Malware Analysis Report

2024-11-13 19:10

Sample ID 231111-zbw8wacb67
Target 9778a0701e781d740705fb88ea0f715dd514c82b668169a5c528c003ecc409cc
SHA256 9778a0701e781d740705fb88ea0f715dd514c82b668169a5c528c003ecc409cc
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9778a0701e781d740705fb88ea0f715dd514c82b668169a5c528c003ecc409cc

Threat Level: Known bad

The file 9778a0701e781d740705fb88ea0f715dd514c82b668169a5c528c003ecc409cc was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

Detect Mystic stealer payload

RedLine

Mystic

RedLine payload

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 20:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 20:33

Reported

2023-11-11 20:35

Platform

win10v2004-20231023-en

Max time kernel

149s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9778a0701e781d740705fb88ea0f715dd514c82b668169a5c528c003ecc409cc.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\9778a0701e781d740705fb88ea0f715dd514c82b668169a5c528c003ecc409cc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\go4pt24.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jh3wX50.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1396 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\9778a0701e781d740705fb88ea0f715dd514c82b668169a5c528c003ecc409cc.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\go4pt24.exe
PID 1396 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\9778a0701e781d740705fb88ea0f715dd514c82b668169a5c528c003ecc409cc.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\go4pt24.exe
PID 1396 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\9778a0701e781d740705fb88ea0f715dd514c82b668169a5c528c003ecc409cc.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\go4pt24.exe
PID 3364 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\go4pt24.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jh3wX50.exe
PID 3364 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\go4pt24.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jh3wX50.exe
PID 3364 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\go4pt24.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jh3wX50.exe
PID 2864 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jh3wX50.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe
PID 2864 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jh3wX50.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe
PID 2864 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jh3wX50.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe
PID 3008 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 3516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 3516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 3420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 3420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3784 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3784 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1600 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1600 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 2560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 2560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3996 wrote to memory of 4144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3996 wrote to memory of 4144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3068 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3068 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1592 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9778a0701e781d740705fb88ea0f715dd514c82b668169a5c528c003ecc409cc.exe

"C:\Users\Admin\AppData\Local\Temp\9778a0701e781d740705fb88ea0f715dd514c82b668169a5c528c003ecc409cc.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\go4pt24.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\go4pt24.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jh3wX50.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jh3wX50.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffba54c46f8,0x7ffba54c4708,0x7ffba54c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffba54c46f8,0x7ffba54c4708,0x7ffba54c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x17c,0x180,0x184,0x158,0x188,0x7ffba54c46f8,0x7ffba54c4708,0x7ffba54c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffba54c46f8,0x7ffba54c4708,0x7ffba54c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffba54c46f8,0x7ffba54c4708,0x7ffba54c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffba54c46f8,0x7ffba54c4708,0x7ffba54c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffba54c46f8,0x7ffba54c4708,0x7ffba54c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffba54c46f8,0x7ffba54c4708,0x7ffba54c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,18144363947614139177,47046888824685535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,18144363947614139177,47046888824685535,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ffba54c46f8,0x7ffba54c4708,0x7ffba54c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,6235091045955732863,10049693524340620697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,6235091045955732863,10049693524340620697,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1488,9215532224350715855,15798557649821468394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1488,9215532224350715855,15798557649821468394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,16586813241164828177,5167385703836172218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,16586813241164828177,5167385703836172218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,5204451974678667772,18182623451150807028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x140,0x16c,0x7ffba54c46f8,0x7ffba54c4708,0x7ffba54c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,1541106598194217691,1508556729313636254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Td1EW6.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Td1EW6.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5MW64vc.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5MW64vc.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5564 -ip 5564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Mp841.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Mp841.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,383951618754434326,4149278677031502050,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7336 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 151.101.1.21:443 www.paypal.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 104.244.42.65:443 twitter.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 3.94.39.90:443 www.epicgames.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 90.39.94.3.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.208.118:443 i.ytimg.com tcp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 118.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 104.244.42.69:443 t.co tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 104.21.53.57:80 killredls.pw tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
NL 23.72.252.163:80 apps.identrust.com tcp
NL 23.72.252.163:80 apps.identrust.com tcp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 fbsbx.com udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 c.paypal.com udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
US 104.21.53.57:80 killredls.pw tcp
US 192.55.233.1:443 tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
NL 23.72.252.171:443 apps.identrust.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
NL 23.72.252.171:443 apps.identrust.com tcp
NL 23.72.252.171:443 apps.identrust.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
JP 23.207.106.113:443 login.steampowered.com tcp
JP 23.207.106.113:443 login.steampowered.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 192.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.208.98:443 googleads.g.doubleclick.net tcp
GB 216.58.208.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 98.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-hgn7yn7z.googlevideo.com udp
FR 74.125.11.233:443 rr4---sn-hgn7yn7z.googlevideo.com tcp
FR 74.125.11.233:443 rr4---sn-hgn7yn7z.googlevideo.com tcp
US 8.8.8.8:53 api.hcaptcha.com udp
FR 74.125.11.233:443 rr4---sn-hgn7yn7z.googlevideo.com tcp
FR 74.125.11.233:443 rr4---sn-hgn7yn7z.googlevideo.com tcp
FR 74.125.11.233:443 rr4---sn-hgn7yn7z.googlevideo.com tcp
FR 74.125.11.233:443 rr4---sn-hgn7yn7z.googlevideo.com tcp
US 8.8.8.8:53 233.11.125.74.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 126.23.238.8.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\go4pt24.exe

MD5 cdffd489744085d274dadb4d6b409596
SHA1 e0fdec58945fe1e8f058541a8b5d9e38a5da42c4
SHA256 9e4d940a325e9b72d46353fc864673d69a691a5708c222a2124623dbb1d29056
SHA512 61e648ec1e8efe66ca7abc10ee9f599a10a0bb83a34f9365040ce0b573418c76ae598043a818fe771b837d308659fdf2a15093a59db7e386f33fa4cad2d63f54

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\go4pt24.exe

MD5 cdffd489744085d274dadb4d6b409596
SHA1 e0fdec58945fe1e8f058541a8b5d9e38a5da42c4
SHA256 9e4d940a325e9b72d46353fc864673d69a691a5708c222a2124623dbb1d29056
SHA512 61e648ec1e8efe66ca7abc10ee9f599a10a0bb83a34f9365040ce0b573418c76ae598043a818fe771b837d308659fdf2a15093a59db7e386f33fa4cad2d63f54

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jh3wX50.exe

MD5 e6678ffb5e2576ffbb5adb2b0a615715
SHA1 09a9ea7fe7172efc9965dd9f1baa1c8d5965d390
SHA256 f743d4a02501efbe81a994f9a0e33ce3fa1d7ceffa8f440fe908e6423b1373d8
SHA512 cf2718fba41b7d33cf73c7be2181e7e770a5f0d4cbe020a36e3b20eba9cc014cb872e9664559847e45d76a9e813eca911fc08037fa239e2c627f3d8e2145c369

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jh3wX50.exe

MD5 e6678ffb5e2576ffbb5adb2b0a615715
SHA1 09a9ea7fe7172efc9965dd9f1baa1c8d5965d390
SHA256 f743d4a02501efbe81a994f9a0e33ce3fa1d7ceffa8f440fe908e6423b1373d8
SHA512 cf2718fba41b7d33cf73c7be2181e7e770a5f0d4cbe020a36e3b20eba9cc014cb872e9664559847e45d76a9e813eca911fc08037fa239e2c627f3d8e2145c369

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe

MD5 c5b37fb1f475734224f7e7163939165a
SHA1 4a3adc3df899fa38a9711d7b62207a458239caac
SHA256 75c06a328709225ea8edf951040e92c41da51d92d16a67eeb11edab3b6ca8b64
SHA512 6f6345b0b94cf4b8f4a1a92c3bd83a3f97acfdadb7c0307d3d7759cb52ac250e50b9f65eb904e82c041abf6e1c9ff090b3a54b1240960c053ed8d5f05c1bd088

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Xu909VH.exe

MD5 c5b37fb1f475734224f7e7163939165a
SHA1 4a3adc3df899fa38a9711d7b62207a458239caac
SHA256 75c06a328709225ea8edf951040e92c41da51d92d16a67eeb11edab3b6ca8b64
SHA512 6f6345b0b94cf4b8f4a1a92c3bd83a3f97acfdadb7c0307d3d7759cb52ac250e50b9f65eb904e82c041abf6e1c9ff090b3a54b1240960c053ed8d5f05c1bd088

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_1600_VRJVDTPPIEOFRWJJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_1592_EVUQMZMWKQRSXJQG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3784_GOZOPOUTYWOZENLW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_3000_TXPPZYTYMHXUKOCP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_2720_MVFHUBYBZDJFOOXA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1435ec76-fbcf-4ab8-ae9a-2b03d5941a46.tmp

MD5 6f69381bf3544c4fbed02e3cf1b0bc60
SHA1 6f0eaa477aad3c878f9a4aa2d2b3e5f1753c2dd2
SHA256 cf481a4b16f4882bb2cc1f120800149897f0edb6156997f3333adde56c4eafc4
SHA512 91647efce2abf3fcae7ae100558443c5797b5a6cff073f9be70e4348426b0e5c9450b06cb5c1edcb369811e5f5cfd4efa3eed441510a384377232a9766b9a858

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 464f4a6fd0edbeb969dcbb90871d29ab
SHA1 a3f16b4e4b73960cc889bb680febeacafaa0852f
SHA256 d610a9919c79e3b94e03813499d500e0d8d45a604723d006aa90e4982202bf76
SHA512 d16a1c2242aad5b605b9b36d345bca066f0a08b8ff78f074590b4244141815b5d4e6b18aae8d2d2b0f880ebfa4caf416c044347c43c79aca5c776c451c6be9d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0910c2c89554c7110c05e6cc76498c18
SHA1 ebdc950f029ee895d0ca413ac5a7b118e962eef1
SHA256 7897fd06d373f4b45ea80c72bacfb201481e0aecf52ae1e4ca6038c8c7639431
SHA512 1fe18602596ded0f6265414ad5aaf0d27fc051681c94f99e30ef9cbf95145924ef2354864694782cb4b3225b8fe1a9b68516c0cca711d7af8f120e4eea5b667d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6f69381bf3544c4fbed02e3cf1b0bc60
SHA1 6f0eaa477aad3c878f9a4aa2d2b3e5f1753c2dd2
SHA256 cf481a4b16f4882bb2cc1f120800149897f0edb6156997f3333adde56c4eafc4
SHA512 91647efce2abf3fcae7ae100558443c5797b5a6cff073f9be70e4348426b0e5c9450b06cb5c1edcb369811e5f5cfd4efa3eed441510a384377232a9766b9a858

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d34b59d8-d325-4207-a35c-ad8ed7cd7ee6.tmp

MD5 d0cfb2988bf287bcdc8c88a5982f9f5c
SHA1 893dc1700b0ccdfac432bf636d4de1fcc5a08abe
SHA256 32cd96308dc604fa231ce0d93e928488b597bf22791fd9731273c092ec4cb2ea
SHA512 ae70f39ada47fb96dbad781291befc3f4a4c743c33c735741ff4df262525f6829d3be4deb0b099b646642ab2dd3a0810b2890e5514ebedd0b979159b054523e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\13c7d1ad-4dc0-4706-b1cb-288a736a18b6.tmp

MD5 0910c2c89554c7110c05e6cc76498c18
SHA1 ebdc950f029ee895d0ca413ac5a7b118e962eef1
SHA256 7897fd06d373f4b45ea80c72bacfb201481e0aecf52ae1e4ca6038c8c7639431
SHA512 1fe18602596ded0f6265414ad5aaf0d27fc051681c94f99e30ef9cbf95145924ef2354864694782cb4b3225b8fe1a9b68516c0cca711d7af8f120e4eea5b667d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\079e93f2-59c3-4c07-a473-3bf9eba18477.tmp

MD5 464f4a6fd0edbeb969dcbb90871d29ab
SHA1 a3f16b4e4b73960cc889bb680febeacafaa0852f
SHA256 d610a9919c79e3b94e03813499d500e0d8d45a604723d006aa90e4982202bf76
SHA512 d16a1c2242aad5b605b9b36d345bca066f0a08b8ff78f074590b4244141815b5d4e6b18aae8d2d2b0f880ebfa4caf416c044347c43c79aca5c776c451c6be9d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 84ae13722aba0f6137ee0a271a081e1e
SHA1 fb255d1ad4cea8db74247e782d11dbd9007035c2
SHA256 9ed4a05cbcb39eb2d2f02054020ba5fdcfbc5bfa3125df2ea777e88bee9bde3b
SHA512 fd0e6929961ab93e694601b1fc8835cbdd489762e9c00297507b8cce37b59914d81ea0f40fdc071d2f2be87f23cf7fa0a01c1c227eea63b309384be824479cbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 84ae13722aba0f6137ee0a271a081e1e
SHA1 fb255d1ad4cea8db74247e782d11dbd9007035c2
SHA256 9ed4a05cbcb39eb2d2f02054020ba5fdcfbc5bfa3125df2ea777e88bee9bde3b
SHA512 fd0e6929961ab93e694601b1fc8835cbdd489762e9c00297507b8cce37b59914d81ea0f40fdc071d2f2be87f23cf7fa0a01c1c227eea63b309384be824479cbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Td1EW6.exe

MD5 6faec323ec516bea59330a5d4b237804
SHA1 aa3768d8b8d9a339f178f3d7e43e614c15489a55
SHA256 7c414a250dd6392aeea893accf314d76ca92df3d1e26e718e48fecff802a9f69
SHA512 b4aff52ff9948d14b1aa6c372818af76e272f6d7797fc8081b3f5d081f614d8bdca1c3a3e190bf34bf3bd7544e11c51e8e6ce41c6610fc1fed8f9433a6593e4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2f103a20a7b5a890cc51fd7eca01ea3c
SHA1 980d9bf28997ffb2f26fbfb1b6b337236e967a38
SHA256 479342798794090fd36f9652d0fe5d62b65562bba6b7356d169c5a054b129a6e
SHA512 62502a39e61d96d41d6639ffb29510a81f82756bd0c91d38c60a1f87ebf1d630bcd6623166108cda5fb0606e19865b5546eb8bb4c9de179f29eaca4c4a96c103

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d0cfb2988bf287bcdc8c88a5982f9f5c
SHA1 893dc1700b0ccdfac432bf636d4de1fcc5a08abe
SHA256 32cd96308dc604fa231ce0d93e928488b597bf22791fd9731273c092ec4cb2ea
SHA512 ae70f39ada47fb96dbad781291befc3f4a4c743c33c735741ff4df262525f6829d3be4deb0b099b646642ab2dd3a0810b2890e5514ebedd0b979159b054523e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 84ae13722aba0f6137ee0a271a081e1e
SHA1 fb255d1ad4cea8db74247e782d11dbd9007035c2
SHA256 9ed4a05cbcb39eb2d2f02054020ba5fdcfbc5bfa3125df2ea777e88bee9bde3b
SHA512 fd0e6929961ab93e694601b1fc8835cbdd489762e9c00297507b8cce37b59914d81ea0f40fdc071d2f2be87f23cf7fa0a01c1c227eea63b309384be824479cbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0910c2c89554c7110c05e6cc76498c18
SHA1 ebdc950f029ee895d0ca413ac5a7b118e962eef1
SHA256 7897fd06d373f4b45ea80c72bacfb201481e0aecf52ae1e4ca6038c8c7639431
SHA512 1fe18602596ded0f6265414ad5aaf0d27fc051681c94f99e30ef9cbf95145924ef2354864694782cb4b3225b8fe1a9b68516c0cca711d7af8f120e4eea5b667d

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Td1EW6.exe

MD5 6faec323ec516bea59330a5d4b237804
SHA1 aa3768d8b8d9a339f178f3d7e43e614c15489a55
SHA256 7c414a250dd6392aeea893accf314d76ca92df3d1e26e718e48fecff802a9f69
SHA512 b4aff52ff9948d14b1aa6c372818af76e272f6d7797fc8081b3f5d081f614d8bdca1c3a3e190bf34bf3bd7544e11c51e8e6ce41c6610fc1fed8f9433a6593e4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 464f4a6fd0edbeb969dcbb90871d29ab
SHA1 a3f16b4e4b73960cc889bb680febeacafaa0852f
SHA256 d610a9919c79e3b94e03813499d500e0d8d45a604723d006aa90e4982202bf76
SHA512 d16a1c2242aad5b605b9b36d345bca066f0a08b8ff78f074590b4244141815b5d4e6b18aae8d2d2b0f880ebfa4caf416c044347c43c79aca5c776c451c6be9d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2f103a20a7b5a890cc51fd7eca01ea3c
SHA1 980d9bf28997ffb2f26fbfb1b6b337236e967a38
SHA256 479342798794090fd36f9652d0fe5d62b65562bba6b7356d169c5a054b129a6e
SHA512 62502a39e61d96d41d6639ffb29510a81f82756bd0c91d38c60a1f87ebf1d630bcd6623166108cda5fb0606e19865b5546eb8bb4c9de179f29eaca4c4a96c103

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d0cfb2988bf287bcdc8c88a5982f9f5c
SHA1 893dc1700b0ccdfac432bf636d4de1fcc5a08abe
SHA256 32cd96308dc604fa231ce0d93e928488b597bf22791fd9731273c092ec4cb2ea
SHA512 ae70f39ada47fb96dbad781291befc3f4a4c743c33c735741ff4df262525f6829d3be4deb0b099b646642ab2dd3a0810b2890e5514ebedd0b979159b054523e0

memory/5564-222-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5564-223-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5564-224-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5564-226-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d9227e88-f6cd-4567-998c-19e4a32fd1bf.tmp

MD5 607798dcf4bc548aed7b2f06d4ed6c98
SHA1 587e214594bee8bdb657620c36467fc56f7d8243
SHA256 dcaaf7ee78be929cc23b86fc05cfc1b3eab3e2689982796923a182d1ddf79fe9
SHA512 44842aec15a870eb717126de4255ba9f32b3798238b75fd734eb5e5ac3c8c01a11580dc0a0423893f7258e4c56cb41d1d35b3ac9875b0fe22a79291689340d77

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5MW64vc.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6f69381bf3544c4fbed02e3cf1b0bc60
SHA1 6f0eaa477aad3c878f9a4aa2d2b3e5f1753c2dd2
SHA256 cf481a4b16f4882bb2cc1f120800149897f0edb6156997f3333adde56c4eafc4
SHA512 91647efce2abf3fcae7ae100558443c5797b5a6cff073f9be70e4348426b0e5c9450b06cb5c1edcb369811e5f5cfd4efa3eed441510a384377232a9766b9a858

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5MW64vc.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

memory/7448-257-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7448-270-0x0000000074330000-0x0000000074AE0000-memory.dmp

memory/7448-271-0x0000000007870000-0x0000000007E14000-memory.dmp

memory/7448-281-0x0000000007360000-0x00000000073F2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Mp841.exe

MD5 8f20c5c77602ad89731ff4c1641861f7
SHA1 c5513a6244ef0fa360a81bba5dea440b80b392f0
SHA256 fccf3d1399e55f444ee4133effe60a998c7d27548642779db92c6578fd54f25a
SHA512 9302cd11247c0d06db3883f50916bac68b72e6e8f7d3c674e7684777eafec53d9843a7710fb228e6ddac21a872a567128b3aa38ce0b4dbf31befb592d829fc60

memory/7448-284-0x0000000007340000-0x0000000007350000-memory.dmp

memory/7448-286-0x0000000007530000-0x000000000753A000-memory.dmp

memory/7448-288-0x0000000008440000-0x0000000008A58000-memory.dmp

memory/7448-289-0x00000000076E0000-0x00000000077EA000-memory.dmp

memory/7448-290-0x0000000007610000-0x0000000007622000-memory.dmp

memory/7448-291-0x0000000007670000-0x00000000076AC000-memory.dmp

memory/7448-292-0x00000000077F0000-0x000000000783C000-memory.dmp

memory/7816-293-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7816-295-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7816-294-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7816-297-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 16b142b31f1ab4ecbb09f888b89e9ca4
SHA1 631f82f89921d5b9fc09934728fce0115c16047f
SHA256 1ec173c19501954b2027beb492330b414d17d18d731687bfb472c8f9c2b855a1
SHA512 1a97887cbe80e07221fef82462b3d84af63b38aa1bbdb9ca7af56cbe4af15c7430101ee6d056a5e23884ca154c3059aaec37f6e19a0a8bdeb6d3c87837752789

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e5d29e8efe0b6db16d00712f226b7006
SHA1 3a24c10eabd579b588b4e9171b18ce8a77c8c0cf
SHA256 f55df756dbf186355f0ca0d5f58d05ecc5254a92cf8d934634ef9a4bf8f2e840
SHA512 2ba54b24b660cc8a982108aa0f4fdc40baefc02cc95f8c4f38c8145fbc1ad0faad2b6e6de440ef9e5f7f22d226091d0257e9011f6289eab4a19ed813e0047b46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 0b8abe9b2d273da395ec7c5c0f376f32
SHA1 d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec
SHA256 3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99
SHA512 3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4709626122302da9279ef487aae16a1b
SHA1 1644ee3edb1369b62a21beda27a455fa0c837498
SHA256 9cd13871a4e007a7a9e7faf8065305c297632cfa85527cad74fb7d9fccd193a5
SHA512 22e6ef495b2f70317308afad186adaa50065eba1fcd17e66c85403ac2770cdaab7379a14df48b1d7b72e064fbc2391a5b81508ba66af6596b3401141f3f46775

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58362e.TMP

MD5 45d82817d7596e27b9a99ea811033ab5
SHA1 c97e2387f9c9df258d14ef187acd68235a33a968
SHA256 9e4b6c104b8fb74b54660c9591929563c52e288ee2a646a79fa5d784529f3d8c
SHA512 48b489220c4c34cbb9a6ca77c0012248356532b2670147c6ee6a9a955a088aa05aa605ff79b52d02ef8c99b8aa5ea3e33fbebcdf4084e7731ad1d4b3fd1340d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\235e234c-ad2d-498a-ad5c-c3e43a609a7a.tmp

MD5 60aafb5c5b855568625323a4add66afe
SHA1 06988bd532fbb8a45f306958034e5a1bf6b8a515
SHA256 9ffb859fb6afaffeecd478f5932d4e56dca748872710b13d60d6887feba9bf3d
SHA512 6d77b9bf07e8b1eccf3cad2ed04953cdf28666d4ea6e5172279460519df3afd7cfb68a98c5a43557220946b17ef33dab9230bd454d645fb40a4e49d5a50757f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/7448-762-0x0000000074330000-0x0000000074AE0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 192f5af29185d468d44c7f4a1fb5b692
SHA1 a6e8a594eebe5004145c5b7a4e029527e41b39a8
SHA256 2e34b6f2b9063e1978c8b204ea0f841b58633de8f136509f63d6f66c112620bd
SHA512 1684502b7d104599afd656f40b2114d9af5d488d6fd24b45a62d970bb06ea07dbdefe42a7e8553e9d114dec685d7274d6f46f18d32dd273275136140a3b422d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe5844b5.TMP

MD5 004cb0522c90f4e978e888fdaf4b113b
SHA1 48f25fc191ba66b835abf3f75f9bfee4027150d6
SHA256 d17df760d5a52ef1e76c2727787e8ea72cc1fc9faaff0efae44398a0b730af7d
SHA512 0a7b7369b429089c0fb3ea80365bb86df9c263409f00c902f39f99baa0e5f3170e6420f84e4574ff8966af7ddb6f885106f41dbb5d2d9f8162861735783b5793

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3732935c180c19552793a81f8bf6abfc
SHA1 614368bff85206b558fe3dabc83c49ff56aff7c3
SHA256 c6834016a91ccbc12bfa608c5f2b7d1dbceda367f6c1197c0cd800e51ed5b136
SHA512 6937f8da82589fb78b8784701a3d63437365d0b2d983fdb3d3bc0d8ee25edb0c9a9d0151aa09059cf9b98f9079427765ccccf9eb230da32b709bced61f42fb0c

memory/7448-899-0x0000000007340000-0x0000000007350000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 03a8293fb576e8e5d4a289b939ae8541
SHA1 cdda4aa3d0409cd43d3ad3b5e894d61ac647ba28
SHA256 4cc2f2298f68100c74d1115d36a5cc66983604558cc8d2f5e8c7efe2105b3b28
SHA512 842adea586768e1158ec1dcfe597150f051959cb0b20faa205f2088beeb0019eb274da40623e1230151e49b1e2338d5457a66eb1cd2f42008e4e2d0f60ad4cb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4659413f-7b7b-4bde-8537-580db430cf65\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bf23150e4a9438a5dbeaed62536d9e76
SHA1 480050cca295547441b9b7ac879d6737fc5c0d42
SHA256 345d1510d8ec30e8d47067a2c305b3a5405bd32e0645d956abdf3dbaddeecac6
SHA512 8c19551d3033b0a0a03e9fe5806b5db5364a1824af3b97159468995310bd506ec895d90544c93646922e4a72b123738a05dc4515fd37204694bf76ef6e87afd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7a57c5dc5e0df4c2895f3e5f52078c44
SHA1 f52bfeaf2eca3d92217fec3a79f001dd9e244ac4
SHA256 29be5910e8d038dc1433b9f2ee47d09e42b44c9a1e886dc262be7b2263b36fe5
SHA512 6aed1bd61c450dbdc856f5d262f7b2641f3dc08f8765e2835f46fcfe11cab60f4112a43527e8e1e278e7ab8b5187f3b33537b91f0d656a10ed7aa950c36a9fd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f7e5950d8342588a4a01eae100ee7d86
SHA1 c35afd4a164cab306f716366b142069ce7341d59
SHA256 428a54e097aeb0f64496a6c888e1a27636c3b1bded299b3f3ae8262602c8048e
SHA512 2889aa0cb86c66ad4851c3603927b8ebb7d17676013ed2aac49df19fd36b5477c833366772df443163f80a55474bbed4c00f709d5b7101d3779edbfb064ee7ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 521b87c793237fd35893987388de0d88
SHA1 4ff7809bad05f6bc37c6fb2d3fd66db1df815ea4
SHA256 19f26a1aa60e5ed45db5a5ccd04e0ba6aa9f2d821b6fa50f2f6e35a8d41f7d8a
SHA512 44fa51f2755c16514ce9051560fcb4a43846d4b827989469f21e51188d870ef16d61f0cb26ce935e0cc5ef1959a4e75624a5a24d82a7b26619d3eea4882a10a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3e16d14362a2f418d7f37b6668cd5177
SHA1 3ce2875c8cb7147f343d7b5e24dca501074bcf02
SHA256 77124aa6739f92d1aa52104767e504ca277bac7dc4c73a4544c02fa59f7474d9
SHA512 7dffcfa580eb9fc84c6e675827d9d870a31d67689cbf57bebaeae991e8847aabea977bcaf858b395e2020ffe8b556f600509881e0c5e365e4443e03c50b9fbc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5711c134-69dc-46e4-8158-69f3f66622ed\index-dir\the-real-index~RFe589517.TMP

MD5 d5ac7510ead84105f0bca65d5530526b
SHA1 bb31f6eb7b2f7d21ebf0dee9eb99e5b3a95203ff
SHA256 5dc584b3052faaaad7cfd1a7f9f8f16360ae275a6b5f21c7ea83ac5b65c3a7c5
SHA512 0f6505e5499f249e7b80848bf1ad10580dab92e6d4350f58cc9b9f0d593f8823fe896a95f4ddbf677bbebba19d2910b3c0bed6862a192386d3680464d3450739

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5711c134-69dc-46e4-8158-69f3f66622ed\index-dir\the-real-index

MD5 2d8df7c50ed8574cc7bda70931624b8d
SHA1 201521ed6d8dd723d6073f901d518fc3a00bc8bf
SHA256 9af5a17fa2c645b1e2499747ca349c981bd3644fea95c51efae1f70ecf15e601
SHA512 a240f4260999e46f00f77f9f27702e90c98b86ec640d634742a8e51afca27295479a3e599822fc214d0ded454d332e8feaf7279b09223a69be843e3045129f9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a6e852a92dfd4ed6bc96a24bdb3694d5
SHA1 1eb4b39a6d0d877531304e84c61ed41035adc89b
SHA256 5a4f285df1c537cfb7b405eb7de6e19906657c6a4f944563bc32a7cfa889744d
SHA512 2830eb6ab72df033ec5cd4a2a2f73b5ebb66720636bf881d38db4c962e66a83ece92a8bdcecd0ce960913575bfcac1eea77e7cf5275ff3a3c96c4862e48487c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0face1aff7cd26fe7de177397454c241
SHA1 4d05efaf463c9e8392c6ef0ecd6aa39544771007
SHA256 135793714ea9ccdb28e88e9cc4ccc7652cdae74e516aebca0b29265cbaaacf6f
SHA512 674851986ff7d369da013c65e480a1392e3e8125557a7814769b0cf6cb3e49ede5ba10863d078f78b860d1a16a5713f4a49383dc8e925038afb454f0a5f53ee5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 dbb3bfcbf9e106a4d1dc3e3e37836a97
SHA1 b08ab34f8229e8c4c9df25c8ca45ed655d6d3f03
SHA256 979629f103981b23627376b4014d3d2973a5acceededa896058ff9583ec57a08
SHA512 525b516f9fc24f916da93341efc6babfcc257d11c5e115ecd104a81e00e272f716e53ef8a807cc8b6d1c25aaeda6328bb8c2a834fc40269ab5d3235744ce445a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58abeb.TMP

MD5 515b2837fae521a4da8bf1c579368a40
SHA1 ea622a2599815a2ccac72973e8123f94c4bf0c30
SHA256 78fdadf75b1ebe920b5e32c8b660fec6ed3040e1c11f895951d964969609561c
SHA512 2e96f72f03d4082da56e33ae4761c44126fffbabb0b083641366c4fcc8b06c81aa199ee030010e5fffcd3e3356f293037a1ea2ab82c4bea6127c6a9ac1718177

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7de3c31a-aab0-4cba-ae6a-91e71d33cb75\index-dir\the-real-index~RFe58b9f4.TMP

MD5 8f5bdd3d3d8ae1108ef6273b7f27dad0
SHA1 ca506e25d2e6eb3aa8825a9bf5096ea12233c120
SHA256 6506e0967bc42d08801925fef4b0e25d56fe24279f5fc97896c6229927ff39f2
SHA512 7d98ec19e1718a74670d5a10730f73b5c4b3006521dc3d8dd93e8072b2b61f4ae2be7b937a12753ed01d40b2f4879b577fdb8decba79fcbd796dafb33478277f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ce2223c768df4b85e1e74fb268fff07a
SHA1 a08d781e0b4f254a29993fbc002a261942712e46
SHA256 8b66f66edc122f2b77c28afb2bd033427826e55e107e42bd30b005262a168637
SHA512 06e2f81737e6a003190007eee3980eea81d503088679ae0dd483b3f297a334781272c4326908e83a88c4e9814f1e4a324804edae2d940eb8ea7a4e26a9bec016

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7de3c31a-aab0-4cba-ae6a-91e71d33cb75\index-dir\the-real-index

MD5 1d79ca821d64d22f83b2201b9cff3a15
SHA1 c5e90c30424dde636219dc6b7843814987ced2c5
SHA256 52910889a045842fdfa08204c4ee8b07fb106536f91d4755c8e71ccb48e536fc
SHA512 f591187fbac0a1e11f2d202ecb5b5d7100950238a14703e77f0beca4e2666a5147458c41a4f07575fd1c03c985d0abb82b67021425f6f84140d3a6ddc1f6444f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8f24baa44eb8008a0a38e8279212ec83
SHA1 b8ba8d06d46228eef532695ddf97ee863e338f82
SHA256 d677288665732a83106e799a3c91b1050d4e9d404829cf898c938a79b67a1758
SHA512 5a82d0204a885383c943aa6b5ca45ef3643a34d0bba6ba6cd97a1cc75340966a9826beabb4fd08b0fee0372669578930c28abb5039eef14a0905d620a497d3a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ad6e7005600fc0102e61f06a29cfc264
SHA1 e7aa711334745986cb5b1cfea68dbdc67ef3fed8
SHA256 c74169b9aa5ac5c6cbada742d88f543a41ffd16a20bc07efde435de5ab49f65e
SHA512 2f38af3c3113c2d1c9bfce172d3470316aa767feecc4b812716b0cdadb8118f57333eff72c5c44149161dafa697125e534b0baa99fbc4594c69b127c667cad10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d1c0b27c-fbf8-4030-a494-4d8c7d5aea5f.tmp

MD5 88a37ba3cd134e43fa5fc60198c7cef2
SHA1 e8acca492d251f736d45c739588642f0c07c4774
SHA256 e753b2f83d6a30e0aeafc10afffaa711b2b19886387c75786b053f5ca7e8591f
SHA512 a1eed60211fc3dbddc72c51963fa5c14a687af233fd7900477f654979c58d4bc8a1c552ed923781268298d8990c203a50b568c62256543ae78f98be28137e9e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5456d94ad5a2e51fcb99a704f7d7eca3
SHA1 446332b00713e6998ed85d235dc7bcd0a493f54a
SHA256 1f6b45a9a424794d8d29b6bce493e1f59459def4ba17056e24f5a1431e57d9a0
SHA512 2febb4e892db3aae2e6d484466448766f79d25ebfd5ce23f3046d534eec1c6a05add79c3154b24ac35bd6991a29036f058d3b636c37dbdcf6503d5629530a7e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\d92c67e7-1b98-4fdd-beba-d40c39b2313c\index-dir\the-real-index~RFe591f27.TMP

MD5 d428d4210198c04d77580e93a225d6e4
SHA1 25e65f61ea9b854576d602900a9013563a561598
SHA256 e8593084a72c5cf3503680ef7861691d3ff02602c64457d900b8a8b5490cb3bc
SHA512 7332c0d8300c92de85b855267c413a8a53fb0470f6b14bd258d468392358f1e45f526562fe8464e2f9546798f7888a4e60e44deca88598e06570c69da0885cc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\d92c67e7-1b98-4fdd-beba-d40c39b2313c\index-dir\the-real-index

MD5 76017bdfb2ab95c3171f82911d15abad
SHA1 4db6730bb1b00beb74d37d7a4dc4ba2260957a3d
SHA256 169aef754c6ec1f260d1247356cd51399d60a533efcb18d0b53b1152be38d5cf
SHA512 73ed8032110dc21c9944385bbf363a671d2cabdf3944a4579a31dc6f4bd51e29e2c938f8f1048a4ce54a1340547effbceda3fabbe1bd1c6783ed89ca7be74bd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 561ba097d4e5bf9cf5cebfa23e89e89a
SHA1 c799ac218782615a2d0ba87690951a4cfdcab2ab
SHA256 cf0ab375cdb2ea4eb45b932e2e28d9e13f10b5dbb8377d0f872056336daf1428
SHA512 ac20651322bd2997dd73aa046e1f3b51afff0d4338149dc6b1a4962b01e360740f4746418d7694baeb8fea7ffdb7cf173380820752e651419ad52003ac887566

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 93446231fa043e5957502b245d011d7b
SHA1 dfab094f87bd527664862e8e3d6201755494fed7
SHA256 bc5e2ad5bb47bbf8ca6dccd9fb1675d1ce5b9bd20b7331af8263343e3632df63
SHA512 197e4de34fd3acf6295c9b53aceb2740ff8424163475469109057706cadb0a6a95424824338b4f2ff7f83f36180085ef9d96ea2f53d54eb3b9c37fdf54db33b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c5743abf2d9d3b503244e00b5d66026b
SHA1 bc7d3f21bb18825c112800824cb7b254c7791a5a
SHA256 63a1a507d42f77e206b1ef6dc83c305989ae13d8b6bfdc6bf766090d12e18685
SHA512 815ffbeb0d5dba28e972493bfa6931892fd96744a310da3699e015397a37ccdec3e1a492361cd183e93fa64f4833694c56e772f055c7847acaa255ace29636ac