Malware Analysis Report

2024-11-13 19:10

Sample ID 231111-xqhypabb3s
Target f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c
SHA256 f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c

Threat Level: Known bad

The file f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Detected potential entity reuse from brand paypal.

AutoIT Executable

Suspicious use of SetThreadContext

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 19:03

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 19:03

Reported

2023-11-11 19:06

Platform

win10v2004-20231023-en

Max time kernel

167s

Max time network

178s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2064 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe
PID 2064 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe
PID 2064 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe
PID 1696 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe
PID 1696 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe
PID 1696 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe
PID 3984 wrote to memory of 64 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe
PID 3984 wrote to memory of 64 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe
PID 3984 wrote to memory of 64 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe
PID 64 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 3224 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3768 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3768 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4260 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c.exe

"C:\Users\Admin\AppData\Local\Temp\f087736e7cea212ea77f85a8708598038c3eaebdf9892fdf083cbde4fc27149c.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff9590546f8,0x7ff959054708,0x7ff959054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9590546f8,0x7ff959054708,0x7ff959054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9590546f8,0x7ff959054708,0x7ff959054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9590546f8,0x7ff959054708,0x7ff959054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff9590546f8,0x7ff959054708,0x7ff959054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,14385172312920833495,11718426557982759985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,14385172312920833495,11718426557982759985,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9590546f8,0x7ff959054708,0x7ff959054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10662014693377698873,5877992140340162040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7072976801294191402,16017286195660335893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff9590546f8,0x7ff959054708,0x7ff959054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,15391068346201303900,14676520841999436847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15391068346201303900,14676520841999436847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9590546f8,0x7ff959054708,0x7ff959054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9590546f8,0x7ff959054708,0x7ff959054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9590546f8,0x7ff959054708,0x7ff959054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11MB7620.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11MB7620.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7060 -ip 7060

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12tW848.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12tW848.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13sy955.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13sy955.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9124 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1525056706512491914,722300833221615621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8952 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 254.1.248.8.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 store.steampowered.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 3.210.187.106:443 www.epicgames.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.1:443 twitter.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 1.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 106.187.210.3.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 32.101.122.92.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 2.18.121.145:443 store.akamai.steamstatic.com tcp
US 2.18.121.145:443 store.akamai.steamstatic.com tcp
US 2.18.121.145:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 8.8.8.8:53 apps.identrust.com udp
NL 92.122.101.8:80 apps.identrust.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 145.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 8.101.122.92.in-addr.arpa udp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 93.184.220.70:443 pbs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 104.244.42.197:443 t.co tcp
US 68.232.34.217:443 video.twimg.com tcp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 192.240.110.104.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 214.168.217.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 2.18.121.147:443 community.akamai.steamstatic.com tcp
US 2.18.121.147:443 community.akamai.steamstatic.com tcp
US 2.18.121.147:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
US 172.67.209.38:80 killredls.pw tcp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 147.121.18.2.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 c.paypal.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 b.stats.paypal.com udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 157.240.5.35:443 facebook.com tcp
US 2.18.121.147:443 community.akamai.steamstatic.com tcp
US 2.18.121.147:443 community.akamai.steamstatic.com tcp
US 2.18.121.147:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 2.18.121.145:443 store.akamai.steamstatic.com tcp
US 2.18.121.145:443 store.akamai.steamstatic.com tcp
US 2.18.121.145:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 104.244.42.130:443 api.twitter.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 fbsbx.com udp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-q4fl6nss.googlevideo.com udp
US 172.217.131.169:443 rr4---sn-q4fl6nss.googlevideo.com tcp
US 172.217.131.169:443 rr4---sn-q4fl6nss.googlevideo.com tcp
US 172.217.131.169:443 rr4---sn-q4fl6nss.googlevideo.com tcp
US 172.217.131.169:443 rr4---sn-q4fl6nss.googlevideo.com tcp
US 172.217.131.169:443 rr4---sn-q4fl6nss.googlevideo.com tcp
US 172.217.131.169:443 rr4---sn-q4fl6nss.googlevideo.com tcp
US 8.8.8.8:53 169.131.217.172.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
JP 23.207.106.113:443 login.steampowered.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.202:443 jnn-pa.googleapis.com tcp
NL 142.250.179.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe

MD5 cdaa0c7c1e5b4ee6f7d02c6c1443edad
SHA1 6964499f4df1b8ed4e5fcc0c5e0b1cc0b49762da
SHA256 ba3af4da8615d3dd434e1af54b07d551af34342429c79c6a84f208b0927f94d7
SHA512 998f3ff1fc28d835d46cbea6af03dada18f2bb4bd8e3e5e5edfff7ca7336aa84875aeeeacb56c2924edbcdc8fde6f8b1f3db9c69ae57ba30d89405e8d9e00161

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VS3oq78.exe

MD5 cdaa0c7c1e5b4ee6f7d02c6c1443edad
SHA1 6964499f4df1b8ed4e5fcc0c5e0b1cc0b49762da
SHA256 ba3af4da8615d3dd434e1af54b07d551af34342429c79c6a84f208b0927f94d7
SHA512 998f3ff1fc28d835d46cbea6af03dada18f2bb4bd8e3e5e5edfff7ca7336aa84875aeeeacb56c2924edbcdc8fde6f8b1f3db9c69ae57ba30d89405e8d9e00161

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe

MD5 0971a4148b00ff55ab502d14a7ba5311
SHA1 ebf8496f542ab15f09e72988b7736cb7e9dbb29d
SHA256 dfda99ee9629412e256f6615d36bec3628b079d932a818cb8e38e1be42378f56
SHA512 f23618c057d022d910f96b738841b0825820a8e196e254e478e94355ee083685ec37a21e3b6079afb2618cabb8b118cd0c04c303ecacb2dc6cfe0cb14b433821

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ba5bS34.exe

MD5 0971a4148b00ff55ab502d14a7ba5311
SHA1 ebf8496f542ab15f09e72988b7736cb7e9dbb29d
SHA256 dfda99ee9629412e256f6615d36bec3628b079d932a818cb8e38e1be42378f56
SHA512 f23618c057d022d910f96b738841b0825820a8e196e254e478e94355ee083685ec37a21e3b6079afb2618cabb8b118cd0c04c303ecacb2dc6cfe0cb14b433821

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe

MD5 9170157c884a7a7a0f754abd1425aa3d
SHA1 219a0283efbad022851c7c37a0fccd12f69ce057
SHA256 37c89b7342b6ddd789fe85f47320b7e84bdde87c76a1557464c107201e9cbb20
SHA512 c0b36aa6d0caf4a11b454b21bb5a5f6b3e12bdada59fa9eca6dffd44aa230beb5a95d96f0723f38eef96ccca193a4a706954d939f4a209debb9db275f5cebbed

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10DL02lh.exe

MD5 9170157c884a7a7a0f754abd1425aa3d
SHA1 219a0283efbad022851c7c37a0fccd12f69ce057
SHA256 37c89b7342b6ddd789fe85f47320b7e84bdde87c76a1557464c107201e9cbb20
SHA512 c0b36aa6d0caf4a11b454b21bb5a5f6b3e12bdada59fa9eca6dffd44aa230beb5a95d96f0723f38eef96ccca193a4a706954d939f4a209debb9db275f5cebbed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df4fb359f7b2fa8af30bf98045c57c44
SHA1 6d507359e1fd5be8f7c01fd4b291f81cf9561378
SHA256 5ff7efcd90db74ff5a6fa467ba741889306ce510b95db8ebd3d5d292dfe587cc
SHA512 92195f5fe36acb84ce5aeedf8654c2ec1d71ebde1e04a5dbce11df2831c3e085c0cd7132ed2c4bddcc3fd1e546c06021dbe5b7364e86054e6cbd6806e7be0463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

\??\pipe\LOCAL\crashpad_3224_AGHBNCNHTUTDWHTG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

\??\pipe\LOCAL\crashpad_4260_YVMAXPGLEGZIJNOB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 97591fc90f2caf7b6e1d3bc7f6f5d8df
SHA1 54e0adafbc5ab296d9ae1ccbe74efee982317bad
SHA256 0c2d739749488ed384b8675c0d6a9c1d18ce3b2ec7bae0c5d344dfeac5028122
SHA512 fcc92a16df71eee1e761840aa6a813c0304df5a1f69f9823c80745268173907b28b9bb415496d1bca606d7b74399d9d0d89e52acdeeba0fd13ebb31a8b1ca688

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2e392861720f5b6bb2a72785db5f4d8d
SHA1 71d2a632454fbc29079749429d5dbfc549efa647
SHA256 36ccf1ad72558f95a5c2beac41bd447a9567de990354017c7b98b1f197c219b5
SHA512 58409792bb7324e0e9420995dd40f06059074ddfd1cf781d2ddd3ee8896733a3945a977b53c03e0a0b08c0c948dbb4103a705b092a9f49d0328190e4836b51ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 97591fc90f2caf7b6e1d3bc7f6f5d8df
SHA1 54e0adafbc5ab296d9ae1ccbe74efee982317bad
SHA256 0c2d739749488ed384b8675c0d6a9c1d18ce3b2ec7bae0c5d344dfeac5028122
SHA512 fcc92a16df71eee1e761840aa6a813c0304df5a1f69f9823c80745268173907b28b9bb415496d1bca606d7b74399d9d0d89e52acdeeba0fd13ebb31a8b1ca688

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2e392861720f5b6bb2a72785db5f4d8d
SHA1 71d2a632454fbc29079749429d5dbfc549efa647
SHA256 36ccf1ad72558f95a5c2beac41bd447a9567de990354017c7b98b1f197c219b5
SHA512 58409792bb7324e0e9420995dd40f06059074ddfd1cf781d2ddd3ee8896733a3945a977b53c03e0a0b08c0c948dbb4103a705b092a9f49d0328190e4836b51ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b039b34371a1d5ca5936ef6e9c800f73
SHA1 f0bfdbc866c659b846c1260ceba34c6b7dc3da1e
SHA256 7d23ca2aaedcce11419606216658a8203668a813fb213a14d26061cd3aa6a915
SHA512 2d3766fd159e2b92cd6d81bb2980009c3d16751f8d584fa949ba39af175062fcffb458e39eb2096f0480c672e364ff0c9cb397dad7c000b86c6b161632433a1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1fdd281b86609f3a415730bd6fe3ff0c
SHA1 54b4317549b6dad05775e2bcf40df8efcfe94bd3
SHA256 68cbfdb02debb2650ffd32536f694b13d95e681e57518ee3e5f24095809c7fcd
SHA512 f3aff462505f404442cf336c673c3d7e01edee6e130070866ab8b2eaab0f9cc2d56ce5bbd11fdc6c95c32406f2d694b0c688005e0773212237b9c540e3fb4c25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 812bd4602f885081076f0fc7f173b67a
SHA1 21287783ff3f7c555bd4b3342bf53b1b6934ef53
SHA256 69634985b3edab3768c12ac97d9395600de3b9638fc019c3713f7ca638433f2c
SHA512 1d42cf81294013349c5aaed3148e78a877079a8b7999f3a7d2dc2f3d925219219ba0e6a03d0baf7738bd70de1ce30b48305c139d40688da306319f6416f97e05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b039b34371a1d5ca5936ef6e9c800f73
SHA1 f0bfdbc866c659b846c1260ceba34c6b7dc3da1e
SHA256 7d23ca2aaedcce11419606216658a8203668a813fb213a14d26061cd3aa6a915
SHA512 2d3766fd159e2b92cd6d81bb2980009c3d16751f8d584fa949ba39af175062fcffb458e39eb2096f0480c672e364ff0c9cb397dad7c000b86c6b161632433a1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 812bd4602f885081076f0fc7f173b67a
SHA1 21287783ff3f7c555bd4b3342bf53b1b6934ef53
SHA256 69634985b3edab3768c12ac97d9395600de3b9638fc019c3713f7ca638433f2c
SHA512 1d42cf81294013349c5aaed3148e78a877079a8b7999f3a7d2dc2f3d925219219ba0e6a03d0baf7738bd70de1ce30b48305c139d40688da306319f6416f97e05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 97591fc90f2caf7b6e1d3bc7f6f5d8df
SHA1 54e0adafbc5ab296d9ae1ccbe74efee982317bad
SHA256 0c2d739749488ed384b8675c0d6a9c1d18ce3b2ec7bae0c5d344dfeac5028122
SHA512 fcc92a16df71eee1e761840aa6a813c0304df5a1f69f9823c80745268173907b28b9bb415496d1bca606d7b74399d9d0d89e52acdeeba0fd13ebb31a8b1ca688

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2e392861720f5b6bb2a72785db5f4d8d
SHA1 71d2a632454fbc29079749429d5dbfc549efa647
SHA256 36ccf1ad72558f95a5c2beac41bd447a9567de990354017c7b98b1f197c219b5
SHA512 58409792bb7324e0e9420995dd40f06059074ddfd1cf781d2ddd3ee8896733a3945a977b53c03e0a0b08c0c948dbb4103a705b092a9f49d0328190e4836b51ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84df16093540d8d88a327b849dd35f8c
SHA1 c6207d32a8e44863142213697984de5e238ce644
SHA256 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA512 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11MB7620.exe

MD5 26a58cbe0a44ec2f6ccd714c8cb30f0b
SHA1 9b1c5d796f7a943f8e36128cefadd8c8e54a6631
SHA256 6554ce03263623ded065dd2349551be0bf816199bc91553c5f8c594b55ae0b14
SHA512 439a75c04ecd38d7164e6364eb582f672c347c2313831fde8f69898ba68b4766e62c6162db9459b7dda6d351395cdfe83f330951b303e9d1893149f879114905

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11MB7620.exe

MD5 26a58cbe0a44ec2f6ccd714c8cb30f0b
SHA1 9b1c5d796f7a943f8e36128cefadd8c8e54a6631
SHA256 6554ce03263623ded065dd2349551be0bf816199bc91553c5f8c594b55ae0b14
SHA512 439a75c04ecd38d7164e6364eb582f672c347c2313831fde8f69898ba68b4766e62c6162db9459b7dda6d351395cdfe83f330951b303e9d1893149f879114905

memory/7060-187-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7060-192-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7060-191-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7060-203-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12tW848.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12tW848.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

memory/5492-217-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13sy955.exe

MD5 e5ee7dbfec6433859f0f737b2e2056e6
SHA1 6bfda79b666acf86014f9af8a9bbd9de9b126b1c
SHA256 e81216b5f783b3373dec0a91aa95afc427f7e77c1365e222064b1392abfda80b
SHA512 c8326c1f3732cc3babc649d84684e52d5ce998eb28d618db98de84a64af945ef0e96d47be95305ad9fd606e8336cc26b277b14f295ffa05501b56ab53c8a038b

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13sy955.exe

MD5 e5ee7dbfec6433859f0f737b2e2056e6
SHA1 6bfda79b666acf86014f9af8a9bbd9de9b126b1c
SHA256 e81216b5f783b3373dec0a91aa95afc427f7e77c1365e222064b1392abfda80b
SHA512 c8326c1f3732cc3babc649d84684e52d5ce998eb28d618db98de84a64af945ef0e96d47be95305ad9fd606e8336cc26b277b14f295ffa05501b56ab53c8a038b

memory/5492-222-0x0000000073790000-0x0000000073F40000-memory.dmp

memory/5732-223-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5492-226-0x0000000007DA0000-0x0000000008344000-memory.dmp

memory/5732-228-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5732-225-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5732-224-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5492-229-0x0000000007890000-0x0000000007922000-memory.dmp

memory/5492-236-0x0000000007850000-0x0000000007860000-memory.dmp

memory/5492-239-0x0000000007A30000-0x0000000007A3A000-memory.dmp

\??\pipe\LOCAL\crashpad_3768_CGUSDARFBDBKBTAB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/5492-265-0x0000000008970000-0x0000000008F88000-memory.dmp

memory/5492-266-0x0000000007BD0000-0x0000000007CDA000-memory.dmp

memory/5492-267-0x0000000007B00000-0x0000000007B12000-memory.dmp

memory/5492-271-0x0000000007B60000-0x0000000007B9C000-memory.dmp

memory/5492-274-0x0000000007CE0000-0x0000000007D2C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b039b34371a1d5ca5936ef6e9c800f73
SHA1 f0bfdbc866c659b846c1260ceba34c6b7dc3da1e
SHA256 7d23ca2aaedcce11419606216658a8203668a813fb213a14d26061cd3aa6a915
SHA512 2d3766fd159e2b92cd6d81bb2980009c3d16751f8d584fa949ba39af175062fcffb458e39eb2096f0480c672e364ff0c9cb397dad7c000b86c6b161632433a1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 21d77613e1ace371173d955acdf8a8cb
SHA1 1880b5d09e417f842537cbe9fd6390c522aceb56
SHA256 fb5c0d679651b37ee5e325f705f29bbbd4ff9767a11928dc230ad5a6a138ed08
SHA512 e2cd3a9dc3d363af776847b99a35e6dbd8676c170f24fef120ed4e35d53550221c769e2189e7be66b075f38ac0e08c18cd165423f9f6a637854a762ae1e863b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 439c97b7633080e083fab7fde6e2a0cb
SHA1 1bcbf6584f8c712c7605ffc9c1b73b7d4b205e36
SHA256 b310e886b740056b6ad92f51e26fe6b1cbc8214928323299e7d0ce5d12d2d481
SHA512 8006eb7289298131a0f42acb9b54e7369c3b36536a5369864eb9f5326ccbb597dd2841cd0b50acdadbc07a037034c9c8ec9467809f4c791679ee54cc08ca22e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 918ecd7940dcab6b9f4b8bdd4d3772b2
SHA1 7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4
SHA256 3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175
SHA512 c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

\??\pipe\LOCAL\crashpad_1980_JTVCDGGMCOQQBAUJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1204_HNECYHKMEINQYINJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 21d77613e1ace371173d955acdf8a8cb
SHA1 1880b5d09e417f842537cbe9fd6390c522aceb56
SHA256 fb5c0d679651b37ee5e325f705f29bbbd4ff9767a11928dc230ad5a6a138ed08
SHA512 e2cd3a9dc3d363af776847b99a35e6dbd8676c170f24fef120ed4e35d53550221c769e2189e7be66b075f38ac0e08c18cd165423f9f6a637854a762ae1e863b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585704.TMP

MD5 2da2912ca9325c03ed7d5bee2f755aef
SHA1 dbef92e58665a39460a3c8315556a1b47198ea4b
SHA256 b1070209be695dae066b6f92337681351485f758b91b1c038ddd0bbbff4957ea
SHA512 4d249f5b5473211a88800e39cc9ddf7c7e91577d5c5b2aafe5cffd05aa4e3d72f7bf3b5ff52273f03ed62c9f7b6736546dee2e6c3a63873bc9f99dbe3beb5dfc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 334991e87ec086e7f0c506c6580a78bf
SHA1 f43189b5e3c06199d491636f63a94d838f7d3fc9
SHA256 895a65f969eb4fe7215e1cdfd2495c468e08f89b67ca19375ac65bbd6f74654c
SHA512 297c44613f034df218f26bfbd6c15b207253580b530b516be0f9fab2cc3a626ae0724e516b8abe34f63d9dce95f673f34a30dac0a1f4cb72c5420e161f860130

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/5492-540-0x0000000073790000-0x0000000073F40000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 84c93530851b5276cf196d76ad843152
SHA1 0d175ded434d3a10cbda560059419e9c84222cb3
SHA256 ca8b09c3818f0455217d789a670240f5882cc76ef27a8b5138b6ce1bc4a2cbdd
SHA512 1de0ad9182e849c851b5ea9074dfba721df83841d063e7fb6be5d98e79d2357b5204d39c88b2ace6dda991b132962e1aa49f58eb2480d3f5bd1f1d94be4e2aa0

memory/5492-583-0x0000000007850000-0x0000000007860000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b163468d8e69f87bf947f30a320f45bd
SHA1 3253c90eff03c51770e0fcf029344bbe67ea6c85
SHA256 5e43668e3fdd77be6785b62aaf1345e9ec47af561634b41773953644e49003bf
SHA512 70fcb41c9c945c46157adb95f38f49b1aadc4c61677feac0c8fc5749bbdfb41bb52d7c464b3e24d4051a58d68a9019028193708a217063475b944ef5a2be8725

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c95cbd0258761ca7de85eb6e5e1d37a7
SHA1 b9ea27af6c1030a29aa1f6935b92087588112377
SHA256 3240c7e385f8727fada50ecad1ead863af8dfa11fa1fa39e02f9e0c2c25aebff
SHA512 945a87448243e156a40e7eb07ead108b9fc92419dd25ec145d81ce59a1f1bd36944df7d6efbc4c779a12598e73a69f4ee5bd2a5a8b073885797324581b783805

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1a8c9030d652d013a566bcb5fbc4eb5e
SHA1 59ec41965d4fdecf52666b85f80f129ca9c06056
SHA256 00e2ee189f1d7d175f87e29eedac4682d41d5260d7708d3be81860b001a50c55
SHA512 599f801ae154a5f3e336fe88ca6e1308da5f48fae6439d5dfd180ebce502083904fade9269d2ed3074c1cf6a21fe0ef7a15d7260e014b07ddf3d153146139330

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 391fb5ee8577281ebf6ca7a162896fdb
SHA1 8f2180dcb36db9ba9ea91a74b9affeef004facd7
SHA256 9de454514fd12aa9dab9641733d2f42391df626e4822127dce5feba8bf32ea8c
SHA512 0b89a368c74bb09ed86a86ec1afa4e93a517b708e6162832a8dd07f3a4ca158f76ddd7e1044e6d1660b43b41a15a57f3a7bb8cb98fd2f17e6e816a5256b7cb3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 21fc35e82a35a6f1fa47cac16b2425cb
SHA1 d4493940e82160f7b34464995a449f3524c134e2
SHA256 359475d626709a9d98471c54e61ed3f4588b26da47bc74f3cad5b5da12da9772
SHA512 96ca58032cdcc6b01cab7c0097ac3cec5f662fdc35173bc29422abebc684a7acc7cbd723651bf282a56a66d27deaf74cd77eed43ed016288ed84e1e61fe0ea35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\fec51264-bf72-49b3-9fe7-908e0d9e26d2\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 cc7d6d7a27518e76b1d21921e8524112
SHA1 645b2da43f9eed5f317a70b7507afd8dba40c48f
SHA256 5cef88167993049bd738fd174b9a88aea7bb63fe4a5fbb382cfed58840102322
SHA512 ffd703a23b57d8cad3f35feb99a20f7ea1f2d635a1c71d922619199bae0d314c9f5e8ea4b5de6130ef063d71c719a4d1947b065e40aa98db2e32393d16b001a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe589ad4.TMP

MD5 3630968cc1b0e95e37a700b73b02c8f6
SHA1 fcde8a54a32eab59ec6a639d7e688ccf7d8674db
SHA256 79877bafe6dae8910796cb2e7448fb4197ab4698667792b2a645f8e81ef9f14b
SHA512 bbf21b2fe1595f3ed018aec546ee6d65e556d184ce165e1f0b3d2d6e1fa0304c4b2b37ab88472dd827e4335288d36a626459f7caeab21829a5bb90b711bb4708

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 affced455307bd24b04e78df3db4d18e
SHA1 71bdd6735c6cf8c3a61c648513187d71b0186908
SHA256 5226ed10033263386f7cf80143b142fd70b5873137bd6de34a0b7263cd918672
SHA512 a834aeac804b61d2b8ea258443988f5cd21a7a7532d3e21532099d2f54f53ddd669fe766ea99f493aee9c26bb2601c3e847e6c9331f89961d7696573d6ce19f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d7aa288a2bbe12a89fb142a4117f4432
SHA1 7c8ae0e14215018144368796f82ec491ba53611c
SHA256 78243be2ebaac569bfe8fdb8577b87f9975091e2abaf783e6645d38361007356
SHA512 d32a84a7c0f35a6f799ab1fde7f653efb0aafcf36331ec99855eef054d61965fc61414015736de9e91cfba379ac1ac59ce91de9282fad5aeb2551f668656fd1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a0abbcb034228eda88a9976e267e2a1c
SHA1 6562400cc45b22852118d02f3690401eb633f9cb
SHA256 3be737cfffb261ec4c8c68146532ec5ebc48465e4848bdd596a8dbd3493101fb
SHA512 183c9715ae70110034b2f94225a78cf09c310d42e1fe7314581e9339b35539d1987c99279b92785025263c59288c1e74d5fd3e8f90a5a04422e5514c3fe1961b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7b48b27547026f2f9d16700b549ef791
SHA1 3e3e4aa4a6e83bfc61f75243a02c0a48815d94f8
SHA256 be1874ba9ba9594c158ee2e26bdd9ac8463774a8d3563e2c5f408a33e61f701d
SHA512 268e228f531e70e3f2e3a68b0ec7c00d443d079d2d2224807db11c4a09b310bc7fe9d23fc213dd188b53911df0dce77dd4892081439ee86b592c493f9dfde8b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 49431f0d30837d81b938a3a20edaddc1
SHA1 7c870e0b52311eec8ce3930495bbe41c6e3944cd
SHA256 6e6cbb659cdfadcf52e5c6cf84f4089049c05342b12b96895804d586c146b35d
SHA512 cbe897d0c9606d0a38c0877f0978bc1efad5486f9483fea297c1cf3620c24570df762c111c29693075613b05bb4a8ba4602349efb57cc79e40b646570bc54e39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58e5c7.TMP

MD5 5842df4d6c1e5206e3836360d450f825
SHA1 e0e47c1120bb4d2841a64d23bcfd96521b316a44
SHA256 83f64812365b9a6138508671e718453f3b4e82edd09fea2159eab4c824744107
SHA512 0f1e0daf0be0e83ea807671a83b44644a93abdd617658771c977bdfaf3748b516c9003eba91e970a7125fff6cc9c547530c21178814008ac05aa556f8c99079a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 94318bb5171ca0c19f98aea6a8f6b25e
SHA1 a2c36bbb7e5730fe3c8a38c5cd777552fb38addf
SHA256 6470c0d9ad3189f0b1caf8a323cf6d02bed2af9900efc16cdeee6781e28fc157
SHA512 dbba94d0301ab57fcadf6994c5ff2ce37a2d25d8c8d5021afbcf616673f8e3fbfe51aca53c3256f4b0e34fb1b52fcbfe76e4f41711b898289ee7f874adaa0cd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\fec51264-bf72-49b3-9fe7-908e0d9e26d2\index-dir\the-real-index

MD5 e8ff06115c38fa35c38f556462a20c0d
SHA1 946260f169287e762e62a08380f7b5c31f064c85
SHA256 879eab025a18d61f14d6f3b175d5ad059e83f04389baf4e5f9f084e3bb2660fa
SHA512 0ad40bec2bbedbf6ac368d31258c20ddf66226305e2a709053b3b70b2c16ca1009a62490337d0eba47084246c32488cd228b87234caa45034e5324a996f7dbba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\fec51264-bf72-49b3-9fe7-908e0d9e26d2\index-dir\the-real-index~RFe58f076.TMP

MD5 4d7fc4f5e268600c66eed8eba9d8fb1b
SHA1 7c221d703e749fbf5e68cd6e4e2caf3f098fdd3b
SHA256 5a54bec71877e48538eb2c79a62aebdb11ea63a27f07e02f9a493b303cef5fc1
SHA512 ffca357079c3ee145d0476633091ad96685d6e6607f6f9751230384e0024a365a67b194be9d73f3ad2f730b55b7a0a250581d7daaa79d3836aa3d30bbd9db851

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2b05c26caef67b9e822271b2a734fbf7
SHA1 b62ea0bb0811abe010b9f6a5b39c0e57f71da967
SHA256 4832b3fc1f1aaafb53fa26e1c5d01ffac9c26a9f1a59c153139b862a9b5fc98a
SHA512 7f6a36e0d55893fe50e1e90fa4bd65ffd71d2acffdcdf038bfe75625c8c360b4a552f590f74f47be7f209e957de74e651b06d8aa4d3eece145f10de0a5837ed5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 188396128fbf94ba133982b38524575d
SHA1 f3b21ba6cf61b6e882dd1d7693047cb8922e9431
SHA256 453a142a343743e3af0123791307f462cb4df8fb3eae1208ef34aa2f813e58b5
SHA512 f1ddc199a83c6a0aeaa83cd50e67ea9d2b624145a128ffc91c83d9b787b8fcc47c5ab504906be9765a91abc043174df8a326c474e0b12325e01309c63d456a4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\49cd763c-52a7-4e66-94a5-b52def34b480\index-dir\the-real-index~RFe591757.TMP

MD5 3a69cc06eb35c0f719e26b8f54ebb187
SHA1 9ff68426bbca9926d3e1a64595874e73eba3f790
SHA256 73e415112314d8d903ff977c01f1c305dc35b5231d1dafa5736bc1f9ed469c54
SHA512 9ea373f3a172d9810a4c1b8ddc087fcc21aefac3376d35ea0737dd31c1ff622c5a5c34049524496c6f63ccf5e4f8a084643cb44e27987d6247a5e4a13c85ac3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\49cd763c-52a7-4e66-94a5-b52def34b480\index-dir\the-real-index

MD5 f3b9f0ada65e18b9bda07b99d2cd9d69
SHA1 3e74fb369c62cddad101e1db22d936a289acca59
SHA256 46320ad1e46ce17ab144100ec9c983d1d9693162d352830c7f0ad1fbce83908b
SHA512 362b4e7eaf19456775fef0c9d307f97fa2abf005417fd9ca981b7719cf0faef20e76af784960e5e16da24f72893f4710e7b554c9fc77fbee338aa452a5ada2f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 aedc74e484d1c1b953ba4d158a166d44
SHA1 39612015d5e62548c3965594877223d7a4ad6df8
SHA256 d67b624ab48124a5cd1e5d05e01cf3ec22db09c51277ff38c44488e3c61f5449
SHA512 f0dcc866d2642f9877aac283e2460fb3d981d1eefedca53b82160f2a6b232dbedfef72c018462eab4a93f8a368e782110571acf56d2d39cecf71d892085b943a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5005afd06ee1d677b35153e7b1d6bad2
SHA1 4af5a963afe3fbe4f97ecab10261fa587dc1b496
SHA256 36ffd498d9eacc7fbe894dc6087da6bf790efb41259481ed1b045790df844c8a
SHA512 114396808afb1dece162fa7a0a45e54339c176febd678931ce67b516f3be1a8b604963ac28e4c3cba7e91483d8d0df7faf32a75972fa2af92e922c62a8bf30b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 da1d1342a9b67ed1a0948d6960d5b285
SHA1 8c00be894a0bf236dad4de0e51c1ca12a6075ae3
SHA256 d7eb9e112fcfffcf308018af45e8a22b53bb471475f09fa75768200955a61f9e
SHA512 89d755e295f04d3ae83717d7a737db305869c9a1c9445845d54114c019ef14c14b9d94d67543b07cd72763aa90f5cea9f5f338eca3983c7ea5e52cbe4e79d7ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\7ce0e0f8-7720-461f-b3c1-e4935bf545b0\index-dir\the-real-index~RFe5969cc.TMP

MD5 bf499e8adbafd23f38a2a1f5d97eb5dd
SHA1 0b720aa7229ed3b508cdab72584c53e69ef328d2
SHA256 8b8e53673708a8d5a3d5c7a7cd694be58f5ef4cb7ded666106c0dddc90e193ab
SHA512 f25627873ad5592929ad477baff4ff16ad9efc2b88a7d705981ee9ba01b9a6775b00704bc0cb0a48f9674be9547ac5eca0265d2b2882a73d9db2d35075b43dd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\7ce0e0f8-7720-461f-b3c1-e4935bf545b0\index-dir\the-real-index

MD5 c084e9c61413baad5ec26c9ddca4564f
SHA1 3ecdffbecd617fd1c67d4cc60f7c56dd5ae110ed
SHA256 f4941fe2ac8bcd9c7fbb5f70cbe0ae5f3fe0acbe2c03ec24f297ad62a092869d
SHA512 50333e2e6b34422b9f6060458f66a590eba8e483b690d9687e075257017c2741c29bb0fc2bf26667eb9e0a3f911b124165804c6cbb3225c1738d4e57bb13e536

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 37032262ef98ae304cc6b8df32ad0d5e
SHA1 cfa34d529bb8e30b15f6078ab9ff602788a7511f
SHA256 b49c320a69c80ef911f8b4ae856ef67a00a0cfac84dc05eeab0783ae34b37d6a
SHA512 0a02c530ebf7db1593e9af0e07cf7e62bd9ee6c2e4ffcc4259e9d8d7f5b8d2b9e5d3f7f1c2c20c2b24893f05f3b40e6e2dc23fd42a1e3a3bbab508977d58c790