.paypal.com tcp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 254.177.238.8.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 104.244.42.66:443 api.twitter.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 rr4---sn-q4fl6nd7.googlevideo.com udp
US 173.194.140.201:443 rr4---sn-q4fl6nd7.googlevideo.com tcp
US 173.194.140.201:443 rr4---sn-q4fl6nd7.googlevideo.com tcp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 201.140.194.173.in-addr.arpa udp
US 173.194.140.201:443 rr4---sn-q4fl6nd7.googlevideo.com tcp
US 173.194.140.201:443 rr4---sn-q4fl6nd7.googlevideo.com tcp
US 173.194.140.201:443 rr4---sn-q4fl6nd7.googlevideo.com tcp
US 173.194.140.201:443 rr4---sn-q4fl6nd7.googlevideo.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 120.208.253.8.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.170:443 jnn-pa.googleapis.com tcp
NL 142.250.179.170:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hh0Tx22.exe

MD5 de5f066f74b9394823a0e641de9226cc
SHA1 0a56223a10fd63f5fb97fe20c40973295b071c21
SHA256 c927cf64b29d97964b1da1e33f1791bd1a00c5492d2fced98cacadc7ce5134b4
SHA512 8dc70b9917f5483bfacd3bf4931840bfdce64d02a2fa3af4f291cc2f1bdce559c142cf189e3080515d47fb6332d2c7c74e9713517c9632cdc958fe53e4b24077

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hh0Tx22.exe

MD5 de5f066f74b9394823a0e641de9226cc
SHA1 0a56223a10fd63f5fb97fe20c40973295b071c21
SHA256 c927cf64b29d97964b1da1e33f1791bd1a00c5492d2fced98cacadc7ce5134b4
SHA512 8dc70b9917f5483bfacd3bf4931840bfdce64d02a2fa3af4f291cc2f1bdce559c142cf189e3080515d47fb6332d2c7c74e9713517c9632cdc958fe53e4b24077

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe

MD5 6e81cc064a266120bf1baef76da87a8a
SHA1 61e87c9898e966290e60872a188421153eb88171
SHA256 3da8ead89b20ce23a3c72ac537d621cbe29ee44bbf03fca9f05d751fc1cc9ad6
SHA512 cd812fcda31e4a35785e4dd55fe03f743d1bafbae46cce7886e55881d10798659dff6e17e19d6a46effbc641b5bc2613490974de741c934ad95724f70c7287a6

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MK47vD8.exe

MD5 6e81cc064a266120bf1baef76da87a8a
SHA1 61e87c9898e966290e60872a188421153eb88171
SHA256 3da8ead89b20ce23a3c72ac537d621cbe29ee44bbf03fca9f05d751fc1cc9ad6
SHA512 cd812fcda31e4a35785e4dd55fe03f743d1bafbae46cce7886e55881d10798659dff6e17e19d6a46effbc641b5bc2613490974de741c934ad95724f70c7287a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_404_YMSHXQVTGOHZOMXQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_412_GLAIEPDZYSAYGUWV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2872_SZOJACAXCMFCQAVD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2396_QVFPPVCEYQALJFNQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_2584_TCBYDOORHLIDALBR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_860_ZCVMAUZTADJRLCPX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_3920_TRIIDNTHMIBZECTA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fb9f7dfcc5d121c802827a482f2d4975
SHA1 795cbe677e4bc60cdf046ef5900a8204131ef2ad
SHA256 47262ab13f2ba7eb86820fd3d723fbdef5be649fa26d653111c35a99ce98dcdc
SHA512 1289750872dd0a82cf2744b4bf887b44c9b379cc7ce6e972b3097e78746ac777d24235e64622f0ff32a1367d1283e54e35c3b8e8854e751eabf9015aad41b7e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2oN1872.exe

MD5 09e40554209c2a7ba5cc82a0686c89ab
SHA1 557f76ed539436949b9b5e6e9c654cbd40de36a4
SHA256 4aeb7fe08b8623012222c93b63532e4779ec599a08fdb56037c3aec262e95e83
SHA512 dce232551ead1af3a0c5ef418af3ff405ce649d2979ddb02a2410a9b8527a0ffd7eccf51e0c89317cff46835e84df4c0f0a97c9f7ab11806f9c6d458677d4566

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ff247054ed92780a0b4bc39e94e8ef5e
SHA1 b93f6a9e7be9a1561738538ceec5b1d1e71da63a
SHA256 0a76721b95081e4ef9bc17fedaddca99068a4acbaedcd2168b13e7591a5dd6a9
SHA512 ace23e9df27d0d74bbadb4523dea742b7d9202e606116eb73e320726e33e20930f41d3f6b7528311ebc372859fdc6464d7cef0c0ae18b6c2085e69268e5a3a40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9f122579-76bc-4953-859e-cb4404761db9.tmp

MD5 89f4096e10e672a92c39cdbd8634cc69
SHA1 1a4041356f289ddf1df4535685bd2c4ced0db2b5
SHA256 83115c3a3f9e185a58f246bed1c6ac4ffb66a15d25d5d0e92c2f41fc18c9d634
SHA512 507dccab28fe4dcf02859f082c7ea18bf6245b7c63e97b17033137c1107bf13b238081d08fe026dbff90b756fbb1d0d04398b1495f5e91d6171e80deefc12957

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ff247054ed92780a0b4bc39e94e8ef5e
SHA1 b93f6a9e7be9a1561738538ceec5b1d1e71da63a
SHA256 0a76721b95081e4ef9bc17fedaddca99068a4acbaedcd2168b13e7591a5dd6a9
SHA512 ace23e9df27d0d74bbadb4523dea742b7d9202e606116eb73e320726e33e20930f41d3f6b7528311ebc372859fdc6464d7cef0c0ae18b6c2085e69268e5a3a40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8b9b5853-0239-4d07-bceb-a62e6255863c.tmp

MD5 43d81b293bf018ff19f13eef581cda10
SHA1 209479a6be060e84d1547b7fb473bdceb7b3babe
SHA256 a8b6f66e628a7f809c3226bd58e5e86922ccda1e30b99c05c5a42869e9b0c44e
SHA512 a8e6b3dc67baa8d4cd3690fdafd2eb951977bcd1ad590df9c4c12158ad51b84d84f51f2f696a53b7ad0cfe9267abe12601f0253610b196ef7acd28dc3f61f347

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3104c37f3780368425cbef664c07d5b5
SHA1 932c46947ca87647a3478a68722bea6e10119c8d
SHA256 83e1ad8e17dabd0a2ea05930c28c0582cba58cee58ee3c4ee3fa205635daff50
SHA512 aa54e09e306accd50b074fa54cd6815bae28c986f582300dc8cce87773f71552a7f2f53b32211c179e20dc0a115404d826303eec661d6df83d9875fe6940a9d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3104c37f3780368425cbef664c07d5b5
SHA1 932c46947ca87647a3478a68722bea6e10119c8d
SHA256 83e1ad8e17dabd0a2ea05930c28c0582cba58cee58ee3c4ee3fa205635daff50
SHA512 aa54e09e306accd50b074fa54cd6815bae28c986f582300dc8cce87773f71552a7f2f53b32211c179e20dc0a115404d826303eec661d6df83d9875fe6940a9d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab8b048913cea12dfe83a6150862fde3
SHA1 5786fe8f6e4c3caf4e57691d7abcbdd1dd81f898
SHA256 de3bf084ec9db9b58c706198e2a3fd0701c4511907e7da6cdd2b7778ab6e7dc6
SHA512 2c0affb83758552f88f32d0f3c74f8a149eab005851f9342c6cd8e6917d98e8d1f6b98aca8963ef93dfdbe7685782cf7d489fde2d5af4890d03f5e280247a28a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab8b048913cea12dfe83a6150862fde3
SHA1 5786fe8f6e4c3caf4e57691d7abcbdd1dd81f898
SHA256 de3bf084ec9db9b58c706198e2a3fd0701c4511907e7da6cdd2b7778ab6e7dc6
SHA512 2c0affb83758552f88f32d0f3c74f8a149eab005851f9342c6cd8e6917d98e8d1f6b98aca8963ef93dfdbe7685782cf7d489fde2d5af4890d03f5e280247a28a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fb9f7dfcc5d121c802827a482f2d4975
SHA1 795cbe677e4bc60cdf046ef5900a8204131ef2ad
SHA256 47262ab13f2ba7eb86820fd3d723fbdef5be649fa26d653111c35a99ce98dcdc
SHA512 1289750872dd0a82cf2744b4bf887b44c9b379cc7ce6e972b3097e78746ac777d24235e64622f0ff32a1367d1283e54e35c3b8e8854e751eabf9015aad41b7e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 43d81b293bf018ff19f13eef581cda10
SHA1 209479a6be060e84d1547b7fb473bdceb7b3babe
SHA256 a8b6f66e628a7f809c3226bd58e5e86922ccda1e30b99c05c5a42869e9b0c44e
SHA512 a8e6b3dc67baa8d4cd3690fdafd2eb951977bcd1ad590df9c4c12158ad51b84d84f51f2f696a53b7ad0cfe9267abe12601f0253610b196ef7acd28dc3f61f347

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2oN1872.exe

MD5 09e40554209c2a7ba5cc82a0686c89ab
SHA1 557f76ed539436949b9b5e6e9c654cbd40de36a4
SHA256 4aeb7fe08b8623012222c93b63532e4779ec599a08fdb56037c3aec262e95e83
SHA512 dce232551ead1af3a0c5ef418af3ff405ce649d2979ddb02a2410a9b8527a0ffd7eccf51e0c89317cff46835e84df4c0f0a97c9f7ab11806f9c6d458677d4566

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 89f4096e10e672a92c39cdbd8634cc69
SHA1 1a4041356f289ddf1df4535685bd2c4ced0db2b5
SHA256 83115c3a3f9e185a58f246bed1c6ac4ffb66a15d25d5d0e92c2f41fc18c9d634
SHA512 507dccab28fe4dcf02859f082c7ea18bf6245b7c63e97b17033137c1107bf13b238081d08fe026dbff90b756fbb1d0d04398b1495f5e91d6171e80deefc12957

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c1abdf747eca34cf584855c1080e07f2
SHA1 56ac95d9159ee623067d64b83082eede3427f9b6
SHA256 29a823241a332a9aa6a6acc20eee715291475311d730d33ea51b145c21864485
SHA512 6b5bdc582a3d6fe0dfaf7538f39c39e0654f5717bf02f130e5c488151b6ee3dfb4970cb02d42b4d29006563251babc59454175849923f3e0fe66a6c579364036

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c1abdf747eca34cf584855c1080e07f2
SHA1 56ac95d9159ee623067d64b83082eede3427f9b6
SHA256 29a823241a332a9aa6a6acc20eee715291475311d730d33ea51b145c21864485
SHA512 6b5bdc582a3d6fe0dfaf7538f39c39e0654f5717bf02f130e5c488151b6ee3dfb4970cb02d42b4d29006563251babc59454175849923f3e0fe66a6c579364036

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 43d81b293bf018ff19f13eef581cda10
SHA1 209479a6be060e84d1547b7fb473bdceb7b3babe
SHA256 a8b6f66e628a7f809c3226bd58e5e86922ccda1e30b99c05c5a42869e9b0c44e
SHA512 a8e6b3dc67baa8d4cd3690fdafd2eb951977bcd1ad590df9c4c12158ad51b84d84f51f2f696a53b7ad0cfe9267abe12601f0253610b196ef7acd28dc3f61f347

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 89f4096e10e672a92c39cdbd8634cc69
SHA1 1a4041356f289ddf1df4535685bd2c4ced0db2b5
SHA256 83115c3a3f9e185a58f246bed1c6ac4ffb66a15d25d5d0e92c2f41fc18c9d634
SHA512 507dccab28fe4dcf02859f082c7ea18bf6245b7c63e97b17033137c1107bf13b238081d08fe026dbff90b756fbb1d0d04398b1495f5e91d6171e80deefc12957

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fb9f7dfcc5d121c802827a482f2d4975
SHA1 795cbe677e4bc60cdf046ef5900a8204131ef2ad
SHA256 47262ab13f2ba7eb86820fd3d723fbdef5be649fa26d653111c35a99ce98dcdc
SHA512 1289750872dd0a82cf2744b4bf887b44c9b379cc7ce6e972b3097e78746ac777d24235e64622f0ff32a1367d1283e54e35c3b8e8854e751eabf9015aad41b7e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab8b048913cea12dfe83a6150862fde3
SHA1 5786fe8f6e4c3caf4e57691d7abcbdd1dd81f898
SHA256 de3bf084ec9db9b58c706198e2a3fd0701c4511907e7da6cdd2b7778ab6e7dc6
SHA512 2c0affb83758552f88f32d0f3c74f8a149eab005851f9342c6cd8e6917d98e8d1f6b98aca8963ef93dfdbe7685782cf7d489fde2d5af4890d03f5e280247a28a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3104c37f3780368425cbef664c07d5b5
SHA1 932c46947ca87647a3478a68722bea6e10119c8d
SHA256 83e1ad8e17dabd0a2ea05930c28c0582cba58cee58ee3c4ee3fa205635daff50
SHA512 aa54e09e306accd50b074fa54cd6815bae28c986f582300dc8cce87773f71552a7f2f53b32211c179e20dc0a115404d826303eec661d6df83d9875fe6940a9d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ff247054ed92780a0b4bc39e94e8ef5e
SHA1 b93f6a9e7be9a1561738538ceec5b1d1e71da63a
SHA256 0a76721b95081e4ef9bc17fedaddca99068a4acbaedcd2168b13e7591a5dd6a9
SHA512 ace23e9df27d0d74bbadb4523dea742b7d9202e606116eb73e320726e33e20930f41d3f6b7528311ebc372859fdc6464d7cef0c0ae18b6c2085e69268e5a3a40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1ba638823afb96bed1e3c1d15f8a8bcd
SHA1 e1a998f1f9d1a9b5bf25fbfe191c3789d2be5bd1
SHA256 78158346e5e5f34d85e131f6b8eecab722a8725b4b3e7b6c33b88cda0104520d
SHA512 b123a9fed8228369e02e7d52b51ab502efe3cc33e53c3a52dbf556b49b388d9dbed9fea6e3892d10b5b73592136b8e12d260fca1d416de6eb416666cf7e18146

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3e700208635d6d4fe5b82acedc32ec20
SHA1 f9c8beee245a0195a6256ae9fb0d7db82fd858a4
SHA256 90d4fb3a77b2c3d86f6be399e25a3ae4832a83847d3566ac6315d5e891d77930
SHA512 0bbdbe6253456e8833b105897c7dabeee28d4c93389a8302db9bfdb8aefc270210118b3b27b6b7254f02437ac251bc0dc249d8d1e1887978a66330d3c8f3ae0e

memory/8172-287-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8172-292-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8172-297-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8172-295-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3d11261af3ba1f833db63a9f3622de61
SHA1 9b9920986eacf75a2c350be5c0e27458752a585b
SHA256 0ef2b769e1d96caf433b2753a7c2962326f8358b63b873a03daa0a6c9859e727
SHA512 833a48f901b41ebd8170cd3b699d61980c526ee88ca78f8ad7f5c50addec583e7e0a17d27d3cfe16d3c3a5bd984dd8b28466b501a49556d047841872d20a5ebc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1c706d53e85fb5321a8396d197051531
SHA1 0d92aa8524fb1d47e7ee5d614e58a398c06141a4
SHA256 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932
SHA512 d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/7164-393-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7164-394-0x0000000074820000-0x0000000074FD0000-memory.dmp

memory/7164-397-0x0000000007880000-0x0000000007E24000-memory.dmp

memory/7164-399-0x0000000007370000-0x0000000007402000-memory.dmp

memory/7164-418-0x0000000007510000-0x0000000007520000-memory.dmp

memory/7164-432-0x0000000007360000-0x000000000736A000-memory.dmp

memory/7164-449-0x0000000008450000-0x0000000008A68000-memory.dmp

memory/7164-450-0x0000000007720000-0x000000000782A000-memory.dmp

memory/7164-455-0x00000000074E0000-0x00000000074F2000-memory.dmp

memory/7164-457-0x0000000007650000-0x000000000768C000-memory.dmp

memory/7164-460-0x0000000007690000-0x00000000076DC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f3a48df04ab23f8e023f20378a4a5a51
SHA1 a00a1b8c76cc39112df3af33e51c9cd2577261a8
SHA256 5e01134b084db471f0628d7f033ec732070396ae17cc92b1c7c8fa0443fd4cda
SHA512 34d150a884c073a797b4dcf133f3b61d6de81f789ec8f635992aad640e157605d566cb2348552c725acde6d9a3ca239d1b80e7e6552176453b2aa343bc9232e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fa3e.TMP

MD5 7cea3c24397dca581dcc334752538de6
SHA1 df6f4fa96568c2d19bd6ecaf9c3079f0ba219415
SHA256 b1aa4972d742642f83fe9e5858b107e489ba1ef09715c83c0d3c6c4f2a28c683
SHA512 ae6b332610a12f331c9969b7a779487128ed364f761d5f7e83c502a84b4514d300e5f69f52ff345d3b7625c5d71dcf2e23d19a677c5d321f3feec88d650881b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7b3301ebca7c4fa36a137e97b63729a2
SHA1 a6c15e57928904967f2ead579ad8526aa6028dde
SHA256 55e6f3913ea409e8b96876bc4983214561bb3cea27d9be71306270beb346b952
SHA512 b49d83cf1701b5f216b8cb20f490ae9b55a722fc90299c962573f3c45a8bf3649703d73628ce42f6c6f1ae0b79a82bc28132df6cd769448439c9180f6136648a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 fe32166afe33de254177a8b352052def
SHA1 f85ae4c89ec3d864dec066156100e40c88dd2cbf
SHA256 b2424e913b8a71285c273fe98b5ccfa278e5b88c29938683af7e64b7306109c3
SHA512 719b7c5966f3ff7e1c5a9dec34250e59b1ce70551edd28f0a9b821e3913900ff71bede71c7cc44b05e8967c7bb724a12547ed35d0b8ef9192680b121a7c23670

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe581681.TMP

MD5 c6e5d27104f8ecbf75f27ff10f57cba0
SHA1 105b78989a3a3e3e0bbde4e7b43cdaf393cfec10
SHA256 61081af0c667769f40d62c9a97605a0bb16c8d154196957085561d82a44138a7
SHA512 a959f1a45bcfe561a272296c4dc9320e706deaf3c3b78f479bd71ff2626ac6349a69073860f2ff8e5eb6e2abae3fa58bb9b0534f3aae19ff4631e0a13d634799

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8987cc7e803ac44214bb29a7217fa147
SHA1 64e31acd172a0ab153111d513abe8930f85e990e
SHA256 b836dd6caacad0652c92f92f1490ee64715e14edaa8a8d0fe6fed554805a654a
SHA512 1d53e600d79c4fa39f6ce1c1ba51b3f4b78a4ecffbe0d612abdecf50ddbc17e3428ebc110d8f2c2754693ef85f8761d608579d1347465c3238056e5881836f08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2ee2c901-530b-45e9-9752-4845eaa5ae60\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a2f58a7c799e5ec3ac084e172a347cbe
SHA1 1f8ba7a2e6e65d685c2bffd34cd1f1b9c58031ca
SHA256 1f8701140b794f84b3baddcbdd05e0696376beee130209b61b75a11b2409ecd4
SHA512 857a91f884895a1ec7f50b96bd9b12c5d8108637ff67240d4f313d7b62d2b2cffd48b072c1ba7af374ea34bdbbc6f3812dfaea98a09ce3732a32c02a8065dac3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

MD5 3ac57ca5d95cd89499894ad31f2ddf86
SHA1 cc01adb6b170793551da0a8cff74a41c3ff7fba3
SHA256 ecbda100f56b07624d2d898bc70827b54e2ee1b0b8e52bc5b6c502aff6901c16
SHA512 d72055bbef9bcf1cab228157e5da03908d2c930b2c92a9ebe4cef89c8d63f59d8a734e704e33e9d939edffd55e62beb7c77ecfce96eee96b1b20c7b506edaced

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3bea01abbac7210f5baa8eb0ff0b8c01
SHA1 1cd94fd54faa04a57c78eff0748f3f7626784571
SHA256 2814aa323381fc1cdabd0a96b0cfbcd8410eaee3ec37f4868c8eb43a7dedb748
SHA512 3c862c79673bb9d6ea6081bd06d2441e5e605639e98b49489ba82792bc0c13acc28ea372cc0f8ec594f6761f0988427e8e8388c812cff80d0bb592c44db8c04f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6a41163b3574658cfd5e04d2d964a007
SHA1 40e1fa394a0c013102b611feb9749a2aa10adce3
SHA256 f4739ebf02d7def0cac2997130ba2619d89fbd890b363b8e41e7fef8b2e5ab9c
SHA512 49cc4c85af52105264ae2d56a9ea61dd89d52623a61621161d459ac26e3bc5e5e80a7a20a69dddb257a8ba7da6e79332733e954c49cf5d858950a835c8beaf9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 46999725a627297c2747e3eea222a862
SHA1 70c3240d3e2a0d90c69717eab160bed2283ac100
SHA256 5bd3993fb805c1f69a7459d8cbdce2f9686799dd72f83c5c2746e51eaa9c93db
SHA512 272943c4ed717425281c2b62119c9751c6d60c0cd4c73da346ce9075cd473adfd5ff064fde92d36fcd0366d0f7f92ad3eccc1e380fad59ec3e5e8a6a2a864e58

memory/7164-1120-0x0000000074820000-0x0000000074FD0000-memory.dmp

memory/7164-1134-0x0000000007510000-0x0000000007520000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d346ef182034a96d80da44d1346f970e
SHA1 74dd7042269d17b2eb43a1e2098caf8e4e91d9b5
SHA256 d452f6d3cc4405eaf25c1c3be1a9326cc0e4ff9f3753e1e0720582963ad0e4a0
SHA512 92c3cef1e0de6e0ab5b528de01f0aacaa213e73ce89f663cf294cd584f496f50dbd626aaa05a5c16aa48c9e77342429301ba8cefed883601f2305c268ed87eb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5c29f899-8397-4401-9010-370375fd2bdc\index-dir\the-real-index

MD5 3622301a9382569efb05966ed3979cb7
SHA1 ed07af18fede2b767313df6380bc3dd81bd668d6
SHA256 e2dc6e7dda3c69a3918b46e2b2694f3f8f10b753aaad94126415ba048e36905d
SHA512 fe021e8b6bd0c54a8f39caeae67e7636cb8e70be86b2d076a23c9e24cd659dabcca78decb5019dee35f8e60c62f2f4f71162f88ad588ef9b99fda320554a4c98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5c29f899-8397-4401-9010-370375fd2bdc\index-dir\the-real-index~RFe5866c4.TMP

MD5 b2320ba84bdd52b5cc88c54722249334
SHA1 17ca8d8372a0c5dc3cf8507480511f70ee586d6d
SHA256 c9d5685f2b7094a816f22480d448578de82a9bdb178f5302ce0afdeea57f6ae8
SHA512 51d4bca58afa1f426d882304a4b3ae3851ff8a0084ccb831d82688c73e0231908158f32dac962c65384e619b59e37d77e14fc3023c1f329f2ba0f99986ffc018

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8aa534bc-2ce3-44fc-9e6e-1aa46e230eef.tmp

MD5 e1e4968762c09bfd4a17c4b0ef1e47d2
SHA1 0bfc1487e75211ab5c19f0d417cd6992d32cb7da
SHA256 0b3c53a34710d36ced89a9bf93f000db9b8a70c53bfc2ba5c6b5c809122712cd
SHA512 a87f5f8001b5aa8626c8d85eefba35a159b875761859008e222e418e0043b9cfc571491433658003c02232a6ec7540b1d45bb5866753ee05dbf10f0b0fda4f59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c44ebe9bf87612c4ddb1c2e87604f552
SHA1 48fba8142e21baf57de2c5315ca47a37115d1e8d
SHA256 5b3933a0fb2611f582c3489a0045429232624c5907d2260d0144efb6dd15e402
SHA512 5610c30bfcdd74d10708f2e2d482b17fe2c2cf36b2c47e91017cf23a9cb8d5c51c63a21e1b56f0a239f7c582552daf139d10ee3f1e0d044f31839cde51933930

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 fc4600a929f363968363402b3b7284ac
SHA1 2a7d13806edb30909e1a0aa637aa1e4b51ac877f
SHA256 6a16f77e4a90aa33e7814f67d4aecf6542f7100f4747e0dd81c96253db2efb61
SHA512 2696fe1294f5a30d3aca5da1c16b33a47f28c23c86c1557a130a53d4239c222e3f4e9fd31a600af4f46ba24431bff1ee87b37774d9a8fe2e0fdb09a604245bf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58848d.TMP

MD5 97064b711951b4b264408677aad4e4c5
SHA1 51d768e0c1ef28c7810b8f52162bde09a48eff07
SHA256 0d5a6f99917cce378bee9f44f91eee3225315721a96275850d3b203911593861
SHA512 0823f0c89ae7aa4eedc1ee6888b15c5306a12a8948af26b2d516a7117aa3eea32387c882065bd81ffac06bc7cd10557e715def0e639bd5932c89b011f22f19ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cf60489474a670d357b70169c4a7b6d2
SHA1 a9783301c5320505bf66113623a0c512b9effa6b
SHA256 4f5983ffec62771933a6e1720dde4d26b99b6c7b73f0b1402e95b5e76166d28a
SHA512 b974ed4f9b2f0e7f45acb5f48973fe9ab64c8bbd6d2de8d93beee60b0db0e2817ddf11d46088331180f975a51b8fecdc8ca44048cad4ce2dc40f162614cf95ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\de04acf4-b6b8-413f-96d7-6f30f6397d10\index-dir\the-real-index

MD5 f39b12c90503256cb5eaf112bdb443b6
SHA1 e92ed754c8fa1d1b2d48c6165db75df55f4b3709
SHA256 3f2722717815b2e9036abe5e3fc4c9c909c0c1c6f075dec25be7f428986a188d
SHA512 834b88f0cb1b4a0fa0c1062ec6e65fc177f713e710512b9e2c68546e493919b0b9ef5f0ced753571c97848c574e0401f3dbcfcc8ba18b384c3318f6abcf5dbdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\de04acf4-b6b8-413f-96d7-6f30f6397d10\index-dir\the-real-index~RFe589b80.TMP

MD5 bef5b0c424f4052ddeeba4b459395ae3
SHA1 01f2b7b2d775247133bc1926bff262807cf01a92
SHA256 16a2e9c6536253d4e695666bc1f20fee39c8c806f4cb8f540f45207a60ae044b
SHA512 d98f706100dbfa546526bac1e362e64228ecb4b0f35c1b0ccea41bf83f3e68944869cf9a3e6b07de02d897d6f5a6198d3a13b8c7162146f104814e3439807da5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 18fbd43a0b0da36ec1b302c4a3a32ecf
SHA1 1e6a4d7b745f6570d7192eff300f313e6bd05665
SHA256 8498bb2c7cdaf99f09eea8bb98ca854516871a24dbe0481715bec4c4fbfb273c
SHA512 8a74eade98ab04cec91ad9d748941b12facc739e49a9c95318e9fcab82b930baa5d4398d8ea5aa8292322289e9fc06997537c47d6bac5b4f7f918508f65802be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9b6bade89382573ba9d599a44d9a9f35
SHA1 15bca156f0592afcb8aa2a0d5d41e27837c8f32e
SHA256 a0e0d7639faf4a1aa8e22b8ea0b5208b1a120d000b8bad25f66f056b49611b8e
SHA512 c40fe96e73545cd9d2d23755353ef84797be7f619c14c282e820c05023af919ffebe46bd57983f4c342e428755648c32371865e550ac97fe2988b86f2fb1dc14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 77e2e8e760e1e0d8e7586bc4867a8f78
SHA1 03c53b44eccc1069473292507e2540d6505238f1
SHA256 e36e02aa29cfbc198640afaf581fcca9c2c349bb60df6978b21d12cd0a64d0ca
SHA512 ea07ba9fada6df031ed241df15fb35ccc6e742b0c8661d8d4f7b0b02561cc9121c144b9272bfd075ad365099b1a3407b085a7bc5194918ffb918445ce148987b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 721bc9b2e8c00cb7d847a20e0e95ff3e
SHA1 00a14313c1f698b1066aacc279e7e46395307cce
SHA256 3d6ba5fb3ccaecf72d280fb36099bf0d38114bdcf72ac17aa2d07f1acb0ffce3
SHA512 1f66b9db03c8d78f29182260bdb53cc185e6bc38cdba63f6e34bb6283b38216f9fd8a21096a4be0cdfaa2dfb552989850d588998f2d5c534c4e768b3699b5868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6bfa23ddd28d7f3fe5a93229f9d14a1f
SHA1 6cdb86f6868576f5d02c803eb49db295e85d28aa
SHA256 729b259c34cf4ae8c5dd5b60803658850a8c34a55d8b2294b0fd49269fbb2dd2
SHA512 e222284ddce1ea3ddf3acd644ea2f844dab8ba6c3c0a019881260744451604aa45669787984bb5cfcb70afe2dd9323b86b53f186f5b1470a06a459eec7ddd57a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 edeedee590e192f0b05ce2192f8c2e99
SHA1 6d67f546b0c18b38516113149b76a0ea0549ff2d
SHA256 2f8c887484b077b7daa9a508519474c6e5fdb57931959e25becbea78d7bd2a8b
SHA512 2382543fb99644ec2ce450d4b7a8c55e24202a6e717bae58f41524c4af59359f0b0d96144bed3b8695f5c1c27fedaf3e68dbb2ba9aba128c560467da9c49f39d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e1111225f74baf29564440c129b2117e
SHA1 84f65e344f9bb5a16c878d4d8d653b576827a749
SHA256 2444122e45d0bad0930b00e43cf810da6a216c40198a708c52c89fb0e0159c7b
SHA512 09c3daed0d31b5ee3553306e9c1dab94db16c4b847be4e0c144ee4628b712a6fb61008865bdfe5ea14aef2f4339d5343b969abddafbf9ab4b835d3455a690c04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a3961a47-967a-4e1f-acb6-a9d9e58481ef\index-dir\the-real-index~RFe5946c3.TMP

MD5 bdb8d818e8ddd4996be543b9bd697dc0
SHA1 dadde096b312992bb39ad3fda176e99e90163139
SHA256 a7c0d19502b0de9b576b2d377304952edeffa5bddde4ba6369e9c00fda6b319b
SHA512 811093a23280b8ff2d6d2dc89a55ac911811948ad3acd01515fef532a0b7af927a4073516a1316044d037381919544ec6052e1887d85983becf78f3492db75ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a3961a47-967a-4e1f-acb6-a9d9e58481ef\index-dir\the-real-index

MD5 d3d299f33da765050c784190990a5410
SHA1 15f2dcd79b4463d71ee90e69f63f0edea5e5718b
SHA256 281a2cf292d89140e1be1d4e225307143d831459be01bd4238a58acd0f617207
SHA512 bc5bb968e6a648971d6efc3d1b5c6b6c7edee66478acfcb8addd6dd6d7971b2c8cef418c4bd32ca71ae9117eeba9e3baed5fdb6e5337b77f9d2decddd81760db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 47137b698915194f83e4a8f37d72166e
SHA1 267b8b024f39cb4fc1641e1343c50b9314951f84
SHA256 47596fb6f30e614f4a117e8371100c73cfba8f409eed3d9f3c2c0f55983e389d
SHA512 c94278559fc67f2531991fb42a48d89172dd56afa24ba53c864cf50c8996192ae8520b0223e32e834c6426b7d3687cd8532aa1664606739d29d6832fc866c9d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0b78f681ad9f2d472ee284b4cff3bf64
SHA1 f392ff88bcf31116eff9339fea7dcddeb636be96
SHA256 2009995d35a693aa667d307636f20ab42055ad33e25bfd2e2c48cc660d15b885
SHA512 9a4c172bcbe445120174d49c09d929c0dd9afe629cf173412954b295cb1bec271eecc742df22944308a4c3ae73b30fc956e15a346bcd18391cc2fdf7a0405843