Malware Analysis Report

2024-11-13 19:11

Sample ID 231111-ya8d3sca34
Target 94872dd4149a32ad0df4f44d402bd271.exe
SHA256 e9ac578be907dd8620c4f07a14093563ea4fb9b43d0342547ffdc9ff9d7ffe98
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e9ac578be907dd8620c4f07a14093563ea4fb9b43d0342547ffdc9ff9d7ffe98

Threat Level: Known bad

The file 94872dd4149a32ad0df4f44d402bd271.exe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

RedLine

Detect Mystic stealer payload

Mystic

RedLine payload

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Detected potential entity reuse from brand paypal.

Suspicious use of SetThreadContext

AutoIT Executable

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 19:36

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 19:36

Reported

2023-11-11 19:38

Platform

win10v2004-20231020-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\94872dd4149a32ad0df4f44d402bd271.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sZ4XK41.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sd1HE08.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\94872dd4149a32ad0df4f44d402bd271.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5028 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\94872dd4149a32ad0df4f44d402bd271.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sZ4XK41.exe
PID 5028 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\94872dd4149a32ad0df4f44d402bd271.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sZ4XK41.exe
PID 5028 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\94872dd4149a32ad0df4f44d402bd271.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sZ4XK41.exe
PID 1692 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sZ4XK41.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sd1HE08.exe
PID 1692 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sZ4XK41.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sd1HE08.exe
PID 1692 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sZ4XK41.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sd1HE08.exe
PID 2008 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sd1HE08.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe
PID 2008 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sd1HE08.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe
PID 2008 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sd1HE08.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe
PID 4556 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 4092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 4092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 1576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 1576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4156 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4156 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5052 wrote to memory of 3392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5052 wrote to memory of 3392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\94872dd4149a32ad0df4f44d402bd271.exe

"C:\Users\Admin\AppData\Local\Temp\94872dd4149a32ad0df4f44d402bd271.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sZ4XK41.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sZ4XK41.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sd1HE08.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sd1HE08.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x170,0x174,0x178,0x14c,0x17c,0x7ff9e5bc46f8,0x7ff9e5bc4708,0x7ff9e5bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9e5bc46f8,0x7ff9e5bc4708,0x7ff9e5bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9e5bc46f8,0x7ff9e5bc4708,0x7ff9e5bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9e5bc46f8,0x7ff9e5bc4708,0x7ff9e5bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9e5bc46f8,0x7ff9e5bc4708,0x7ff9e5bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9e5bc46f8,0x7ff9e5bc4708,0x7ff9e5bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x144,0x170,0x7ff9e5bc46f8,0x7ff9e5bc4708,0x7ff9e5bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10833796001621992625,13683325855180878020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,13269052953928472595,5286463180307956294,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10833796001621992625,13683325855180878020,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,13269052953928472595,5286463180307956294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3030338154212867336,16797206233953303308,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16519081460892304672,8847517760977717557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3030338154212867336,16797206233953303308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16519081460892304672,8847517760977717557,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9e5bc46f8,0x7ff9e5bc4708,0x7ff9e5bc4718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,8044292184578684429,6844169985034221693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x104,0x170,0x7ff9e5bc46f8,0x7ff9e5bc4708,0x7ff9e5bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9e5bc46f8,0x7ff9e5bc4708,0x7ff9e5bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11Dt1708.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11Dt1708.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12uI813.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12uI813.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 6780 -ip 6780

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13QR385.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13QR385.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9524 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7953799639774650226,8302881765819660886,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4952 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 twitter.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 104.244.42.1:443 twitter.com tcp
US 34.233.198.216:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 151.101.1.21:443 www.paypal.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 1.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 216.198.233.34.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 2.18.121.139:443 store.akamai.steamstatic.com tcp
US 2.18.121.139:443 store.akamai.steamstatic.com tcp
US 2.18.121.139:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
RU 5.42.92.51:19057 tcp
NL 23.72.252.163:80 apps.identrust.com tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 8.8.8.8:53 139.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.214:443 i.ytimg.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 t.co udp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 172.67.209.38:80 killredls.pw tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 104.244.42.133:443 t.co tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 214.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 135.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 play.google.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 2.18.121.139:443 store.akamai.steamstatic.com tcp
US 2.18.121.139:443 store.akamai.steamstatic.com tcp
US 2.18.121.139:443 store.akamai.steamstatic.com tcp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 2.18.121.135:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 fbsbx.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 104.244.42.194:443 api.twitter.com tcp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 login.steampowered.com udp
JP 23.207.106.113:443 login.steampowered.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 151.101.1.35:443 t.paypal.com tcp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 192.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
NL 142.250.179.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 rr3---sn-5hne6nsr.googlevideo.com udp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
US 8.8.8.8:53 api2.hcaptcha.com udp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
US 8.8.8.8:53 72.132.217.172.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 63.141.182.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sZ4XK41.exe

MD5 37396f64e17b02fb2bdd4ec247ee5909
SHA1 8f49fdd29ff10309b423f666cfa656ef6d1db73f
SHA256 af3ef37335f7cf9847d6ed502d32a47262f383bc37d8d16d9e397177546c196a
SHA512 c5734da305d98096a2319c125ad6693115b3a3a49ce9adbe0aded0be8f3d18330000df59e6a7c6ced3226df62ceb1c6f01721325bc83c8bae3503ab3714f1c3b

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\sZ4XK41.exe

MD5 37396f64e17b02fb2bdd4ec247ee5909
SHA1 8f49fdd29ff10309b423f666cfa656ef6d1db73f
SHA256 af3ef37335f7cf9847d6ed502d32a47262f383bc37d8d16d9e397177546c196a
SHA512 c5734da305d98096a2319c125ad6693115b3a3a49ce9adbe0aded0be8f3d18330000df59e6a7c6ced3226df62ceb1c6f01721325bc83c8bae3503ab3714f1c3b

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sd1HE08.exe

MD5 5ac4bd52a3165338e2c86faa4e3a8784
SHA1 b07f4aae229ff2fd59e276d8a4d3a9c9d5523c82
SHA256 4883e2b389c1856480d3c3dc79d5ff48228aaa039254210611c2d095c370d626
SHA512 f1e00500fde1677139bc5776035400a2aea5439fbda344e4e9f45341e13afa2948ee88b172e7a856b35fc9000fe82019a00d0d7d574fa5176bc9cd1ddad01602

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sd1HE08.exe

MD5 5ac4bd52a3165338e2c86faa4e3a8784
SHA1 b07f4aae229ff2fd59e276d8a4d3a9c9d5523c82
SHA256 4883e2b389c1856480d3c3dc79d5ff48228aaa039254210611c2d095c370d626
SHA512 f1e00500fde1677139bc5776035400a2aea5439fbda344e4e9f45341e13afa2948ee88b172e7a856b35fc9000fe82019a00d0d7d574fa5176bc9cd1ddad01602

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe

MD5 c8e54473507c863b09b974c9bc2bc851
SHA1 7d74b3acc8aa999e03c858b22cf74717fa472f85
SHA256 2885020f205dc08a6296739e2280ba3e2cd3a7f80ad0ecbd685726416723c15d
SHA512 c18368477a4fffc2e66d69c94ac13ea62ed63568c14b6f60619bb9b28543be69b7932c1a4d9ea4ec0be3ff75845cd0ee883b90ed386a613a86b943d4d2f4fef5

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10mK72Gp.exe

MD5 c8e54473507c863b09b974c9bc2bc851
SHA1 7d74b3acc8aa999e03c858b22cf74717fa472f85
SHA256 2885020f205dc08a6296739e2280ba3e2cd3a7f80ad0ecbd685726416723c15d
SHA512 c18368477a4fffc2e66d69c94ac13ea62ed63568c14b6f60619bb9b28543be69b7932c1a4d9ea4ec0be3ff75845cd0ee883b90ed386a613a86b943d4d2f4fef5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 777424efaa0b7dc4020fed63a05319cf
SHA1 f4ff37d51b7dd7a46606762c1531644b8fbc99c7
SHA256 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5
SHA512 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_4056_SBZHBTKIVEYLRHCZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_4116_ZQNLRMQBSTYGMNQQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

\??\pipe\LOCAL\crashpad_2840_LAHRPLJJQUOOEBNF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4408_GOKEXLPNRDXBYUMH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4156_GSGRGOHSYQUORMGE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4caacd59459fe5ac8673790e441e9641
SHA1 4229efe77eea15834d6fc9fc1c081a3abd8f20a7
SHA256 58b178a8c66e9eebf2739ab8146a57377b760f604c9efdf514ab6021ed5342ed
SHA512 aecb167f804490bc71cffe976b422d4f981dd31d4f85d3275d477a68ba3e5affb20c17886f70b8a74e3bd9485a60c1a980850a4ebda6de3c5238bed0870f7232

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4caacd59459fe5ac8673790e441e9641
SHA1 4229efe77eea15834d6fc9fc1c081a3abd8f20a7
SHA256 58b178a8c66e9eebf2739ab8146a57377b760f604c9efdf514ab6021ed5342ed
SHA512 aecb167f804490bc71cffe976b422d4f981dd31d4f85d3275d477a68ba3e5affb20c17886f70b8a74e3bd9485a60c1a980850a4ebda6de3c5238bed0870f7232

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 84f7e3439ba73b8def77303392d84719
SHA1 82f3c25bdcb9374d7e85c08b862bc9cdb23961b4
SHA256 d5e37cbfed238f763703d69e0eefc35dfecfee8c7690eb42733affebe481b480
SHA512 7ae9bfb72c8e4af502021ad2d78834c0da44f986d140c323b8e2752defe7065017b212f480c57ec1616ae584aa2339640f4024d7cba7c75671f967e448bb5e6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6694862ec88eae61c3c63879fdb56e91
SHA1 a09040cfa6e7357fa9d94400df3a48791134fc76
SHA256 1fd821c2e0312a550954421c3058d63d75316e928d222ec628ec48b17c40fa19
SHA512 4f6f6680f2b5d3f398d8f775244b47f05fddd418a8a3722baaafac912cff4221901b5fb6adf597f0b79db2495eb66aac6c6241c63ad64ce5fa6563be4d5c2d7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 84f7e3439ba73b8def77303392d84719
SHA1 82f3c25bdcb9374d7e85c08b862bc9cdb23961b4
SHA256 d5e37cbfed238f763703d69e0eefc35dfecfee8c7690eb42733affebe481b480
SHA512 7ae9bfb72c8e4af502021ad2d78834c0da44f986d140c323b8e2752defe7065017b212f480c57ec1616ae584aa2339640f4024d7cba7c75671f967e448bb5e6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c38e118da8eb90bc824b38b5b6a8322b
SHA1 f139c4c53414c7bd1d9dde266fe29529b7d543d0
SHA256 5655487a0db19bef7c266c75e744b23c2b626defb4557a0856fc4af80367bfae
SHA512 555635dfaa133129f9a766cfa0f20a806c0d86a999abe7bd382809df22428b8c453b6fad54bf822f5823a9b9108bfdbc64ac74214053f86b3902182cc0671122

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c38e118da8eb90bc824b38b5b6a8322b
SHA1 f139c4c53414c7bd1d9dde266fe29529b7d543d0
SHA256 5655487a0db19bef7c266c75e744b23c2b626defb4557a0856fc4af80367bfae
SHA512 555635dfaa133129f9a766cfa0f20a806c0d86a999abe7bd382809df22428b8c453b6fad54bf822f5823a9b9108bfdbc64ac74214053f86b3902182cc0671122

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 75f576ad8a58911fef350f7aaf331a3c
SHA1 8afca75f2bd1299b0b886af7f850dffa98d5f71f
SHA256 30a6ce8f88cad8d862e9611bec19bc6207bf628dc420932a7dee084968101db3
SHA512 5dc9c9197a5e934ddc96a25c657d3a6d0b2eb9684d38a818be4258a2d4624a7d5caeabfd1ae3480d1a72d58ffc107fb71d5e659ee247703ad1edb734559b385f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6694862ec88eae61c3c63879fdb56e91
SHA1 a09040cfa6e7357fa9d94400df3a48791134fc76
SHA256 1fd821c2e0312a550954421c3058d63d75316e928d222ec628ec48b17c40fa19
SHA512 4f6f6680f2b5d3f398d8f775244b47f05fddd418a8a3722baaafac912cff4221901b5fb6adf597f0b79db2495eb66aac6c6241c63ad64ce5fa6563be4d5c2d7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 75f576ad8a58911fef350f7aaf331a3c
SHA1 8afca75f2bd1299b0b886af7f850dffa98d5f71f
SHA256 30a6ce8f88cad8d862e9611bec19bc6207bf628dc420932a7dee084968101db3
SHA512 5dc9c9197a5e934ddc96a25c657d3a6d0b2eb9684d38a818be4258a2d4624a7d5caeabfd1ae3480d1a72d58ffc107fb71d5e659ee247703ad1edb734559b385f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4caacd59459fe5ac8673790e441e9641
SHA1 4229efe77eea15834d6fc9fc1c081a3abd8f20a7
SHA256 58b178a8c66e9eebf2739ab8146a57377b760f604c9efdf514ab6021ed5342ed
SHA512 aecb167f804490bc71cffe976b422d4f981dd31d4f85d3275d477a68ba3e5affb20c17886f70b8a74e3bd9485a60c1a980850a4ebda6de3c5238bed0870f7232

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 84f7e3439ba73b8def77303392d84719
SHA1 82f3c25bdcb9374d7e85c08b862bc9cdb23961b4
SHA256 d5e37cbfed238f763703d69e0eefc35dfecfee8c7690eb42733affebe481b480
SHA512 7ae9bfb72c8e4af502021ad2d78834c0da44f986d140c323b8e2752defe7065017b212f480c57ec1616ae584aa2339640f4024d7cba7c75671f967e448bb5e6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6694862ec88eae61c3c63879fdb56e91
SHA1 a09040cfa6e7357fa9d94400df3a48791134fc76
SHA256 1fd821c2e0312a550954421c3058d63d75316e928d222ec628ec48b17c40fa19
SHA512 4f6f6680f2b5d3f398d8f775244b47f05fddd418a8a3722baaafac912cff4221901b5fb6adf597f0b79db2495eb66aac6c6241c63ad64ce5fa6563be4d5c2d7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 483924abaaa7ce1345acd8547cfe77f4
SHA1 4190d880b95d9506385087d6c2f5434f0e9f63e8
SHA256 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684
SHA512 e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11Dt1708.exe

MD5 21679d6b73d31e2578ef11a3dafd98c6
SHA1 cfc5d1e54dfd0136424741f799d809bdd2e064fe
SHA256 327446a3ba70b0594547bd7cb114b1e26905cb814c3dfc66bd7ddd7898d5ee87
SHA512 34b8c35d7276fd0397df69a2f74877628f0148d7ae487dfadc45f774331ab570691ff9622808db77b2e6c219315395d6a51ba63769a88a0329a4569e4ee61bdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 de6c86f6d71f3bf807ef7e779233904f
SHA1 76b9e27a8b2b79b46a38b4c1b047b1603f349f36
SHA256 d2420fc2a0e73e3a4a719ea7a2fc77112ffbe3948d03ec2e71ca44a7e75dab95
SHA512 07d82b981e7a36139c7096ffe36349a757159052b7f5653c04ca8a4a8ed8b05fd2b529598fe9c2cffef99a05ec8ec51bd35009f8f4a40fc109bfff109b906121

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11Dt1708.exe

MD5 21679d6b73d31e2578ef11a3dafd98c6
SHA1 cfc5d1e54dfd0136424741f799d809bdd2e064fe
SHA256 327446a3ba70b0594547bd7cb114b1e26905cb814c3dfc66bd7ddd7898d5ee87
SHA512 34b8c35d7276fd0397df69a2f74877628f0148d7ae487dfadc45f774331ab570691ff9622808db77b2e6c219315395d6a51ba63769a88a0329a4569e4ee61bdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c38e118da8eb90bc824b38b5b6a8322b
SHA1 f139c4c53414c7bd1d9dde266fe29529b7d543d0
SHA256 5655487a0db19bef7c266c75e744b23c2b626defb4557a0856fc4af80367bfae
SHA512 555635dfaa133129f9a766cfa0f20a806c0d86a999abe7bd382809df22428b8c453b6fad54bf822f5823a9b9108bfdbc64ac74214053f86b3902182cc0671122

memory/6780-204-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6780-207-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6780-208-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6780-210-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12uI813.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12uI813.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

memory/7244-223-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7244-236-0x0000000073BC0000-0x0000000074370000-memory.dmp

memory/7244-239-0x0000000008250000-0x00000000087F4000-memory.dmp

memory/7244-240-0x0000000007D40000-0x0000000007DD2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13QR385.exe

MD5 7dd2bb03b7743cb26daa34ba4121c962
SHA1 498d95edd80e9ca2b9b7aa41198557a42c6e9b7b
SHA256 def2bf059892d984bf6619108e50b4187c04655bc66e1e4b0ec79c083254ddb6
SHA512 86afc1c68752fb2a9de82caf4c6a150835a4a6298db98d9130338dfe589edc96043906cd01317c039c29dc77c316438c8328d02c2d4ecb5d311c60abf06681c3

memory/7244-243-0x0000000007E60000-0x0000000007E70000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13QR385.exe

MD5 7dd2bb03b7743cb26daa34ba4121c962
SHA1 498d95edd80e9ca2b9b7aa41198557a42c6e9b7b
SHA256 def2bf059892d984bf6619108e50b4187c04655bc66e1e4b0ec79c083254ddb6
SHA512 86afc1c68752fb2a9de82caf4c6a150835a4a6298db98d9130338dfe589edc96043906cd01317c039c29dc77c316438c8328d02c2d4ecb5d311c60abf06681c3

memory/7244-245-0x0000000007E00000-0x0000000007E0A000-memory.dmp

memory/7244-246-0x0000000008E20000-0x0000000009438000-memory.dmp

memory/7244-247-0x00000000080B0000-0x00000000081BA000-memory.dmp

memory/7244-248-0x0000000007FE0000-0x0000000007FF2000-memory.dmp

memory/7476-249-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7476-251-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7244-250-0x0000000008040000-0x000000000807C000-memory.dmp

memory/7476-252-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7476-254-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7244-255-0x00000000081C0000-0x000000000820C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 faea898997fb750f4238015624e6705a
SHA1 7e09220dd2c5338519b662c39cf67a9dd035bdc5
SHA256 686528616d5a8a35565eb524186b5ec4f7372d4cc61a132bfdabf5e7a955062e
SHA512 8d749384a36cabe52ef00b7ed2d395a95fbab54271165d559fe59009ea0027a541e86f65831135581527f57f5af4d20f61f28df7adf6a3b4acdb455bf8ce5d4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 75f576ad8a58911fef350f7aaf331a3c
SHA1 8afca75f2bd1299b0b886af7f850dffa98d5f71f
SHA256 30a6ce8f88cad8d862e9611bec19bc6207bf628dc420932a7dee084968101db3
SHA512 5dc9c9197a5e934ddc96a25c657d3a6d0b2eb9684d38a818be4258a2d4624a7d5caeabfd1ae3480d1a72d58ffc107fb71d5e659ee247703ad1edb734559b385f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cf2453566204a48750042beffcf3148f
SHA1 635e891dc084c18615635116e087c6aecc6bf603
SHA256 8be3c0459e94bc5ef7ed4c537483e44c5f8bf170a04b848bf4837bed604365be
SHA512 b434d03363de661fa2b6f5909882416f850b58498c9b067803c5f1a81c90ea0b9ab897b494ce0f5f79da93eaabb7aaee46baba977642795aff69ab822e1d4012

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1c706d53e85fb5321a8396d197051531
SHA1 0d92aa8524fb1d47e7ee5d614e58a398c06141a4
SHA256 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932
SHA512 d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/7244-465-0x0000000073BC0000-0x0000000074370000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4a97563445ad63ac7f49b8ccc48508f6
SHA1 e8b0ad30496c0487f21636f977d22efddbb112d7
SHA256 c1e3a0dae81d084e89a68110f22d1c1cced15a26463055e7d047a771d5971e30
SHA512 d791d11053f2f686977fe663827eaecfde93d5c6eeb1f1c523678c2256888d6bb9d25e9e1054d9af6d88df628234cc15bc8b6da8d74146bc7befbb35f5945831

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582844.TMP

MD5 1995dbaf88dc7d6e7dc771007f5b16f1
SHA1 055d55a2b20660ea1078d2fb814c7e2ab0dbfc75
SHA256 35601ed3cc3984d18989ced3c5f5a86c1eab2dbc65771a1baa4a673b3c995348
SHA512 a41c5e87f26ef481d6185e7f61748488e2744b9c34bd97961808f73ec43436efbe46f12a53915a701a3ca451614d87e124e3eb68cdcf69dd5bf858d73619db02

memory/7244-511-0x0000000007E60000-0x0000000007E70000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 d31e54077d18f762c7820d9b20c48ae7
SHA1 3f148a664706f44accd5a8b50eea07c9894c1e5e
SHA256 2170f580b4d326af036fdb830d4fee9d1c2efc905792f979a74572d2d9bf63b8
SHA512 4408271a69b0a0b0cdf0a6982ebad9d86fc6ec118a43ac6d17683b49a20bd728e826af99f95d7fc10877457d4d06d69b6def0d23070829154b8a1f67c4d6a001

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe583498.TMP

MD5 8e870f6db6172278aa96e9fba56048bb
SHA1 fe1c868321f233c238934bec236017f5a77dd195
SHA256 45b2f7c8d71d356cde47f27a43a15af838b43b402c6a71a39d7f887a0a1d3578
SHA512 215fafc71b1c11b123f8fafcdec8840813127b1f743aba17098776aaa3059c4be8783f716b8aeea0e41db35534bdb911afb890946c8106ad1b30821a1c55897c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3d06be315daa9cdcf4fb13ff8bc2b734
SHA1 690889f7ba54a07fed86c400092ae9c9eb932c57
SHA256 bda95cfbf9b523552864a481234901cfdc195330637e73ac94dc4a23fda8260a
SHA512 474242e0f1172b0de44475fe6d65d99d93ffd6950cb89c1387efe273f732cdfbe3e1a60ac47fa8119657c1ded707e2dc25435039db8931cd333149517bbb0bf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6083e5cf91be0087e57eff50b79f2410
SHA1 83edecad56b176ad13daf28be3ba8c94127e85aa
SHA256 613f93428d9252b8c70c3073fd03e34e5a3e884464f3d00c6669d7ac00462991
SHA512 8fa1017ba91a7f4a31ea376decb0eb89aeba1aafbb243e07b661e77f6799a87459c6ad041727ddfbd80e94fc87f99e92586a9e55111865613ebef9ef1b2fc72f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5463f1a561c8d3653f9ca2a6963f53f6
SHA1 d3974bf0245a3af08d05ddaf2be3faf7a5e828be
SHA256 f6bb9bf46241c81aa76fbd7bf3aaffd126dd1ee720dddc0218596044ecc1b95a
SHA512 ed1496d70c9dda6c2cd195b515b819a8b538a6d26615574fdc4e4b8f907d08bd4303647d6331b85fa766cabbf957da4de02c976e4247504584f9165cd9c62284

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c03d21965e57d26d9dc4b5edc28c36de
SHA1 47620a9bcf4445741f0b3a3afeaf5fab67b6194f
SHA256 331532d97ace39f39b348bce8a3d48dc480684a9630e41edfb9a10898babf06f
SHA512 fb6bcc17e7d59842259e0a419b2003f5ea23eeb9f997add724136530ddd3363b3a8e5de37863bd1862ea4ab47f8f8ceddd26123c77fbd26f689f938d5d3ff40c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8a035ef3-e944-45ff-8251-16d069062b5c\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d8fb7887d9ac1b932df2ecb4838a0759
SHA1 d28fb687ac78fae32691cc21f3d27a2811742ccd
SHA256 cb8d61555e467d39832cc81408210631f084bec33a9aade2db05ec5926c4c5e1
SHA512 5ec00942499950cd27213bf6892a026b0207ba1976117620048a979b1405318cb417f6ed646559212b542a530086174631bc33e32349651cdc36c51d19e032da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 abcc3c7cf4ac4b9c8289577c2e61eb98
SHA1 af86f3fce195463544d62004e7e8b774bd7c864d
SHA256 1e4dc1b4629bf63e246dc24ef390f2d78ff132ab0186d7dc9ba71826cff62492
SHA512 7b15105af4e25519280ed1d81cadfc34cfc24b23193e1bc621a018ee81853984786822aa07f252e646f0385b047fdff1f609a0f97771b97b352c5f4a37052326

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5882b8.TMP

MD5 97ba8b40e2c17bf5dd4d4796de8282fd
SHA1 92594400ab582bd66f3f992081193a2827ed2db7
SHA256 199bb397ce2d3bd3104cb44c0f37aef75689f1082fbab0837a6bea15c1b19249
SHA512 2e0abe072bdad2b4657c2ef00459fb324d126bba5dbb0f9ecc387d05419dcf712135e12b6b89d807f7627bcc9813311da1003b16359f64db59ccae121e14df54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 dfd81e468106093f205393524c9e8b51
SHA1 159664fc8a64a641fb96a14c2236d9ed422154f7
SHA256 a0be58f9f86bb2de0c965502c7b71b75b0aa00d99e19d2bd2695f2fec2c78113
SHA512 8ff3683f3f0df489006d314aae6cd46d652feac947b62b8e36f9b7a522e9b5e066bec3bc6c2f5c7c159ef03a44ec119f57df0cd4c2f870df4191a0a6d4855a8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7bc3383feb4166963673ac04a32321ec
SHA1 1b898358e3365d35f5ff7cd02deea9b7e6be625c
SHA256 cee7d4ba528f418d99ccefadb5903581465e16d8f5c64537756b63aaefab1cf6
SHA512 de5a2efcf4f3b84c7659723438d318eb361efe66f4fe0e7dc09c8f3a467f391362f6a90680a412385c5e6901729f90bf921da86aa3f0b95433fa40b748d3b1f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\2aaf2af6-83e9-4bf7-8ba1-321e195216a5\index-dir\the-real-index

MD5 0c1fb6da7ed8103d016b14ff25320b3e
SHA1 8ffc8f89d1a93cddfb0a952c5b987bd1413a66f4
SHA256 ebaf6d1f1250c36523a6735c67256c3c7a7ff7b49633a6e4922bac41f649961d
SHA512 079c4691bde6a97ace862d25b76db6a65d47d38abe1b519e431fd65c34a69f046d05d24fcb7292944a09569bf9eccf354f03a88c7eb808d497affeac322b3f04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\2aaf2af6-83e9-4bf7-8ba1-321e195216a5\index-dir\the-real-index~RFe588a0b.TMP

MD5 3e02b35ed6d711e7a252d3d476d25ade
SHA1 a261a99ec05041179c6ad72356499594723e0dc9
SHA256 502005ebdaa38dddfa4b5cda7461001bbf477a4886592af5cc4057260034375e
SHA512 7419d30bab0dedc5549cd28e5d1ef7c1bb8efd0a57209ac4035698afa95fb1fb98008f1e86bfb22d93e60e6894a57bc42ad2434166dc5b7d1ba8e421e41727a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 44e79be1cf5847c84d568649d54bd077
SHA1 e15c6c2f32546f0dc39b2e0349561b79eb7a3539
SHA256 e45c79617786a0eee51c6dbf42dcf0503d680ff1d88136b6cdb3a87701fde0a7
SHA512 f235ce7d8c44f78c0694dae8928b10398b8cf2f24f6f7adb4ecad0a20e1c4db97bb384655e153cded02ff6012bf7a4e7ac34e520fcaf2ac1615e7b07f382d003

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8b018d4fc8c8c1518460599758b4bde6
SHA1 044c9376d3c9dff768b9e19e04daa7d0c083f6ac
SHA256 7c075cbbce347764acfe76db9749ec82c00f70a782c4203fea02969265ea93b2
SHA512 941248797c51198ce1a161c268382214ebd8c905aec4954c16e5a45ebe20b443fa252786352438df69e4788fd9b59cb81e2a7a1c0dd8c79a1ab54f5d29c2eff0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 eac4d13f2990358619f1edcae2bb427f
SHA1 c873a67f446db6d217b5ec16492a7aa878def0ba
SHA256 33d0fdca0d4b71fd40858092f45d4036749323b0253522fc41d51043ca1bdedc
SHA512 2b36eca5022556aef276368c104665ce1c88c4c5dbde6cfbb0f88a1cc9886e4b1e108d5d2f39f57e47a5eca413d4087b94e0e4408c9bf51faca8bfae96a02930

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d8f97f9b2e667207201c2d6bef2d9e12
SHA1 536fb783251e90bd364b3e7462909ec2d20310dd
SHA256 afdf5b97c05d5fa3d80c2f906fb7ad8dcd08807f97003234c9319d461897d005
SHA512 0f1e14531fb83f10a63f05806e1466fdd426cc7b8b5fd9100185ec827738e26a0a805bb6c5c62fc42600fbe6064e78e631ccd79c85453b0712f0868cda28fd8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9f0d5bdcbd542f9aa4f8086c71b60154
SHA1 e02ed36398722db0f97a9dfaf01cc3e830fd24bf
SHA256 81fc03df9cd58e2c408612a0eae59c56ba590895ae444985e7b19287b27b3a05
SHA512 3e15a9388c30d60b530afdc0142cbe55beece635a0144f340f7f52655322d732867074410e429bf5ac591c5e43d7c760672b932d103f903c2338f3d68e2fd419

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9000741df694d7c8462973560a3e949f
SHA1 42021a4ca59ca528bfdad7079f227a5b974d79fa
SHA256 f408bfefbaade18ed50342537a97ba75b5a2d8a8bcc2acc184dd8808bc95a1b5
SHA512 9714b68c58da0fde10c206d196fff7e18d03d431ccdc1e88d184ba5bfb0b71794d14b22de86c9bed3c9a97438b3735d52fea6efea1bdc0fb799a035a0e763b34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6700108a3757f86e6acd76c2dbc387ce
SHA1 e6af5ea28e703f4d245919deda381d313b2c51a8
SHA256 8eb5fbc016a82add678b70d6991434ce7c39d53c01173b96defa068d09a85a4e
SHA512 8128130ea7a4b4e0a56b20ffb83385e647572416da7e2d7f1f6a34bdc20c9a3b6833c32ef42134ba1cb0d247f462926572a043833a949d7226bcae06f932bb23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\29187035-e250-4e18-b7cf-77b20db08329\index-dir\the-real-index~RFe58fc5c.TMP

MD5 48ccdde1b22f292a87719fefe765e571
SHA1 952c69c9958bf8ca2f760f7d26fbe5419ab68275
SHA256 c6bfb800ce7edf738419deb6517501bc25d69a28fd73a300361593aa203b7aaf
SHA512 12dd5ff55d43bf6770b795a75676ebf656d2f5bf73a41a613386384f66847e9b6fb4285c0bafa942b754b0f4cc6a256e1b7121f515413d82850757dc267cb24d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\29187035-e250-4e18-b7cf-77b20db08329\index-dir\the-real-index

MD5 5727c38e6a51d4afe42932298128f477
SHA1 7fbf7fc4ba790ff50bd36796aa727340d2ceb02b
SHA256 135a63ff045c2f575419046c69066c7f40a8bdea6c78dd7bf22e08f6fde575d9
SHA512 582320c361bdda5f07cd6bf0cc6eeadf2095d3a17ae59412f106ffb4547e1d3b9e73be462a8040565fed9c75cdb53ae614391c77247dab306488f215c2d786bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 200e4e62e693175402286c001d3ae1b4
SHA1 04fa74f8e04c8705cb7fd3cbf436511de83b2fb6
SHA256 c5a9184bb04be91f24e1d6c461bfdf9d244eefe21aef6c21144eba60c653416a
SHA512 10c710ce141f8313e61f8491a86f792e921dd31c2c5416b790b91bce96727fcd661e593f8e14d2d11d7a51640599ad63fc9f3dd9501180d46641b9e44b241a7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b8fae3c9-c29b-423e-8440-0defdd16acd8\index-dir\the-real-index~RFe5902c5.TMP

MD5 bf5bd4c7ee649be88462f1db29144991
SHA1 1d7d5d8b508622ec24a7e9a56075aecebc236b85
SHA256 b9d27f76e5fa6544a202abb9c1c74c157194a78288363630e4398e0e168c1b9e
SHA512 f001dde936a86077cb0592292711a77401ac3a7d1f86cdee398b98ba3f609d5088e8add5e8f68458184d2c7e1b0d6f7c70504d4c840b1a80498bfd18f5323f58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b8fae3c9-c29b-423e-8440-0defdd16acd8\index-dir\the-real-index

MD5 75e3eea0df6fe6326b142b7af2c65d5c
SHA1 3fb95857a0012ebc9a24067d118f1e2f77ee3c0c
SHA256 e922e066d32128947fd8d4771876062eff63c70e15b686687eb70f4cf3fc7bac
SHA512 d234015c858f63d4bd611fe2a67859691c2ee2130d69b7606d002d82ceef0660ba4ddf43e26865b982e53fc6c8e6e9e944de41d4d734da0b2bbd65c4aef43873

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 341248505484ef55381144dc9508f04f
SHA1 e6ac77a9e0f3867e3ad0f7b2957db5e774815db3
SHA256 45723bcd228433ad4609e2449202b327bd16850befa5907d734cfaf4af139801
SHA512 d9fbf8d16313ec1e3d57ccded6e33a76ec3087d23b0734e389386d68cf76a526ad17e0ebd0e5dc0a98d16474f34c36855ec1f7280a7811d46b999b2cb80a341c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8c6c4b6facf0de71acfff6ff90c43699
SHA1 801fc6fee303913bfea82f78fb0266db0167ae07
SHA256 7043b150fe894f90b4cfeb23cccab7ca9758edb8be85e01d96d29602f5c2744e
SHA512 651998f213ffd6b72385d02c0506d0ce74f8a0acfc3b00a42fce8b4f17a46440ae4e649e70a99ef841687efd3552c661e2608960c1e41777b9e197e15348e500