Malware Analysis Report

2024-11-13 19:11

Sample ID 231111-x2mq1sbh86
Target f96c6789f0de47ce25aa17ecd20a369a.exe
SHA256 f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c

Threat Level: Known bad

The file f96c6789f0de47ce25aa17ecd20a369a.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

RedLine payload

RedLine

Mystic

Detect Mystic stealer payload

Executes dropped EXE

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

Detected potential entity reuse from brand paypal.

AutoIT Executable

Suspicious use of SetThreadContext

Enumerates physical storage devices

Unsigned PE

Program crash

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 19:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 19:21

Reported

2023-11-11 19:23

Platform

win10v2004-20231025-en

Max time kernel

149s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f96c6789f0de47ce25aa17ecd20a369a.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\f96c6789f0de47ce25aa17ecd20a369a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3640 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\f96c6789f0de47ce25aa17ecd20a369a.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe
PID 3640 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\f96c6789f0de47ce25aa17ecd20a369a.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe
PID 3640 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\f96c6789f0de47ce25aa17ecd20a369a.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe
PID 3748 wrote to memory of 336 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe
PID 3748 wrote to memory of 336 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe
PID 3748 wrote to memory of 336 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe
PID 336 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe
PID 336 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe
PID 336 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe
PID 4544 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4636 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4636 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2080 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2080 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5064 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3876 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3876 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3876 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3876 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4620 wrote to memory of 3060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4620 wrote to memory of 3060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\f96c6789f0de47ce25aa17ecd20a369a.exe

"C:\Users\Admin\AppData\Local\Temp\f96c6789f0de47ce25aa17ecd20a369a.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa899246f8,0x7ffa89924708,0x7ffa89924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa899246f8,0x7ffa89924708,0x7ffa89924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa899246f8,0x7ffa89924708,0x7ffa89924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffa899246f8,0x7ffa89924708,0x7ffa89924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa899246f8,0x7ffa89924708,0x7ffa89924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffa899246f8,0x7ffa89924708,0x7ffa89924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa899246f8,0x7ffa89924708,0x7ffa89924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,9276643001609281393,12996015053054660149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,9276643001609281393,12996015053054660149,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,8467130440875297043,14564756114637146631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8467130440875297043,14564756114637146631,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffa899246f8,0x7ffa89924708,0x7ffa89924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,8416160200324879881,4140414734981676162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa899246f8,0x7ffa89924708,0x7ffa89924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11211929195798821627,8928816137387522305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,14863209304773739274,1828205384582254169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa899246f8,0x7ffa89924708,0x7ffa89924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11MB7620.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11MB7620.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5028 -ip 5028

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12tW848.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12tW848.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13sy955.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13sy955.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9048 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,18318547905000952022,7409898639077283673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4712 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 254.22.238.8.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.epicgames.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 34.202.40.65:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 twitter.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 104.244.42.193:443 twitter.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 65.40.202.34.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.214:443 i.ytimg.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 192.229.233.50:443 pbs.twimg.com tcp
US 192.229.220.133:443 video.twimg.com tcp
US 104.244.42.133:443 t.co tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 214.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 2.18.121.139:443 store.akamai.steamstatic.com tcp
US 2.18.121.139:443 store.akamai.steamstatic.com tcp
US 2.18.121.139:443 store.akamai.steamstatic.com tcp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.163:80 apps.identrust.com tcp
NL 23.72.252.163:80 apps.identrust.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 135.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 139.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 c.paypal.com udp
US 172.67.209.38:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 172.67.209.38:80 killredls.pw tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 fbcdn.net udp
US 8.8.8.8:53 c6.paypal.com udp
US 157.240.5.35:443 fbcdn.net tcp
US 151.101.1.35:443 c6.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 254.177.238.8.in-addr.arpa udp
US 2.18.121.139:443 store.akamai.steamstatic.com tcp
US 2.18.121.139:443 store.akamai.steamstatic.com tcp
US 2.18.121.139:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 login.steampowered.com udp
JP 23.207.106.113:443 login.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
DE 172.217.23.202:443 jnn-pa.googleapis.com tcp
DE 172.217.23.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe

MD5 cdaa0c7c1e5b4ee6f7d02c6c1443edad
SHA1 6964499f4df1b8ed4e5fcc0c5e0b1cc0b49762da
SHA256 ba3af4da8615d3dd434e1af54b07d551af34342429c79c6a84f208b0927f94d7
SHA512 998f3ff1fc28d835d46cbea6af03dada18f2bb4bd8e3e5e5edfff7ca7336aa84875aeeeacb56c2924edbcdc8fde6f8b1f3db9c69ae57ba30d89405e8d9e00161

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe

MD5 cdaa0c7c1e5b4ee6f7d02c6c1443edad
SHA1 6964499f4df1b8ed4e5fcc0c5e0b1cc0b49762da
SHA256 ba3af4da8615d3dd434e1af54b07d551af34342429c79c6a84f208b0927f94d7
SHA512 998f3ff1fc28d835d46cbea6af03dada18f2bb4bd8e3e5e5edfff7ca7336aa84875aeeeacb56c2924edbcdc8fde6f8b1f3db9c69ae57ba30d89405e8d9e00161

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe

MD5 0971a4148b00ff55ab502d14a7ba5311
SHA1 ebf8496f542ab15f09e72988b7736cb7e9dbb29d
SHA256 dfda99ee9629412e256f6615d36bec3628b079d932a818cb8e38e1be42378f56
SHA512 f23618c057d022d910f96b738841b0825820a8e196e254e478e94355ee083685ec37a21e3b6079afb2618cabb8b118cd0c04c303ecacb2dc6cfe0cb14b433821

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe

MD5 0971a4148b00ff55ab502d14a7ba5311
SHA1 ebf8496f542ab15f09e72988b7736cb7e9dbb29d
SHA256 dfda99ee9629412e256f6615d36bec3628b079d932a818cb8e38e1be42378f56
SHA512 f23618c057d022d910f96b738841b0825820a8e196e254e478e94355ee083685ec37a21e3b6079afb2618cabb8b118cd0c04c303ecacb2dc6cfe0cb14b433821

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe

MD5 9170157c884a7a7a0f754abd1425aa3d
SHA1 219a0283efbad022851c7c37a0fccd12f69ce057
SHA256 37c89b7342b6ddd789fe85f47320b7e84bdde87c76a1557464c107201e9cbb20
SHA512 c0b36aa6d0caf4a11b454b21bb5a5f6b3e12bdada59fa9eca6dffd44aa230beb5a95d96f0723f38eef96ccca193a4a706954d939f4a209debb9db275f5cebbed

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe

MD5 9170157c884a7a7a0f754abd1425aa3d
SHA1 219a0283efbad022851c7c37a0fccd12f69ce057
SHA256 37c89b7342b6ddd789fe85f47320b7e84bdde87c76a1557464c107201e9cbb20
SHA512 c0b36aa6d0caf4a11b454b21bb5a5f6b3e12bdada59fa9eca6dffd44aa230beb5a95d96f0723f38eef96ccca193a4a706954d939f4a209debb9db275f5cebbed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_2052_OCDKKUSHYQSTRNYU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_4636_CGXNORIZWCGZCWSQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_2080_RKPBRKPOTEHXHKVB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b945360891e4864b0ffb62c9a5c5c972
SHA1 5ed0c2597e234558c4f1278e7e0354a3aa77865f
SHA256 36795db1146f0e7f1abeb359fb20969b391f7f9b81eb2761e69b16ee6f6e7bca
SHA512 9705a7431d26751aaf4259e6d2526176e6d208fc362b66b98950d25d72ea9be9e12984c8be964eed372811f07a816c583789f0768f1130d63e1b191bd1050072

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b945360891e4864b0ffb62c9a5c5c972
SHA1 5ed0c2597e234558c4f1278e7e0354a3aa77865f
SHA256 36795db1146f0e7f1abeb359fb20969b391f7f9b81eb2761e69b16ee6f6e7bca
SHA512 9705a7431d26751aaf4259e6d2526176e6d208fc362b66b98950d25d72ea9be9e12984c8be964eed372811f07a816c583789f0768f1130d63e1b191bd1050072

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 83c94036cc475c5a4ed5f45fc19e91eb
SHA1 f4d86861255225ed4aa4f5313892f7aabe9f5067
SHA256 132b03a76d921daf93c50e2efc3a1d7616aa34f96cf2b849524594e48f8c65d9
SHA512 50f11073cf85507744ee791e4ce67868299e5a3dd6b9f9a34aec4018a99fe6aee173c8ac2d905232068e5733700c5fe942192ec06ca7ee8c00fc2dfb412f1ad2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\138a8f1e-2fd2-441f-8e71-834b7fcb5a2c.tmp

MD5 c030b6d48a665b19f546cbd7663e4614
SHA1 d5d2b6394cc4510fc7be700e292279d1a4adfa47
SHA256 73ee8c5b08a90558c7c4c0e6f3d0181f99ead0bbd0fe7a5fa997a5a67e41e865
SHA512 d5ee99da83f3d845f5966e32eba6dd716cefb2e22dda592b928c83b12cf7f6e746a35163607160de21a290fa77d3e1856ed08d0e9031a04e12a983468a5e5a9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 83c94036cc475c5a4ed5f45fc19e91eb
SHA1 f4d86861255225ed4aa4f5313892f7aabe9f5067
SHA256 132b03a76d921daf93c50e2efc3a1d7616aa34f96cf2b849524594e48f8c65d9
SHA512 50f11073cf85507744ee791e4ce67868299e5a3dd6b9f9a34aec4018a99fe6aee173c8ac2d905232068e5733700c5fe942192ec06ca7ee8c00fc2dfb412f1ad2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6237936e66b22a6fbcecdc0255b163fc
SHA1 15aefd370c88c266b670472db0f68236d33f3ac6
SHA256 5afb0559a9165a762183c497aa28accc6341f23bf349fa35ed66b1f3353ab151
SHA512 50933cfb2a841fd8b94318358bf2791c14d7e8fa456e191dbdfe6ecb1dc04dad9df3e77e767b52ac889546ccad1edf6e5bf9402d42dc85b16d5f0d8f05d78bba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c8c4101c4d1d13e22e2b260c7ea313f3
SHA1 b212274aa7b3ed220eda918622be13823b8225da
SHA256 d7735216428f143fb76c061a8661640a7d0374fda3456240e5bfaf19563f83e2
SHA512 b9f058635475dfec8845e4d7e3f0b6026925cddd1a7d886a77088b2c3601c56c69dd9b7ea5d68d239ec191477f128c33c869b0cd8cb048192379b788c285b6de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b945360891e4864b0ffb62c9a5c5c972
SHA1 5ed0c2597e234558c4f1278e7e0354a3aa77865f
SHA256 36795db1146f0e7f1abeb359fb20969b391f7f9b81eb2761e69b16ee6f6e7bca
SHA512 9705a7431d26751aaf4259e6d2526176e6d208fc362b66b98950d25d72ea9be9e12984c8be964eed372811f07a816c583789f0768f1130d63e1b191bd1050072

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6237936e66b22a6fbcecdc0255b163fc
SHA1 15aefd370c88c266b670472db0f68236d33f3ac6
SHA256 5afb0559a9165a762183c497aa28accc6341f23bf349fa35ed66b1f3353ab151
SHA512 50933cfb2a841fd8b94318358bf2791c14d7e8fa456e191dbdfe6ecb1dc04dad9df3e77e767b52ac889546ccad1edf6e5bf9402d42dc85b16d5f0d8f05d78bba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c8c4101c4d1d13e22e2b260c7ea313f3
SHA1 b212274aa7b3ed220eda918622be13823b8225da
SHA256 d7735216428f143fb76c061a8661640a7d0374fda3456240e5bfaf19563f83e2
SHA512 b9f058635475dfec8845e4d7e3f0b6026925cddd1a7d886a77088b2c3601c56c69dd9b7ea5d68d239ec191477f128c33c869b0cd8cb048192379b788c285b6de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c030b6d48a665b19f546cbd7663e4614
SHA1 d5d2b6394cc4510fc7be700e292279d1a4adfa47
SHA256 73ee8c5b08a90558c7c4c0e6f3d0181f99ead0bbd0fe7a5fa997a5a67e41e865
SHA512 d5ee99da83f3d845f5966e32eba6dd716cefb2e22dda592b928c83b12cf7f6e746a35163607160de21a290fa77d3e1856ed08d0e9031a04e12a983468a5e5a9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c030b6d48a665b19f546cbd7663e4614
SHA1 d5d2b6394cc4510fc7be700e292279d1a4adfa47
SHA256 73ee8c5b08a90558c7c4c0e6f3d0181f99ead0bbd0fe7a5fa997a5a67e41e865
SHA512 d5ee99da83f3d845f5966e32eba6dd716cefb2e22dda592b928c83b12cf7f6e746a35163607160de21a290fa77d3e1856ed08d0e9031a04e12a983468a5e5a9c

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11MB7620.exe

MD5 26a58cbe0a44ec2f6ccd714c8cb30f0b
SHA1 9b1c5d796f7a943f8e36128cefadd8c8e54a6631
SHA256 6554ce03263623ded065dd2349551be0bf816199bc91553c5f8c594b55ae0b14
SHA512 439a75c04ecd38d7164e6364eb582f672c347c2313831fde8f69898ba68b4766e62c6162db9459b7dda6d351395cdfe83f330951b303e9d1893149f879114905

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11MB7620.exe

MD5 26a58cbe0a44ec2f6ccd714c8cb30f0b
SHA1 9b1c5d796f7a943f8e36128cefadd8c8e54a6631
SHA256 6554ce03263623ded065dd2349551be0bf816199bc91553c5f8c594b55ae0b14
SHA512 439a75c04ecd38d7164e6364eb582f672c347c2313831fde8f69898ba68b4766e62c6162db9459b7dda6d351395cdfe83f330951b303e9d1893149f879114905

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f98cdc7156c35ae9551eb544270e4e97
SHA1 d5764e55333d9d3bca29986dc38af8d5718a40c7
SHA256 eaf5bfc6658f7df26d821f6ae7564f125ba6a4e7cdd4a62de694eb36cdbdfddd
SHA512 08277cc63707dc2a98a299030f5bcde7beda4c9cb44504e9781ae82b55abced3acf4aeb1a6dcbedd4df230acc1cefa57f625686cc99bf5c7c10abf82135f13cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6237936e66b22a6fbcecdc0255b163fc
SHA1 15aefd370c88c266b670472db0f68236d33f3ac6
SHA256 5afb0559a9165a762183c497aa28accc6341f23bf349fa35ed66b1f3353ab151
SHA512 50933cfb2a841fd8b94318358bf2791c14d7e8fa456e191dbdfe6ecb1dc04dad9df3e77e767b52ac889546ccad1edf6e5bf9402d42dc85b16d5f0d8f05d78bba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 83c94036cc475c5a4ed5f45fc19e91eb
SHA1 f4d86861255225ed4aa4f5313892f7aabe9f5067
SHA256 132b03a76d921daf93c50e2efc3a1d7616aa34f96cf2b849524594e48f8c65d9
SHA512 50f11073cf85507744ee791e4ce67868299e5a3dd6b9f9a34aec4018a99fe6aee173c8ac2d905232068e5733700c5fe942192ec06ca7ee8c00fc2dfb412f1ad2

memory/5028-217-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5028-225-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5028-226-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5028-233-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12tW848.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12tW848.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

memory/4084-248-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13sy955.exe

MD5 e5ee7dbfec6433859f0f737b2e2056e6
SHA1 6bfda79b666acf86014f9af8a9bbd9de9b126b1c
SHA256 e81216b5f783b3373dec0a91aa95afc427f7e77c1365e222064b1392abfda80b
SHA512 c8326c1f3732cc3babc649d84684e52d5ce998eb28d618db98de84a64af945ef0e96d47be95305ad9fd606e8336cc26b277b14f295ffa05501b56ab53c8a038b

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13sy955.exe

MD5 e5ee7dbfec6433859f0f737b2e2056e6
SHA1 6bfda79b666acf86014f9af8a9bbd9de9b126b1c
SHA256 e81216b5f783b3373dec0a91aa95afc427f7e77c1365e222064b1392abfda80b
SHA512 c8326c1f3732cc3babc649d84684e52d5ce998eb28d618db98de84a64af945ef0e96d47be95305ad9fd606e8336cc26b277b14f295ffa05501b56ab53c8a038b

memory/4084-252-0x0000000074520000-0x0000000074CD0000-memory.dmp

memory/4084-253-0x00000000080D0000-0x0000000008674000-memory.dmp

memory/4084-254-0x0000000007BE0000-0x0000000007C72000-memory.dmp

memory/4084-255-0x0000000007CF0000-0x0000000007D00000-memory.dmp

memory/4084-256-0x0000000007CE0000-0x0000000007CEA000-memory.dmp

memory/4084-257-0x0000000008CA0000-0x00000000092B8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 564c6a1c07a5e01714ee372b2f1b32d6
SHA1 214563b485b4158c62a1edfba7d25b3dca059fe2
SHA256 bc50517f95eee76a239bcb064161eb4ac4624ead33460ca362344b46e73972c4
SHA512 7c8c839ba63e889b8571fe8e23a64b1a721ffc647cbd45e3bed7a6d3689ef0be789cbf8e652f12f8f8bff2d3144479d7ff95d0884a6d4b0e1893b8b2d357d491

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c8c4101c4d1d13e22e2b260c7ea313f3
SHA1 b212274aa7b3ed220eda918622be13823b8225da
SHA256 d7735216428f143fb76c061a8661640a7d0374fda3456240e5bfaf19563f83e2
SHA512 b9f058635475dfec8845e4d7e3f0b6026925cddd1a7d886a77088b2c3601c56c69dd9b7ea5d68d239ec191477f128c33c869b0cd8cb048192379b788c285b6de

memory/4084-264-0x0000000007F90000-0x000000000809A000-memory.dmp

memory/4084-265-0x0000000007EC0000-0x0000000007ED2000-memory.dmp

memory/4084-266-0x0000000007F20000-0x0000000007F5C000-memory.dmp

memory/4084-267-0x0000000008680000-0x00000000086CC000-memory.dmp

memory/5680-268-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5680-269-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5680-270-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5680-272-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 98fd8babbd0d296b8d3e23ccb644a812
SHA1 48e73dc43e135320d7cc720b465b296730e4d72d
SHA256 e25d082c80003a7e11e5828721a20e2d925c87b4d445b7f641f4b1dcb7d1b39a
SHA512 8cb63956a5f09ac573a5b577ececac8bef8d6e83992419ddea882efc5e01ec6f42203c59a7acab654aacae013a8bed4618392ad545f709d51e8e903a17c77cbd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e2565e589c9c038c551766400aefc665
SHA1 77893bb0d295c2737e31a3f539572367c946ab27
SHA256 172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80
SHA512 5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 025fc9bd649e1159814e1575fb5bbd61
SHA1 db4fb010251610ef301277067cf7398a87616f4d
SHA256 1a4590138789dc37b404aeb4cf097c69fc33e9b63d6e6d4d534c914da8c832d9
SHA512 b32ca656ae300265ab9faca3f76ce2e2b381d5ebf8c5f6b27fe7fbbd9613c1b7f30d6630a33f064983fc42a5fca0b5cb465653968cc275b6647d4fddf679c819

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 262ea30b1c66c420844488d2a1716ac5
SHA1 241ffa3d4cc1254cdb82dace6dcc58f9820fc1b6
SHA256 d00d90283e713db7f084f64f205bd8631c675c34dee8158f85b3a8fe64e7fda4
SHA512 3331e325a531f71771270456cd672d32e27743ca05ce887119e1f15f6a85151cf1bcd7f5630a606f5f86edf167879b17f2766744b09c8dac039ed2810a94e308

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580b75.TMP

MD5 e4f2de30e2390da3a7c70d3d145f9116
SHA1 a54a77e6ffdb2bc32d0504de47288ae0164b5d55
SHA256 873aa7a7339e7acc515c3c51afabe48ffe592069d1d436ce1dcd56aded409a4d
SHA512 b140d26b8ea7b953aa5309c9ba1172eccc6d1aa9eaa429ac772ca04cdeed69acd8a2b494ee1f0af2bdfe4270d4d3c8bb7633f054d0b7d5eca3fbe4fdee91ff69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8bf4d02d5f39d3769e2d50bc87ea7746
SHA1 fb43f2586e8747faace4b6c5c9768494f985a623
SHA256 7d944a01f5a3861f63a4a29befbc959b1d5b8ff9a222e4e9ec082ba299dc5047
SHA512 15720d48b6b56f03cb2c91451a64bcff78101c5082cb669ac7b45b7726993567d730e140fca3b57ecd8f1000bfd3470508dcdedb1162efeeb0ca0fc9bbf4b695

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

memory/4084-651-0x0000000074520000-0x0000000074CD0000-memory.dmp

memory/4084-676-0x0000000007CF0000-0x0000000007D00000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7125b5bea9d7a93a3e0e06647d278734
SHA1 cf8edde9a5df2d3ddd8a20b12382f77bb2e2e9b5
SHA256 5ea0ec3c4756367ef353636cd62a200cac58baaed5710224e1fc8a49275f11eb
SHA512 05efe9e54ac029391372247ddc714e38fb0d132f3b244584647bb5a85eb8ce2ffb477631bf2cf6a2d866249b7b461432326b682201f277e16030613f17ed9dbd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5842ff.TMP

MD5 a640e29f2c2b0e14ddf8284ffd4792f2
SHA1 0bbcdcd195c8679df68b1e4dd4d15abcf2c47741
SHA256 d48b3ccbd6428889c6ec842c6b7edffbf29d67ced5e4ea278bda43a0c0f72fd0
SHA512 cf9f288129e7878669d3306374d168214c339d1b777e1e76d041cc8a3c623ce5348a1228835d79b05b994fe98c705a366772a4f6beb2ccf40ef4bcee51e525c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c7ab9a9e3151550f3842cacae6cc897a
SHA1 dd7bb4f7aec43c7d444f301f4d96f52f0a4fa6c2
SHA256 59515a68361283d40c702d75038bfe274ab45f3c5506ed19d4121f598f87ddfc
SHA512 3f73c1f7f8a536e69b52f4dc26f3137c21f4bae2d10afb9aba8d05f6fdf131bdf45af6ab4054f4fc95005318b08b2107575c9bbaa94f11594ac0132de897b608

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 bf8362b2d1734e10a4a92d2fad591d9d
SHA1 14421053a198bef29b590c8c2d10608379950476
SHA256 f8a21a0547f6c28fdc6597bd831269954f45ba2189e2527f0ad04b19babc0347
SHA512 687b28c02995dace86a50c77bae815674d1fd198a0cfff065bdb23ebddb04610ffe26a82eeda7fdbed534d32fc104750cfd32cb0b14d7cf9529ada51260f89c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe584735.TMP

MD5 7afe9681fdbbc02255b4282674d90a24
SHA1 5724ba0c33e9d00810187da6704542c1e09bddb9
SHA256 8dc5c1c9b32ac49f43a07b3ab060bce6f34c056c1f1f151b86edbb9a71ec274a
SHA512 e577d1e3a11f5c7c1b85804312eb03512aae513f05bec5a7bb67ce4c77a52f399001d7240bebed05d24212daa9ef6b95aaf6e2bc275f8fa8cbd8a75f0a88d545

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\d6f941e0-a7b2-445b-8d47-270dcabc9ec4\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 228ed911ecfeeafbac047ebe92bd1d47
SHA1 01fd65a2f63f9571a9e0c35fed8d6aa7266b18c9
SHA256 858d75af20176cc3eaf209b061b09cfba5751883c0c9a8b9667333d206f9e0a3
SHA512 92ab9a043ae6fb9d18e9ef804c5add3e41c2d426ed7ef6399540d231798dd3cadf9388349b2a0af9d9db106fa5ed9bb6cb06df30ec6b5402dc2c2df59d00df24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ed509b4406a2a574cab84bca60e0538c
SHA1 edb5757d45eb2086e4b309265f867e48c23dbc5c
SHA256 fcd8e9a584daf94d4e0cc60d8202032affb8688238778ddcbbeeef90f0add6fb
SHA512 9c22b62b47bd89e96682430fcc6f0ce308dcdc32e604233947df59a93f075bcb74b399974ac65a87d81d956fb814c62013a008495c62d74eb571bdad2ac4d101

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2fd1e10861f153b58835ed647b19e0b3
SHA1 818b0b77008b0ad2a454c4d3a41f4047fd90ce9c
SHA256 1c9c1f6f9388be47ac0d66a7ff4b5a73bfa417a1271f809dfafab54b3fceaf11
SHA512 0804190ed4c4f3e2559948a5407c560cdbdb9a151b263f5d0d4007934464ed555fd55ad0ad6fbad34b92367170dcf775c4225e851ff6efdf5de6fc6cdda2c0b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 24bbdb7a94d571968596abcddde0d05d
SHA1 2a6aec7600f3f7dd1305001e5238b77a6123ce3a
SHA256 4d02c653c46b9eb3a389055dfd565cc6b4c6681e4fa8efaa5d6770d30530975e
SHA512 a257bcb191c7fe2efed13f06893e09079ccd7c9da3117b86fe47745419cb7b054674cffeaa4c88ff8457b2e5c50ad31f3ba09d4afc91df63b5e9e9cc78d1a366

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 38082714469295eb3de6845a08b78d75
SHA1 36da1dc8d547005023a3298ff191553a309d6c08
SHA256 806e97afee0ec97d0cc19c0d4b649324222b94c55aa84d7ecfe67060f2e2bb5b
SHA512 8092aa93e9e262aee0017f9d374884eb096a95bff7c0244aa42cdc744e8f6b79b2b71ba0f5918cb9d7d8209b3a2236ab7d4eddba0896088e075c5d7eef953753

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\d6f941e0-a7b2-445b-8d47-270dcabc9ec4\index-dir\the-real-index~RFe589b8f.TMP

MD5 7f243fff0fe253e8fc5f3c1028cba160
SHA1 a03790829109db6479e80fe2e5eac15849f36299
SHA256 6909d0f84ea29287143d408bd8308357051b6357491c6ed1f02db946558868cc
SHA512 68b104e035a3f1c18050182a2fc54ec89c553e9be58a8fd1b8891b84f31a4c6ec77e1df85b6c1a0fe6b30c4298ff83d184afb3928ef234d22db4ff4bd107cb25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\d6f941e0-a7b2-445b-8d47-270dcabc9ec4\index-dir\the-real-index

MD5 8da2dbc47b832192cbdcba95135023dc
SHA1 f07574f5fb747faa5d2471f733243f7b69bba81b
SHA256 6d8fdfa7a19265f7d67d1bdd3f34d0f66c2f4c6da2cbc237c74cb820731661a9
SHA512 9039adef52c0803f96fa32b418223e0b017acb57bc88a2058a51fbad65abcae32e09d6219dd0431b45a7662f1b328eadedb1f4fdd4475bceb18e6d2bb80c207c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 1a4f9265da9eae997ccb8a0cce831b23
SHA1 1bf9f9d2a1d445980307964a896ae4adde12bcc3
SHA256 56a235aa8b83d6b83fca38615fc3a40d0471f3f396efe893cab27fca99beb7df
SHA512 8333e5e8424fed494910f890758b6236d17761e0e390b8c11c27df51776748754d9e00fa995fd169d80b32268edf25b65dad5d6a3b25f50cd6787e16ce433957

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ab6e.TMP

MD5 acb0ea98a55bc4633037e8bbcde32256
SHA1 c4a528db7e4d33947d4f3fa1f18f8045e1c78b3f
SHA256 75bf746fc66771b83f906ce233e13125f39b96c536e526c698cc239832fec1ad
SHA512 7caa5727507920a033055fcacb6e3969e651622332a872ad0573e39311976b5fb2975c09fd2fb3eb0b5d3e5da790f93d6c57c83d6b245a4a55c21943e18b2060

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 23a556bf018fdfc17d16e7cc1ad0f3dc
SHA1 f6a68545b6943b537bae64f191f83c9d905dd441
SHA256 ba5e096002b6c3c7c5ed1cd7ab2792346f6665ac98d9ad9c7507224cdaceda0d
SHA512 ea30a30904fea7fcdd0e05a8e49aae5d90a19b4ed2e9319b84ddd2eb57ef09c75d86c3087743161bac17334cd0227c35140d2d14dfd3cd7a0d5d96982ebb3f3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 53388f7fd6d0b49058afc28b052b5859
SHA1 39531174de07f446b0aec7214f885a1feba0d76b
SHA256 fd18e917d359ff102acb38d707843efa2dbf771a1bc40203d6e848316cf7c2a7
SHA512 7a1af172566c968d4a7e53b05ccb9597f0eb8e010b0f5514eaa644de3bf710fc6628c4d6a1814611bca087530686092067a53c59f4e65beb8e084606794532d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cfb43ede-19c4-4bde-860c-78fa7cb0464f\index-dir\the-real-index~RFe58cfbf.TMP

MD5 cb7c1fe6d1a40f74555d34f85ca09cdc
SHA1 0c15f8cd981e77a9719c80bfc90032765a1c4c6b
SHA256 eb28dbb590ec5d4333fe7c368d1d65c7c44ca7f89e2d6bd3ef9d62874ed195d0
SHA512 cf39a6ba87d8f8e81f671cf025d56f687b5e5dc30e7019c948a13fa079521072aa07c5aa3fed2db00702c885cbdc590ff29fe31388ba7f02559030a39ececb91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cfb43ede-19c4-4bde-860c-78fa7cb0464f\index-dir\the-real-index

MD5 a152de92c8c86a6e8bfc3980a31281a4
SHA1 3f4e26e097d2df8b387210388d2a03c0142fa6bf
SHA256 cf810c46351fb1a72854b3ba0edb48fb734daca4cd82f0f0e0d72d52933ffc84
SHA512 5fd16be2e36c4ee91dcd151760ca70a688b7e4942fdf98f6070493af1db30926447589fe7078f435539bba0c8315d49085cd0a6cfc1e2e42e9f8ad96c9a61133

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 437722222c0f20ff15d3d2d00a825a6e
SHA1 7a9bd5529a89bfee4238084a5e755c46e08ec948
SHA256 eea84ae8c39171af06f890469752891f36f10e20f6479f552e33d22ff70c8980
SHA512 cae398a3290c0e991b7eee56f8d1fd5f0a828e0c247d329a4a59ecbd68f626a7db667c00559be858685e4ee3a525538d5b8bd8ef611f9d0f531997358ec21250

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a4916e58fe28c83e0beabf3d244bc9bb
SHA1 cd85daa83d6d9cd1c982a6b397643e78d84b2a58
SHA256 1eeec2234e49288162def60c989dd58a7fcd1bc193ed49dbaaaae937eef4db54
SHA512 160d29eedb82b35aeaba7de4beb1d0d7d3a95584d729898ba577c6929d599662d55c0ebd37a1af305132db3c2072a6661116a4d2483ffd6dcc37d4f670181b91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f7ab4dd30bfcf63a1dda402cc1f86709
SHA1 21113f01e79917408864723e143dc83ee3ba2bce
SHA256 69841e38b50d60b32243a4a88c76ffa782723d2c28ea3d23b4d01d447d33de1f
SHA512 dd7d219176d0b51ff24092d299276065574161287e074a53788d9b05551f0e62a43b86bca73c22a84852ea39eabe6acca4d801bf807d0a59bfb696a682d1617e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cbffd3ed5e77bc304b75d80c260516cc
SHA1 8e2fd90210a38a3a7ac3572525381dd8de293824
SHA256 3a7ea6c0af393b300b12aea15a6aea5cc14f1a2cb02aac9f02aa7c16f4b6b853
SHA512 64a81e6774c192a69dc5763985d8f92440b78cd32dc085aec52ccad9b08f90c8752320a924bbfd676ddb58b8d3bd4e225e4b6c22d09aeb669fc43adce2affbc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\73e57925-15cb-4c04-88a3-ac2b030daa06\index-dir\the-real-index

MD5 165160faec14cc96ebfcf1c42bb122ba
SHA1 d0272d7b18199db690d34ba2946dedfe05c0aa66
SHA256 9e7b76d90508d07c5f6beb2b6b4da7ae3e2f84e16efd6695ba33831dea3cfc41
SHA512 597c1f9a3147491a266825e89499129e051b1e5bfb3ee045834543a36a590a021d9e9d6c4bcc8edaa4653ba653eac81143cf5f76d04aa6d2cebc418278850364

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\73e57925-15cb-4c04-88a3-ac2b030daa06\index-dir\the-real-index~RFe59188f.TMP

MD5 a944161d2ee18a6e2d214a5937bbdba9
SHA1 25feb45808b8825be425fe0042cf363157a2f0cd
SHA256 37a99a1a4003207f4f81c3e0dba2fa21189251092c7a7a262b0ea51c323298eb
SHA512 c1447f382cec52d1ef6d074a6ce03d936fea6829d864d24cd568fcc6948acb69dbe5bb5f1a22704a29dcd7f3a2258bc74d6b0e3b8934b70a612496f261f8e709

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 7e431520f9f78d27181949e4e5523d45
SHA1 7e670d59761c2560a14a015029fc8d0b69e5b9f2
SHA256 49feee37bcd42c2cc315fc87dc61d5dd3a2bd115db94e13445c07fccea28ee3c
SHA512 61b81f2ee22eb4fc87b8499159b6e549152badd9b827d895032a975752a5f79723a1ec9c9a6204d5da94878499d222cae1aca792ca00c047af0581db3e2ed062

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0d0af8947d793e560eb8267cefeadd61
SHA1 616ef7cbcedac77e361eb106e086ef24a3a9e4d6
SHA256 0187df87fbb5d7e17328cc57fe03e61c304eca8b51feacdf55beb07913553d8e
SHA512 1717251eb2eb21dda363e69b100dd360a60c03f9b7d098e2ec3546244a5e0212828f1172e7ccdcfce4303e380307099a876e1dc08e6fe88cbf57ffeca3e6c41c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 abb5d2855b728ab36baba37230e8d7d2
SHA1 ad66b735969b4b5e9c2d023922c48ce32e19e59f
SHA256 8b5c78f350ed87d96ec568b8904905d4ba9c554afe5f060bd500722803c05bd2
SHA512 1eaac415d7b89a8b44157370e20c0d47130730e79dbb7a19e4b56d5529d3cd514564d5fff083c541c045d4bf7591aa01994c6b52b30bf0cad30d3b7ce8b2019a