Analysis Overview
SHA256
f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c
Threat Level: Known bad
The file f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c was found to be: Known bad.
Malicious Activity Summary
Detect Mystic stealer payload
Mystic
RedLine
RedLine payload
Executes dropped EXE
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Detected potential entity reuse from brand paypal.
AutoIT Executable
Suspicious use of SetThreadContext
Enumerates physical storage devices
Unsigned PE
Program crash
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 19:03
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 19:03
Reported
2023-11-11 19:06
Platform
win10v2004-20231023-en
Max time kernel
167s
Max time network
178s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11MB7620.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12tW848.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13sy955.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 6856 set thread context of 7060 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11MB7620.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 7148 set thread context of 5492 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12tW848.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 5696 set thread context of 5732 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13sy955.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c.exe
"C:\Users\Admin\AppData\Local\Temp\f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff9590546f8,0x7ff959054708,0x7ff959054718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9590546f8,0x7ff959054708,0x7ff959054718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9590546f8,0x7ff959054708,0x7ff959054718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9590546f8,0x7ff959054708,0x7ff959054718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff9590546f8,0x7ff959054708,0x7ff959054718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,14385172312920833495,11718426557982759985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,14385172312920833495,11718426557982759985,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9590546f8,0x7ff959054708,0x7ff959054718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10662014693377698873,5877992140340162040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7072976801294191402,16017286195660335893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff9590546f8,0x7ff959054708,0x7ff959054718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,15391068346201303900,14676520841999436847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15391068346201303900,14676520841999436847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9590546f8,0x7ff959054708,0x7ff959054718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9590546f8,0x7ff959054708,0x7ff959054718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9590546f8,0x7ff959054708,0x7ff959054718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11MB7620.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11MB7620.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7060 -ip 7060
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12tW848.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12tW848.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 540
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13sy955.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13sy955.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8952 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 254.1.248.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| JP | 23.207.106.113:443 | steamcommunity.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.106.207.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 3.210.187.106:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 104.244.42.1:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | 1.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.187.210.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.101.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 2.18.121.145:443 | store.akamai.steamstatic.com | tcp |
| US | 2.18.121.145:443 | store.akamai.steamstatic.com | tcp |
| US | 2.18.121.145:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 54.205.234.65:443 | tracking.epicgames.com | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | numpersb.fun | udp |
| US | 8.8.8.8:53 | killredls.pw | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 92.122.101.8:80 | apps.identrust.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 145.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.101.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.209.67.172.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 93.184.220.70:443 | pbs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 104.244.42.197:443 | t.co | tcp |
| US | 68.232.34.217:443 | video.twimg.com | tcp |
| US | 8.8.8.8:53 | 70.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.240.110.104.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.168.217.172.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 2.18.121.147:443 | community.akamai.steamstatic.com | tcp |
| US | 2.18.121.147:443 | community.akamai.steamstatic.com | tcp |
| US | 2.18.121.147:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | 147.121.18.2.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| NL | 172.217.168.227:443 | www.recaptcha.net | tcp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 157.240.5.35:443 | facebook.com | tcp |
| US | 2.18.121.147:443 | community.akamai.steamstatic.com | tcp |
| US | 2.18.121.147:443 | community.akamai.steamstatic.com | tcp |
| US | 2.18.121.147:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| NL | 172.217.168.227:443 | www.recaptcha.net | udp |
| US | 2.18.121.145:443 | store.akamai.steamstatic.com | tcp |
| US | 2.18.121.145:443 | store.akamai.steamstatic.com | tcp |
| US | 2.18.121.145:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| JP | 23.207.106.113:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr4---sn-q4fl6nss.googlevideo.com | udp |
| US | 172.217.131.169:443 | rr4---sn-q4fl6nss.googlevideo.com | tcp |
| US | 172.217.131.169:443 | rr4---sn-q4fl6nss.googlevideo.com | tcp |
| US | 172.217.131.169:443 | rr4---sn-q4fl6nss.googlevideo.com | tcp |
| US | 172.217.131.169:443 | rr4---sn-q4fl6nss.googlevideo.com | tcp |
| US | 172.217.131.169:443 | rr4---sn-q4fl6nss.googlevideo.com | tcp |
| US | 172.217.131.169:443 | rr4---sn-q4fl6nss.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 169.131.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 120.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| JP | 23.207.106.113:443 | login.steampowered.com | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.219.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 90.219.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 216.58.214.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| RU | 5.42.92.51:19057 | tcp | |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.202:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.250.179.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 202.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe
| MD5 | cdaa0c7c1e5b4ee6f7d02c6c1443edad |
| SHA1 | 6964499f4df1b8ed4e5fcc0c5e0b1cc0b49762da |
| SHA256 | ba3af4da8615d3dd434e1af54b07d551af34342429c79c6a84f208b0927f94d7 |
| SHA512 | 998f3ff1fc28d835d46cbea6af03dada18f2bb4bd8e3e5e5edfff7ca7336aa84875aeeeacb56c2924edbcdc8fde6f8b1f3db9c69ae57ba30d89405e8d9e00161 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe
| MD5 | cdaa0c7c1e5b4ee6f7d02c6c1443edad |
| SHA1 | 6964499f4df1b8ed4e5fcc0c5e0b1cc0b49762da |
| SHA256 | ba3af4da8615d3dd434e1af54b07d551af34342429c79c6a84f208b0927f94d7 |
| SHA512 | 998f3ff1fc28d835d46cbea6af03dada18f2bb4bd8e3e5e5edfff7ca7336aa84875aeeeacb56c2924edbcdc8fde6f8b1f3db9c69ae57ba30d89405e8d9e00161 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe
| MD5 | 0971a4148b00ff55ab502d14a7ba5311 |
| SHA1 | ebf8496f542ab15f09e72988b7736cb7e9dbb29d |
| SHA256 | dfda99ee9629412e256f6615d36bec3628b079d932a818cb8e38e1be42378f56 |
| SHA512 | f23618c057d022d910f96b738841b0825820a8e196e254e478e94355ee083685ec37a21e3b6079afb2618cabb8b118cd0c04c303ecacb2dc6cfe0cb14b433821 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe
| MD5 | 0971a4148b00ff55ab502d14a7ba5311 |
| SHA1 | ebf8496f542ab15f09e72988b7736cb7e9dbb29d |
| SHA256 | dfda99ee9629412e256f6615d36bec3628b079d932a818cb8e38e1be42378f56 |
| SHA512 | f23618c057d022d910f96b738841b0825820a8e196e254e478e94355ee083685ec37a21e3b6079afb2618cabb8b118cd0c04c303ecacb2dc6cfe0cb14b433821 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe
| MD5 | 9170157c884a7a7a0f754abd1425aa3d |
| SHA1 | 219a0283efbad022851c7c37a0fccd12f69ce057 |
| SHA256 | 37c89b7342b6ddd789fe85f47320b7e84bdde87c76a1557464c107201e9cbb20 |
| SHA512 | c0b36aa6d0caf4a11b454b21bb5a5f6b3e12bdada59fa9eca6dffd44aa230beb5a95d96f0723f38eef96ccca193a4a706954d939f4a209debb9db275f5cebbed |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe
| MD5 | 9170157c884a7a7a0f754abd1425aa3d |
| SHA1 | 219a0283efbad022851c7c37a0fccd12f69ce057 |
| SHA256 | 37c89b7342b6ddd789fe85f47320b7e84bdde87c76a1557464c107201e9cbb20 |
| SHA512 | c0b36aa6d0caf4a11b454b21bb5a5f6b3e12bdada59fa9eca6dffd44aa230beb5a95d96f0723f38eef96ccca193a4a706954d939f4a209debb9db275f5cebbed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | df4fb359f7b2fa8af30bf98045c57c44 |
| SHA1 | 6d507359e1fd5be8f7c01fd4b291f81cf9561378 |
| SHA256 | 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc |
| SHA512 | 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
\??\pipe\LOCAL\crashpad_3224_AGHBNCNHTUTDWHTG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
\??\pipe\LOCAL\crashpad_4260_YVMAXPGLEGZIJNOB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 97591fc90f2caf7b6e1d3bc7f6f5d8df |
| SHA1 | 54e0adafbc5ab296d9ae1ccbe74efee982317bad |
| SHA256 | 0c2d739749488ed384b8675c0d6a9c1d18ce3b2ec7bae0c5d344dfeac5028122 |
| SHA512 | fcc92a16df71eee1e761840aa6a813c0304df5a1f69f9823c80745268173907b28b9bb415496d1bca606d7b74399d9d0d89e52acdeeba0fd13ebb31a8b1ca688 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2e392861720f5b6bb2a72785db5f4d8d |
| SHA1 | 71d2a632454fbc29079749429d5dbfc549efa647 |
| SHA256 | 36ccf1ad72558f95a5c2beac41bd447a9567de990354017c7b98b1f197c219b5 |
| SHA512 | 58409792bb7324e0e9420995dd40f06059074ddfd1cf781d2ddd3ee8896733a3945a977b53c03e0a0b08c0c948dbb4103a705b092a9f49d0328190e4836b51ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 97591fc90f2caf7b6e1d3bc7f6f5d8df |
| SHA1 | 54e0adafbc5ab296d9ae1ccbe74efee982317bad |
| SHA256 | 0c2d739749488ed384b8675c0d6a9c1d18ce3b2ec7bae0c5d344dfeac5028122 |
| SHA512 | fcc92a16df71eee1e761840aa6a813c0304df5a1f69f9823c80745268173907b28b9bb415496d1bca606d7b74399d9d0d89e52acdeeba0fd13ebb31a8b1ca688 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2e392861720f5b6bb2a72785db5f4d8d |
| SHA1 | 71d2a632454fbc29079749429d5dbfc549efa647 |
| SHA256 | 36ccf1ad72558f95a5c2beac41bd447a9567de990354017c7b98b1f197c219b5 |
| SHA512 | 58409792bb7324e0e9420995dd40f06059074ddfd1cf781d2ddd3ee8896733a3945a977b53c03e0a0b08c0c948dbb4103a705b092a9f49d0328190e4836b51ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b039b34371a1d5ca5936ef6e9c800f73 |
| SHA1 | f0bfdbc866c659b846c1260ceba34c6b7dc3da1e |
| SHA256 | 7d23ca2aaedcce11419606216658a8203668a813fb213a14d26061cd3aa6a915 |
| SHA512 | 2d3766fd159e2b92cd6d81bb2980009c3d16751f8d584fa949ba39af175062fcffb458e39eb2096f0480c672e364ff0c9cb397dad7c000b86c6b161632433a1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1fdd281b86609f3a415730bd6fe3ff0c |
| SHA1 | 54b4317549b6dad05775e2bcf40df8efcfe94bd3 |
| SHA256 | 68cbfdb02debb2650ffd32536f694b13d95e681e57518ee3e5f24095809c7fcd |
| SHA512 | f3aff462505f404442cf336c673c3d7e01edee6e130070866ab8b2eaab0f9cc2d56ce5bbd11fdc6c95c32406f2d694b0c688005e0773212237b9c540e3fb4c25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 812bd4602f885081076f0fc7f173b67a |
| SHA1 | 21287783ff3f7c555bd4b3342bf53b1b6934ef53 |
| SHA256 | 69634985b3edab3768c12ac97d9395600de3b9638fc019c3713f7ca638433f2c |
| SHA512 | 1d42cf81294013349c5aaed3148e78a877079a8b7999f3a7d2dc2f3d925219219ba0e6a03d0baf7738bd70de1ce30b48305c139d40688da306319f6416f97e05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b039b34371a1d5ca5936ef6e9c800f73 |
| SHA1 | f0bfdbc866c659b846c1260ceba34c6b7dc3da1e |
| SHA256 | 7d23ca2aaedcce11419606216658a8203668a813fb213a14d26061cd3aa6a915 |
| SHA512 | 2d3766fd159e2b92cd6d81bb2980009c3d16751f8d584fa949ba39af175062fcffb458e39eb2096f0480c672e364ff0c9cb397dad7c000b86c6b161632433a1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 812bd4602f885081076f0fc7f173b67a |
| SHA1 | 21287783ff3f7c555bd4b3342bf53b1b6934ef53 |
| SHA256 | 69634985b3edab3768c12ac97d9395600de3b9638fc019c3713f7ca638433f2c |
| SHA512 | 1d42cf81294013349c5aaed3148e78a877079a8b7999f3a7d2dc2f3d925219219ba0e6a03d0baf7738bd70de1ce30b48305c139d40688da306319f6416f97e05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 97591fc90f2caf7b6e1d3bc7f6f5d8df |
| SHA1 | 54e0adafbc5ab296d9ae1ccbe74efee982317bad |
| SHA256 | 0c2d739749488ed384b8675c0d6a9c1d18ce3b2ec7bae0c5d344dfeac5028122 |
| SHA512 | fcc92a16df71eee1e761840aa6a813c0304df5a1f69f9823c80745268173907b28b9bb415496d1bca606d7b74399d9d0d89e52acdeeba0fd13ebb31a8b1ca688 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2e392861720f5b6bb2a72785db5f4d8d |
| SHA1 | 71d2a632454fbc29079749429d5dbfc549efa647 |
| SHA256 | 36ccf1ad72558f95a5c2beac41bd447a9567de990354017c7b98b1f197c219b5 |
| SHA512 | 58409792bb7324e0e9420995dd40f06059074ddfd1cf781d2ddd3ee8896733a3945a977b53c03e0a0b08c0c948dbb4103a705b092a9f49d0328190e4836b51ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11MB7620.exe
| MD5 | 26a58cbe0a44ec2f6ccd714c8cb30f0b |
| SHA1 | 9b1c5d796f7a943f8e36128cefadd8c8e54a6631 |
| SHA256 | 6554ce03263623ded065dd2349551be0bf816199bc91553c5f8c594b55ae0b14 |
| SHA512 | 439a75c04ecd38d7164e6364eb582f672c347c2313831fde8f69898ba68b4766e62c6162db9459b7dda6d351395cdfe83f330951b303e9d1893149f879114905 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11MB7620.exe
| MD5 | 26a58cbe0a44ec2f6ccd714c8cb30f0b |
| SHA1 | 9b1c5d796f7a943f8e36128cefadd8c8e54a6631 |
| SHA256 | 6554ce03263623ded065dd2349551be0bf816199bc91553c5f8c594b55ae0b14 |
| SHA512 | 439a75c04ecd38d7164e6364eb582f672c347c2313831fde8f69898ba68b4766e62c6162db9459b7dda6d351395cdfe83f330951b303e9d1893149f879114905 |
memory/7060-187-0x0000000000400000-0x0000000000433000-memory.dmp
memory/7060-192-0x0000000000400000-0x0000000000433000-memory.dmp
memory/7060-191-0x0000000000400000-0x0000000000433000-memory.dmp
memory/7060-203-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12tW848.exe
| MD5 | 6c48bad9513b4947a240db2a32d3063a |
| SHA1 | a5b9b870ce2d3451572d88ff078f7527bd3a954a |
| SHA256 | 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8 |
| SHA512 | 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12tW848.exe
| MD5 | 6c48bad9513b4947a240db2a32d3063a |
| SHA1 | a5b9b870ce2d3451572d88ff078f7527bd3a954a |
| SHA256 | 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8 |
| SHA512 | 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f |
memory/5492-217-0x0000000000400000-0x000000000043C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13sy955.exe
| MD5 | e5ee7dbfec6433859f0f737b2e2056e6 |
| SHA1 | 6bfda79b666acf86014f9af8a9bbd9de9b126b1c |
| SHA256 | e81216b5f783b3373dec0a91aa95afc427f7e77c1365e222064b1392abfda80b |
| SHA512 | c8326c1f3732cc3babc649d84684e52d5ce998eb28d618db98de84a64af945ef0e96d47be95305ad9fd606e8336cc26b277b14f295ffa05501b56ab53c8a038b |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13sy955.exe
| MD5 | e5ee7dbfec6433859f0f737b2e2056e6 |
| SHA1 | 6bfda79b666acf86014f9af8a9bbd9de9b126b1c |
| SHA256 | e81216b5f783b3373dec0a91aa95afc427f7e77c1365e222064b1392abfda80b |
| SHA512 | c8326c1f3732cc3babc649d84684e52d5ce998eb28d618db98de84a64af945ef0e96d47be95305ad9fd606e8336cc26b277b14f295ffa05501b56ab53c8a038b |
memory/5492-222-0x0000000073790000-0x0000000073F40000-memory.dmp
memory/5732-223-0x0000000000400000-0x0000000000488000-memory.dmp
memory/5492-226-0x0000000007DA0000-0x0000000008344000-memory.dmp
memory/5732-228-0x0000000000400000-0x0000000000488000-memory.dmp
memory/5732-225-0x0000000000400000-0x0000000000488000-memory.dmp
memory/5732-224-0x0000000000400000-0x0000000000488000-memory.dmp
memory/5492-229-0x0000000007890000-0x0000000007922000-memory.dmp
memory/5492-236-0x0000000007850000-0x0000000007860000-memory.dmp
memory/5492-239-0x0000000007A30000-0x0000000007A3A000-memory.dmp
\??\pipe\LOCAL\crashpad_3768_CGUSDARFBDBKBTAB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/5492-265-0x0000000008970000-0x0000000008F88000-memory.dmp
memory/5492-266-0x0000000007BD0000-0x0000000007CDA000-memory.dmp
memory/5492-267-0x0000000007B00000-0x0000000007B12000-memory.dmp
memory/5492-271-0x0000000007B60000-0x0000000007B9C000-memory.dmp
memory/5492-274-0x0000000007CE0000-0x0000000007D2C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b039b34371a1d5ca5936ef6e9c800f73 |
| SHA1 | f0bfdbc866c659b846c1260ceba34c6b7dc3da1e |
| SHA256 | 7d23ca2aaedcce11419606216658a8203668a813fb213a14d26061cd3aa6a915 |
| SHA512 | 2d3766fd159e2b92cd6d81bb2980009c3d16751f8d584fa949ba39af175062fcffb458e39eb2096f0480c672e364ff0c9cb397dad7c000b86c6b161632433a1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 21d77613e1ace371173d955acdf8a8cb |
| SHA1 | 1880b5d09e417f842537cbe9fd6390c522aceb56 |
| SHA256 | fb5c0d679651b37ee5e325f705f29bbbd4ff9767a11928dc230ad5a6a138ed08 |
| SHA512 | e2cd3a9dc3d363af776847b99a35e6dbd8676c170f24fef120ed4e35d53550221c769e2189e7be66b075f38ac0e08c18cd165423f9f6a637854a762ae1e863b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 439c97b7633080e083fab7fde6e2a0cb |
| SHA1 | 1bcbf6584f8c712c7605ffc9c1b73b7d4b205e36 |
| SHA256 | b310e886b740056b6ad92f51e26fe6b1cbc8214928323299e7d0ce5d12d2d481 |
| SHA512 | 8006eb7289298131a0f42acb9b54e7369c3b36536a5369864eb9f5326ccbb597dd2841cd0b50acdadbc07a037034c9c8ec9467809f4c791679ee54cc08ca22e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 918ecd7940dcab6b9f4b8bdd4d3772b2 |
| SHA1 | 7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4 |
| SHA256 | 3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175 |
| SHA512 | c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
\??\pipe\LOCAL\crashpad_1980_JTVCDGGMCOQQBAUJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1204_HNECYHKMEINQYINJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 21d77613e1ace371173d955acdf8a8cb |
| SHA1 | 1880b5d09e417f842537cbe9fd6390c522aceb56 |
| SHA256 | fb5c0d679651b37ee5e325f705f29bbbd4ff9767a11928dc230ad5a6a138ed08 |
| SHA512 | e2cd3a9dc3d363af776847b99a35e6dbd8676c170f24fef120ed4e35d53550221c769e2189e7be66b075f38ac0e08c18cd165423f9f6a637854a762ae1e863b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | fdbf5bcfbb02e2894a519454c232d32f |
| SHA1 | 5e225710e9560458ac032ab80e24d0f3cb81b87a |
| SHA256 | d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c |
| SHA512 | 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 4e08109ee6888eeb2f5d6987513366bc |
| SHA1 | 86340f5fa46d1a73db2031d80699937878da635e |
| SHA256 | bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339 |
| SHA512 | 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585704.TMP
| MD5 | 2da2912ca9325c03ed7d5bee2f755aef |
| SHA1 | dbef92e58665a39460a3c8315556a1b47198ea4b |
| SHA256 | b1070209be695dae066b6f92337681351485f758b91b1c038ddd0bbbff4957ea |
| SHA512 | 4d249f5b5473211a88800e39cc9ddf7c7e91577d5c5b2aafe5cffd05aa4e3d72f7bf3b5ff52273f03ed62c9f7b6736546dee2e6c3a63873bc9f99dbe3beb5dfc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 334991e87ec086e7f0c506c6580a78bf |
| SHA1 | f43189b5e3c06199d491636f63a94d838f7d3fc9 |
| SHA256 | 895a65f969eb4fe7215e1cdfd2495c468e08f89b67ca19375ac65bbd6f74654c |
| SHA512 | 297c44613f034df218f26bfbd6c15b207253580b530b516be0f9fab2cc3a626ae0724e516b8abe34f63d9dce95f673f34a30dac0a1f4cb72c5420e161f860130 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
memory/5492-540-0x0000000073790000-0x0000000073F40000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 84c93530851b5276cf196d76ad843152 |
| SHA1 | 0d175ded434d3a10cbda560059419e9c84222cb3 |
| SHA256 | ca8b09c3818f0455217d789a670240f5882cc76ef27a8b5138b6ce1bc4a2cbdd |
| SHA512 | 1de0ad9182e849c851b5ea9074dfba721df83841d063e7fb6be5d98e79d2357b5204d39c88b2ace6dda991b132962e1aa49f58eb2480d3f5bd1f1d94be4e2aa0 |
memory/5492-583-0x0000000007850000-0x0000000007860000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b163468d8e69f87bf947f30a320f45bd |
| SHA1 | 3253c90eff03c51770e0fcf029344bbe67ea6c85 |
| SHA256 | 5e43668e3fdd77be6785b62aaf1345e9ec47af561634b41773953644e49003bf |
| SHA512 | 70fcb41c9c945c46157adb95f38f49b1aadc4c61677feac0c8fc5749bbdfb41bb52d7c464b3e24d4051a58d68a9019028193708a217063475b944ef5a2be8725 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | c95cbd0258761ca7de85eb6e5e1d37a7 |
| SHA1 | b9ea27af6c1030a29aa1f6935b92087588112377 |
| SHA256 | 3240c7e385f8727fada50ecad1ead863af8dfa11fa1fa39e02f9e0c2c25aebff |
| SHA512 | 945a87448243e156a40e7eb07ead108b9fc92419dd25ec145d81ce59a1f1bd36944df7d6efbc4c779a12598e73a69f4ee5bd2a5a8b073885797324581b783805 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 1a8c9030d652d013a566bcb5fbc4eb5e |
| SHA1 | 59ec41965d4fdecf52666b85f80f129ca9c06056 |
| SHA256 | 00e2ee189f1d7d175f87e29eedac4682d41d5260d7708d3be81860b001a50c55 |
| SHA512 | 599f801ae154a5f3e336fe88ca6e1308da5f48fae6439d5dfd180ebce502083904fade9269d2ed3074c1cf6a21fe0ef7a15d7260e014b07ddf3d153146139330 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 391fb5ee8577281ebf6ca7a162896fdb |
| SHA1 | 8f2180dcb36db9ba9ea91a74b9affeef004facd7 |
| SHA256 | 9de454514fd12aa9dab9641733d2f42391df626e4822127dce5feba8bf32ea8c |
| SHA512 | 0b89a368c74bb09ed86a86ec1afa4e93a517b708e6162832a8dd07f3a4ca158f76ddd7e1044e6d1660b43b41a15a57f3a7bb8cb98fd2f17e6e816a5256b7cb3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21fc35e82a35a6f1fa47cac16b2425cb |
| SHA1 | d4493940e82160f7b34464995a449f3524c134e2 |
| SHA256 | 359475d626709a9d98471c54e61ed3f4588b26da47bc74f3cad5b5da12da9772 |
| SHA512 | 96ca58032cdcc6b01cab7c0097ac3cec5f662fdc35173bc29422abebc684a7acc7cbd723651bf282a56a66d27deaf74cd77eed43ed016288ed84e1e61fe0ea35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e
| MD5 | 740a924b01c31c08ad37fe04d22af7c5 |
| SHA1 | 34feb0face110afc3a7673e36d27eee2d4edbbff |
| SHA256 | f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0 |
| SHA512 | da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\fec51264-bf72-49b3-9fe7-908e0d9e26d2\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | cc7d6d7a27518e76b1d21921e8524112 |
| SHA1 | 645b2da43f9eed5f317a70b7507afd8dba40c48f |
| SHA256 | 5cef88167993049bd738fd174b9a88aea7bb63fe4a5fbb382cfed58840102322 |
| SHA512 | ffd703a23b57d8cad3f35feb99a20f7ea1f2d635a1c71d922619199bae0d314c9f5e8ea4b5de6130ef063d71c719a4d1947b065e40aa98db2e32393d16b001a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe589ad4.TMP
| MD5 | 3630968cc1b0e95e37a700b73b02c8f6 |
| SHA1 | fcde8a54a32eab59ec6a639d7e688ccf7d8674db |
| SHA256 | 79877bafe6dae8910796cb2e7448fb4197ab4698667792b2a645f8e81ef9f14b |
| SHA512 | bbf21b2fe1595f3ed018aec546ee6d65e556d184ce165e1f0b3d2d6e1fa0304c4b2b37ab88472dd827e4335288d36a626459f7caeab21829a5bb90b711bb4708 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | affced455307bd24b04e78df3db4d18e |
| SHA1 | 71bdd6735c6cf8c3a61c648513187d71b0186908 |
| SHA256 | 5226ed10033263386f7cf80143b142fd70b5873137bd6de34a0b7263cd918672 |
| SHA512 | a834aeac804b61d2b8ea258443988f5cd21a7a7532d3e21532099d2f54f53ddd669fe766ea99f493aee9c26bb2601c3e847e6c9331f89961d7696573d6ce19f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d7aa288a2bbe12a89fb142a4117f4432 |
| SHA1 | 7c8ae0e14215018144368796f82ec491ba53611c |
| SHA256 | 78243be2ebaac569bfe8fdb8577b87f9975091e2abaf783e6645d38361007356 |
| SHA512 | d32a84a7c0f35a6f799ab1fde7f653efb0aafcf36331ec99855eef054d61965fc61414015736de9e91cfba379ac1ac59ce91de9282fad5aeb2551f668656fd1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a0abbcb034228eda88a9976e267e2a1c |
| SHA1 | 6562400cc45b22852118d02f3690401eb633f9cb |
| SHA256 | 3be737cfffb261ec4c8c68146532ec5ebc48465e4848bdd596a8dbd3493101fb |
| SHA512 | 183c9715ae70110034b2f94225a78cf09c310d42e1fe7314581e9339b35539d1987c99279b92785025263c59288c1e74d5fd3e8f90a5a04422e5514c3fe1961b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7b48b27547026f2f9d16700b549ef791 |
| SHA1 | 3e3e4aa4a6e83bfc61f75243a02c0a48815d94f8 |
| SHA256 | be1874ba9ba9594c158ee2e26bdd9ac8463774a8d3563e2c5f408a33e61f701d |
| SHA512 | 268e228f531e70e3f2e3a68b0ec7c00d443d079d2d2224807db11c4a09b310bc7fe9d23fc213dd188b53911df0dce77dd4892081439ee86b592c493f9dfde8b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 49431f0d30837d81b938a3a20edaddc1 |
| SHA1 | 7c870e0b52311eec8ce3930495bbe41c6e3944cd |
| SHA256 | 6e6cbb659cdfadcf52e5c6cf84f4089049c05342b12b96895804d586c146b35d |
| SHA512 | cbe897d0c9606d0a38c0877f0978bc1efad5486f9483fea297c1cf3620c24570df762c111c29693075613b05bb4a8ba4602349efb57cc79e40b646570bc54e39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58e5c7.TMP
| MD5 | 5842df4d6c1e5206e3836360d450f825 |
| SHA1 | e0e47c1120bb4d2841a64d23bcfd96521b316a44 |
| SHA256 | 83f64812365b9a6138508671e718453f3b4e82edd09fea2159eab4c824744107 |
| SHA512 | 0f1e0daf0be0e83ea807671a83b44644a93abdd617658771c977bdfaf3748b516c9003eba91e970a7125fff6cc9c547530c21178814008ac05aa556f8c99079a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 94318bb5171ca0c19f98aea6a8f6b25e |
| SHA1 | a2c36bbb7e5730fe3c8a38c5cd777552fb38addf |
| SHA256 | 6470c0d9ad3189f0b1caf8a323cf6d02bed2af9900efc16cdeee6781e28fc157 |
| SHA512 | dbba94d0301ab57fcadf6994c5ff2ce37a2d25d8c8d5021afbcf616673f8e3fbfe51aca53c3256f4b0e34fb1b52fcbfe76e4f41711b898289ee7f874adaa0cd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\fec51264-bf72-49b3-9fe7-908e0d9e26d2\index-dir\the-real-index
| MD5 | e8ff06115c38fa35c38f556462a20c0d |
| SHA1 | 946260f169287e762e62a08380f7b5c31f064c85 |
| SHA256 | 879eab025a18d61f14d6f3b175d5ad059e83f04389baf4e5f9f084e3bb2660fa |
| SHA512 | 0ad40bec2bbedbf6ac368d31258c20ddf66226305e2a709053b3b70b2c16ca1009a62490337d0eba47084246c32488cd228b87234caa45034e5324a996f7dbba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\fec51264-bf72-49b3-9fe7-908e0d9e26d2\index-dir\the-real-index~RFe58f076.TMP
| MD5 | 4d7fc4f5e268600c66eed8eba9d8fb1b |
| SHA1 | 7c221d703e749fbf5e68cd6e4e2caf3f098fdd3b |
| SHA256 | 5a54bec71877e48538eb2c79a62aebdb11ea63a27f07e02f9a493b303cef5fc1 |
| SHA512 | ffca357079c3ee145d0476633091ad96685d6e6607f6f9751230384e0024a365a67b194be9d73f3ad2f730b55b7a0a250581d7daaa79d3836aa3d30bbd9db851 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2b05c26caef67b9e822271b2a734fbf7 |
| SHA1 | b62ea0bb0811abe010b9f6a5b39c0e57f71da967 |
| SHA256 | 4832b3fc1f1aaafb53fa26e1c5d01ffac9c26a9f1a59c153139b862a9b5fc98a |
| SHA512 | 7f6a36e0d55893fe50e1e90fa4bd65ffd71d2acffdcdf038bfe75625c8c360b4a552f590f74f47be7f209e957de74e651b06d8aa4d3eece145f10de0a5837ed5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 188396128fbf94ba133982b38524575d |
| SHA1 | f3b21ba6cf61b6e882dd1d7693047cb8922e9431 |
| SHA256 | 453a142a343743e3af0123791307f462cb4df8fb3eae1208ef34aa2f813e58b5 |
| SHA512 | f1ddc199a83c6a0aeaa83cd50e67ea9d2b624145a128ffc91c83d9b787b8fcc47c5ab504906be9765a91abc043174df8a326c474e0b12325e01309c63d456a4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\49cd763c-52a7-4e66-94a5-b52def34b480\index-dir\the-real-index~RFe591757.TMP
| MD5 | 3a69cc06eb35c0f719e26b8f54ebb187 |
| SHA1 | 9ff68426bbca9926d3e1a64595874e73eba3f790 |
| SHA256 | 73e415112314d8d903ff977c01f1c305dc35b5231d1dafa5736bc1f9ed469c54 |
| SHA512 | 9ea373f3a172d9810a4c1b8ddc087fcc21aefac3376d35ea0737dd31c1ff622c5a5c34049524496c6f63ccf5e4f8a084643cb44e27987d6247a5e4a13c85ac3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\49cd763c-52a7-4e66-94a5-b52def34b480\index-dir\the-real-index
| MD5 | f3b9f0ada65e18b9bda07b99d2cd9d69 |
| SHA1 | 3e74fb369c62cddad101e1db22d936a289acca59 |
| SHA256 | 46320ad1e46ce17ab144100ec9c983d1d9693162d352830c7f0ad1fbce83908b |
| SHA512 | 362b4e7eaf19456775fef0c9d307f97fa2abf005417fd9ca981b7719cf0faef20e76af784960e5e16da24f72893f4710e7b554c9fc77fbee338aa452a5ada2f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | aedc74e484d1c1b953ba4d158a166d44 |
| SHA1 | 39612015d5e62548c3965594877223d7a4ad6df8 |
| SHA256 | d67b624ab48124a5cd1e5d05e01cf3ec22db09c51277ff38c44488e3c61f5449 |
| SHA512 | f0dcc866d2642f9877aac283e2460fb3d981d1eefedca53b82160f2a6b232dbedfef72c018462eab4a93f8a368e782110571acf56d2d39cecf71d892085b943a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5005afd06ee1d677b35153e7b1d6bad2 |
| SHA1 | 4af5a963afe3fbe4f97ecab10261fa587dc1b496 |
| SHA256 | 36ffd498d9eacc7fbe894dc6087da6bf790efb41259481ed1b045790df844c8a |
| SHA512 | 114396808afb1dece162fa7a0a45e54339c176febd678931ce67b516f3be1a8b604963ac28e4c3cba7e91483d8d0df7faf32a75972fa2af92e922c62a8bf30b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | da1d1342a9b67ed1a0948d6960d5b285 |
| SHA1 | 8c00be894a0bf236dad4de0e51c1ca12a6075ae3 |
| SHA256 | d7eb9e112fcfffcf308018af45e8a22b53bb471475f09fa75768200955a61f9e |
| SHA512 | 89d755e295f04d3ae83717d7a737db305869c9a1c9445845d54114c019ef14c14b9d94d67543b07cd72763aa90f5cea9f5f338eca3983c7ea5e52cbe4e79d7ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\7ce0e0f8-7720-461f-b3c1-e4935bf545b0\index-dir\the-real-index~RFe5969cc.TMP
| MD5 | bf499e8adbafd23f38a2a1f5d97eb5dd |
| SHA1 | 0b720aa7229ed3b508cdab72584c53e69ef328d2 |
| SHA256 | 8b8e53673708a8d5a3d5c7a7cd694be58f5ef4cb7ded666106c0dddc90e193ab |
| SHA512 | f25627873ad5592929ad477baff4ff16ad9efc2b88a7d705981ee9ba01b9a6775b00704bc0cb0a48f9674be9547ac5eca0265d2b2882a73d9db2d35075b43dd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\7ce0e0f8-7720-461f-b3c1-e4935bf545b0\index-dir\the-real-index
| MD5 | c084e9c61413baad5ec26c9ddca4564f |
| SHA1 | 3ecdffbecd617fd1c67d4cc60f7c56dd5ae110ed |
| SHA256 | f4941fe2ac8bcd9c7fbb5f70cbe0ae5f3fe0acbe2c03ec24f297ad62a092869d |
| SHA512 | 50333e2e6b34422b9f6060458f66a590eba8e483b690d9687e075257017c2741c29bb0fc2bf26667eb9e0a3f911b124165804c6cbb3225c1738d4e57bb13e536 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 37032262ef98ae304cc6b8df32ad0d5e |
| SHA1 | cfa34d529bb8e30b15f6078ab9ff602788a7511f |
| SHA256 | b49c320a69c80ef911f8b4ae856ef67a00a0cfac84dc05eeab0783ae34b37d6a |
| SHA512 | 0a02c530ebf7db1593e9af0e07cf7e62bd9ee6c2e4ffcc4259e9d8d7f5b8d2b9e5d3f7f1c2c20c2b24893f05f3b40e6e2dc23fd42a1e3a3bbab508977d58c790 |