Malware Analysis Report

2024-11-13 19:10

Sample ID 231111-zhjw5acb84
Target b925c59ac13a0efd6e16d7ccf576d04943e93b9363978e2174c9d82e4f4abdaf
SHA256 b925c59ac13a0efd6e16d7ccf576d04943e93b9363978e2174c9d82e4f4abdaf
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b925c59ac13a0efd6e16d7ccf576d04943e93b9363978e2174c9d82e4f4abdaf

Threat Level: Known bad

The file b925c59ac13a0efd6e16d7ccf576d04943e93b9363978e2174c9d82e4f4abdaf was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

Mystic

RedLine payload

RedLine

Detect Mystic stealer payload

Executes dropped EXE

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

AutoIT Executable

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 20:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 20:43

Reported

2023-11-11 20:45

Platform

win10v2004-20231025-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b925c59ac13a0efd6e16d7ccf576d04943e93b9363978e2174c9d82e4f4abdaf.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gh8ok88.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\b925c59ac13a0efd6e16d7ccf576d04943e93b9363978e2174c9d82e4f4abdaf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\he7Fg68.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 224 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\b925c59ac13a0efd6e16d7ccf576d04943e93b9363978e2174c9d82e4f4abdaf.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\he7Fg68.exe
PID 224 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\b925c59ac13a0efd6e16d7ccf576d04943e93b9363978e2174c9d82e4f4abdaf.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\he7Fg68.exe
PID 224 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\b925c59ac13a0efd6e16d7ccf576d04943e93b9363978e2174c9d82e4f4abdaf.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\he7Fg68.exe
PID 4900 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\he7Fg68.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gh8ok88.exe
PID 4900 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\he7Fg68.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gh8ok88.exe
PID 4900 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\he7Fg68.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gh8ok88.exe
PID 3276 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gh8ok88.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe
PID 3276 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gh8ok88.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe
PID 3276 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gh8ok88.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe
PID 4404 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4404 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4404 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4404 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4404 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4404 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4404 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4404 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 796 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 796 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5096 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5096 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4404 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4404 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 772 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 772 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4404 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4404 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4404 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4404 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b925c59ac13a0efd6e16d7ccf576d04943e93b9363978e2174c9d82e4f4abdaf.exe

"C:\Users\Admin\AppData\Local\Temp\b925c59ac13a0efd6e16d7ccf576d04943e93b9363978e2174c9d82e4f4abdaf.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\he7Fg68.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\he7Fg68.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gh8ok88.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gh8ok88.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb6fc746f8,0x7ffb6fc74708,0x7ffb6fc74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ffb6fc746f8,0x7ffb6fc74708,0x7ffb6fc74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb6fc746f8,0x7ffb6fc74708,0x7ffb6fc74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb6fc746f8,0x7ffb6fc74708,0x7ffb6fc74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb6fc746f8,0x7ffb6fc74708,0x7ffb6fc74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x140,0x16c,0x7ffb6fc746f8,0x7ffb6fc74708,0x7ffb6fc74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb6fc746f8,0x7ffb6fc74708,0x7ffb6fc74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb6fc746f8,0x7ffb6fc74708,0x7ffb6fc74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3755086500652070871,18002643868359725421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3755086500652070871,18002643868359725421,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,17158984756268050394,4879986424511191095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17158984756268050394,4879986424511191095,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,4673180894978463420,8641720616178538683,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,646769013896152321,17874145048927001827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,646769013896152321,17874145048927001827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb6fc746f8,0x7ffb6fc74708,0x7ffb6fc74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1816,774047598043012582,8458107793662742431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,774047598043012582,8458107793662742431,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,4673180894978463420,8641720616178538683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb6fc746f8,0x7ffb6fc74708,0x7ffb6fc74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sn7Ra6.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sn7Ra6.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,10019912347609395938,7953020052712740609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7316 -ip 7316

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5wJ69iL.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5wJ69iL.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ek467.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ek467.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6252 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17455775170871871766,9245118826494048763,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7664 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.paypal.com udp
US 104.244.42.193:443 twitter.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 44.212.195.210:443 www.epicgames.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 210.195.212.44.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.194:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 93.184.220.70:443 pbs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 8.8.8.8:53 t.co udp
US 152.199.21.141:443 abs.twimg.com tcp
US 104.244.42.69:443 t.co tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 68.232.34.217:443 video.twimg.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.208.118:443 i.ytimg.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.171:80 apps.identrust.com tcp
US 8.8.8.8:53 118.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
NL 23.222.49.98:443 api.steampowered.com tcp
US 104.244.42.194:443 api.twitter.com tcp
US 104.244.42.194:443 api.twitter.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
DE 172.217.23.194:443 googleads.g.doubleclick.net tcp
DE 172.217.23.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-q4fl6nsk.googlevideo.com udp
US 74.125.3.201:443 rr4---sn-q4fl6nsk.googlevideo.com tcp
US 74.125.3.201:443 rr4---sn-q4fl6nsk.googlevideo.com tcp
US 74.125.3.201:443 rr4---sn-q4fl6nsk.googlevideo.com tcp
US 74.125.3.201:443 rr4---sn-q4fl6nsk.googlevideo.com tcp
US 8.8.8.8:53 201.3.125.74.in-addr.arpa udp
US 74.125.3.201:443 rr4---sn-q4fl6nsk.googlevideo.com tcp
US 74.125.3.201:443 rr4---sn-q4fl6nsk.googlevideo.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 254.209.247.8.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
NL 142.250.179.141:443 accounts.google.com udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\he7Fg68.exe

MD5 033cb8c5b74c4a3e6691b8f78bc6b0ee
SHA1 be1930a3b2b1ed6248af0b7979133009fc184169
SHA256 43813530bc7974c944436fc96c34881c469ded1d84e61681b02bcf363eb7624c
SHA512 73dca7c80310576aa4e365c8d24a2fc244e4c3ca9d87c9474882dfb865a766545197917f30337830c224ca80bdac003e1c8b3ac86212e28aff46c25b47057481

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\he7Fg68.exe

MD5 033cb8c5b74c4a3e6691b8f78bc6b0ee
SHA1 be1930a3b2b1ed6248af0b7979133009fc184169
SHA256 43813530bc7974c944436fc96c34881c469ded1d84e61681b02bcf363eb7624c
SHA512 73dca7c80310576aa4e365c8d24a2fc244e4c3ca9d87c9474882dfb865a766545197917f30337830c224ca80bdac003e1c8b3ac86212e28aff46c25b47057481

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gh8ok88.exe

MD5 4f02c11453e39709611db884dd01b87d
SHA1 93861b4ea1234be3adb48fe66397551a6c08770a
SHA256 8431cfd8561eee0fd3c7bfa00a3175711433c05308c9808382dedab1fae54405
SHA512 ebedc52ed5890e8fd786d7264f3abb43f1bddb9a3d00a0230144126b626c4f78c5391a59bfbd46215f64480cfef529bc7b8a71bc9a4e5aba7c082ef2a24bece3

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Gh8ok88.exe

MD5 4f02c11453e39709611db884dd01b87d
SHA1 93861b4ea1234be3adb48fe66397551a6c08770a
SHA256 8431cfd8561eee0fd3c7bfa00a3175711433c05308c9808382dedab1fae54405
SHA512 ebedc52ed5890e8fd786d7264f3abb43f1bddb9a3d00a0230144126b626c4f78c5391a59bfbd46215f64480cfef529bc7b8a71bc9a4e5aba7c082ef2a24bece3

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe

MD5 542ae607e10304f1c6a6567ec2782213
SHA1 1b9477ec55fd93dd574d4261b1314b0b9bc43941
SHA256 22a6fa5b2a4171f83448684e8934204fc9f44cd2a5eee2c1095755637d896802
SHA512 9e9192967051682e72d8d2f32f9410f72e04cc45774be64f33a46ed0363b5cae94e633ea075e642b3ff9bde273f97c5fa5ecd050989ace17b0127f83edfb59a5

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3un952gp.exe

MD5 542ae607e10304f1c6a6567ec2782213
SHA1 1b9477ec55fd93dd574d4261b1314b0b9bc43941
SHA256 22a6fa5b2a4171f83448684e8934204fc9f44cd2a5eee2c1095755637d896802
SHA512 9e9192967051682e72d8d2f32f9410f72e04cc45774be64f33a46ed0363b5cae94e633ea075e642b3ff9bde273f97c5fa5ecd050989ace17b0127f83edfb59a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_4344_MWXCAKEXONDVSZUP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_796_QDHOFFLOJEAAPCBW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_5096_AXUTVJQLPGSPJFSN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_412_TFOOPHEGHTBZXRHA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 49fda7b01a8c150edeaffe98ead0a5a3
SHA1 709b703809158b86f63d8e6121d5ce6fe9b89984
SHA256 32345827a9f820485aab77ac73ef8f30609d0b72e42e1988bf9a68d056b6abee
SHA512 7621dc4de223e17a93913e775c7002204c7fc29798965d0426384638c9316c62ca99533bea7d8319c29224cbbcd7e15a2c932abec78e9b0bec9fbf9b7dbee402

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 017db2d43b22992222625cbd8d99c892
SHA1 77ec3b42efb68511dc99a95f5764db78c6f9a5eb
SHA256 84759072e372c35921f0a8e6810b7bc66313e77fc3cf58684b01ff6ff09d7e57
SHA512 f5e0c8a7210d28bf8b17c44a9f9359ab39a2e37cba9d18f03516feee4f7bc2c7271a130029dae560b9af2c772ddf2758a43b26755a8befd1af882d98128ad5b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 017db2d43b22992222625cbd8d99c892
SHA1 77ec3b42efb68511dc99a95f5764db78c6f9a5eb
SHA256 84759072e372c35921f0a8e6810b7bc66313e77fc3cf58684b01ff6ff09d7e57
SHA512 f5e0c8a7210d28bf8b17c44a9f9359ab39a2e37cba9d18f03516feee4f7bc2c7271a130029dae560b9af2c772ddf2758a43b26755a8befd1af882d98128ad5b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b22f550c79746b9440ce949c9ef4d9fb
SHA1 65a1a378acba0313d9ba5641a59df68f36913b8c
SHA256 a5d5088d981b86969adb5aee8b244463da1f406819a4d98bc92e874456abe565
SHA512 0bc04148070cee60744d802c6a2462febb7f9f980e6321b7d77382d49f5178314aba9bf47f99b17d1fb313fbd2efc771f255aeaaae28e52f0d76a1b209d70c37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a3800d4a06ad560b767824f36feaf3b5
SHA1 a50a1fe78b24a5f25f072c2a5f1ae774e9b0bcbf
SHA256 1e0fbb410038f5a85c24a684c44ece4a2d7dabdbaa4cdcdb9308da85824e1040
SHA512 26d05e7997848c2f0395fb41765599d948a48c5f06579da86e0407ed676ffbe242dd7db99e5b9a76fae67dec77f432ae697b456da1ce46052fbf298fe16a6821

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7ca47c2f5611deecb8a3625cac91745e
SHA1 6e788691ba17d8cd9ab7c558734ed08590bffbc6
SHA256 2073d8b160faf8c2168f9d8dd8879cb84ed7896f28cd318984dd131414f8a2f4
SHA512 4e4416080852254e0d6ab36b1e4e0d9e37984b29e53b676d36fb7b5a9f073afa46f75de946f6a0c6d74dd61ebd1e8d2b8831b0665e9869e523aa09c8e2406511

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7ca47c2f5611deecb8a3625cac91745e
SHA1 6e788691ba17d8cd9ab7c558734ed08590bffbc6
SHA256 2073d8b160faf8c2168f9d8dd8879cb84ed7896f28cd318984dd131414f8a2f4
SHA512 4e4416080852254e0d6ab36b1e4e0d9e37984b29e53b676d36fb7b5a9f073afa46f75de946f6a0c6d74dd61ebd1e8d2b8831b0665e9869e523aa09c8e2406511

\??\pipe\LOCAL\crashpad_772_XZYTTBHRBKTDZURA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_464_PYHQOYRMICIYLTAA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b22f550c79746b9440ce949c9ef4d9fb
SHA1 65a1a378acba0313d9ba5641a59df68f36913b8c
SHA256 a5d5088d981b86969adb5aee8b244463da1f406819a4d98bc92e874456abe565
SHA512 0bc04148070cee60744d802c6a2462febb7f9f980e6321b7d77382d49f5178314aba9bf47f99b17d1fb313fbd2efc771f255aeaaae28e52f0d76a1b209d70c37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 49fda7b01a8c150edeaffe98ead0a5a3
SHA1 709b703809158b86f63d8e6121d5ce6fe9b89984
SHA256 32345827a9f820485aab77ac73ef8f30609d0b72e42e1988bf9a68d056b6abee
SHA512 7621dc4de223e17a93913e775c7002204c7fc29798965d0426384638c9316c62ca99533bea7d8319c29224cbbcd7e15a2c932abec78e9b0bec9fbf9b7dbee402

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a3800d4a06ad560b767824f36feaf3b5
SHA1 a50a1fe78b24a5f25f072c2a5f1ae774e9b0bcbf
SHA256 1e0fbb410038f5a85c24a684c44ece4a2d7dabdbaa4cdcdb9308da85824e1040
SHA512 26d05e7997848c2f0395fb41765599d948a48c5f06579da86e0407ed676ffbe242dd7db99e5b9a76fae67dec77f432ae697b456da1ce46052fbf298fe16a6821

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sn7Ra6.exe

MD5 9d3b32af8de5b0ba9eb86be366638e03
SHA1 bd20a00897dca5259c56262043dbd9d15982a781
SHA256 e5601e7e285fd01ce7e34eeca374d88131decac35acef151baaa49a8153f03b4
SHA512 8f68acc14be1ec98165bf2f50dcd02544fa6f180cd7e05ec413825741da29d6cd09b9893c5184db5a7d370db29867f3350a5b913ad471cea3a5d8558f476e914

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4b35cb7fff958dc3d0b9d523b8006144
SHA1 c717b9e922099e0a6f49fe70fe2751b783a881bb
SHA256 06761b6d91c1e5b7ffd8be2afa6917c93fb25dce0315d7b674c2e5bd819f2d9b
SHA512 7b07ff847b0e795671e880b667828049c7c00052eba1c6741c38c3da392e4fa677c51d562f7935505c9626b9c0998e10d64ffa6f4e0d504dde1504918b4df537

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 49fda7b01a8c150edeaffe98ead0a5a3
SHA1 709b703809158b86f63d8e6121d5ce6fe9b89984
SHA256 32345827a9f820485aab77ac73ef8f30609d0b72e42e1988bf9a68d056b6abee
SHA512 7621dc4de223e17a93913e775c7002204c7fc29798965d0426384638c9316c62ca99533bea7d8319c29224cbbcd7e15a2c932abec78e9b0bec9fbf9b7dbee402

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4b35cb7fff958dc3d0b9d523b8006144
SHA1 c717b9e922099e0a6f49fe70fe2751b783a881bb
SHA256 06761b6d91c1e5b7ffd8be2afa6917c93fb25dce0315d7b674c2e5bd819f2d9b
SHA512 7b07ff847b0e795671e880b667828049c7c00052eba1c6741c38c3da392e4fa677c51d562f7935505c9626b9c0998e10d64ffa6f4e0d504dde1504918b4df537

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sn7Ra6.exe

MD5 9d3b32af8de5b0ba9eb86be366638e03
SHA1 bd20a00897dca5259c56262043dbd9d15982a781
SHA256 e5601e7e285fd01ce7e34eeca374d88131decac35acef151baaa49a8153f03b4
SHA512 8f68acc14be1ec98165bf2f50dcd02544fa6f180cd7e05ec413825741da29d6cd09b9893c5184db5a7d370db29867f3350a5b913ad471cea3a5d8558f476e914

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7ca47c2f5611deecb8a3625cac91745e
SHA1 6e788691ba17d8cd9ab7c558734ed08590bffbc6
SHA256 2073d8b160faf8c2168f9d8dd8879cb84ed7896f28cd318984dd131414f8a2f4
SHA512 4e4416080852254e0d6ab36b1e4e0d9e37984b29e53b676d36fb7b5a9f073afa46f75de946f6a0c6d74dd61ebd1e8d2b8831b0665e9869e523aa09c8e2406511

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b22f550c79746b9440ce949c9ef4d9fb
SHA1 65a1a378acba0313d9ba5641a59df68f36913b8c
SHA256 a5d5088d981b86969adb5aee8b244463da1f406819a4d98bc92e874456abe565
SHA512 0bc04148070cee60744d802c6a2462febb7f9f980e6321b7d77382d49f5178314aba9bf47f99b17d1fb313fbd2efc771f255aeaaae28e52f0d76a1b209d70c37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 017db2d43b22992222625cbd8d99c892
SHA1 77ec3b42efb68511dc99a95f5764db78c6f9a5eb
SHA256 84759072e372c35921f0a8e6810b7bc66313e77fc3cf58684b01ff6ff09d7e57
SHA512 f5e0c8a7210d28bf8b17c44a9f9359ab39a2e37cba9d18f03516feee4f7bc2c7271a130029dae560b9af2c772ddf2758a43b26755a8befd1af882d98128ad5b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4b35cb7fff958dc3d0b9d523b8006144
SHA1 c717b9e922099e0a6f49fe70fe2751b783a881bb
SHA256 06761b6d91c1e5b7ffd8be2afa6917c93fb25dce0315d7b674c2e5bd819f2d9b
SHA512 7b07ff847b0e795671e880b667828049c7c00052eba1c6741c38c3da392e4fa677c51d562f7935505c9626b9c0998e10d64ffa6f4e0d504dde1504918b4df537

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9fed522a758dc97b04c03d2503f153b5
SHA1 4be075140cdecfae26803b8f676ea821a5f4fc70
SHA256 572d0f1a885dde46b05742b3727b89d4271af7f8d9298d082cb738fbdc05e616
SHA512 5ba14a3d0b62c37be9ddf05781916cb773b103ffc570df88a3e65e587f4160435b62a054cfdc3b9e1b3c5d250510daae4ed59c5468f1e092cbfdf2ab1f17d272

memory/7316-240-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7316-243-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7316-244-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7316-246-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5wJ69iL.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

memory/7552-262-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7552-265-0x0000000073EB0000-0x0000000074660000-memory.dmp

memory/7552-266-0x0000000007ED0000-0x0000000008474000-memory.dmp

memory/7552-267-0x00000000079C0000-0x0000000007A52000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0168a1b391929bf5e4570f47f5597a40
SHA1 0bcf041824a569e4f29899c6b0b0660731c2d3a5
SHA256 2420ef41489328f7eb61c6f078cf5e591845509ea9d8f789acb5a9ce317a38b2
SHA512 b6b782c98a872d12e5cd7d94b533551a34d8da43c04b231a7c9892f887424d1e3a604cb3b90f3c7fa3a92fb902b3e19cb5e7b730a42aa6f90da6f861ccb1ed80

memory/7552-279-0x0000000007B80000-0x0000000007B90000-memory.dmp

memory/7552-281-0x00000000079B0000-0x00000000079BA000-memory.dmp

memory/7552-285-0x0000000008AA0000-0x00000000090B8000-memory.dmp

memory/7808-284-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7552-286-0x0000000007D90000-0x0000000007E9A000-memory.dmp

memory/7552-287-0x0000000007B30000-0x0000000007B42000-memory.dmp

memory/7552-288-0x0000000007CC0000-0x0000000007CFC000-memory.dmp

memory/7552-289-0x0000000007D00000-0x0000000007D4C000-memory.dmp

memory/7808-290-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7808-291-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7808-293-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a7102325-3766-4b82-9607-1bc293e5088b.tmp

MD5 05acb58c553c4fab85ca7eb92f613dc9
SHA1 cb5291256a9f138d6afbf204db6deb4da3d9b683
SHA256 e4d60eac1e6d3f4e5e37957af6a07ffeb7a6e27ab8dd2e7973ee02521be2c2df
SHA512 16328241fbb0c1379ee62d67c041f9835dc55103f0a9e1cc20a63f92e679bf49bd56246cff555ec1c37e42788e5238a6179deca4242ab028f412bfc1e63a60dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2bf61f13-1dcb-48dd-9cf8-d377d3dddf8c.tmp

MD5 e2565e589c9c038c551766400aefc665
SHA1 77893bb0d295c2737e31a3f539572367c946ab27
SHA256 172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80
SHA512 5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\36f561be-692f-44c9-ac81-d0ba332d2dc6.tmp

MD5 48284269f0a9cf348af9ba5e5ab55c68
SHA1 2c1c3f6f19cb021dc6dc970a104d96b096eedba6
SHA256 501b101ac8b44afe74282f4cfcce2a9ebb5a42620bb87fcaa6d184828b51fa65
SHA512 2409c0c8f29a5bc394830e6e52a60dede2c5dd4129fb9b1ed2f69015c5dcb3424d470a284e861a68e2664cd1bac53300c722cd0bc8151aeb090a5479ae2a153f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 d439aa40127eb4c49c97bd689cf1d222
SHA1 420b5ea10d3dc13070c9a1022160aaac4f28a352
SHA256 f38b31ffce521cb614481e3bd6ca9b130e862663ac7134ee30dfe121ec2b6091
SHA512 172c61e97d8bf3dd5b8cdb59b102c0e6e660864da859e5db451fa9820b39c4f118ee5f54fb18e60c0022eaf7570522cb18303e2a759e9143af4b14bb50a94958

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6fb4cad5f6b664a20451d9e68a666c95
SHA1 82d4a9da6b510f6421bfba42125bd98d6fe47872
SHA256 7bf85e9f6a393a5a66376eb606e2bdbb1f0fe75735759ae160ee295bea4cd6f1
SHA512 62b13ad36614b7522f039ebb15cffb33d3d0c5f8b88f3e6b65931870fbc5a2e79d71102b06f6f29ea7818a9f5294a4efcfd1c0feacb3406bec9c495c1f2da0b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ff9d.TMP

MD5 c6f8619b95fd1328784dc2488c92b523
SHA1 20a7b9092872fb0d265dda2e1ab21293dcb0e01a
SHA256 a4286ef0cd76b3889e99646c99cba48f8c176cb3ca169758bf0c7c03cbaf3225
SHA512 0a9d7c3b518d9c309866e442465566c39d0c069a66d4f79e328c8240792d858b7c5d66d0377a49e4bd9321c1e67bdb1acb767f00292e6027a8f1afc25068f2e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7593b4b7d829f702539342d2e2da8cc7
SHA1 94ee89f39497eda0a2b661928967d634e9740554
SHA256 a06263b5cce8735b08a6a5eea17d048c25ecfb6e7058a7bae279d9a9276193ce
SHA512 df5ca402c2f94125f86c77d50a9dc875cae912d587c14388014f086ab474ca2b8349f3864d4a2e2702db9dc482513adfee6bf3e85529c217db763e4e664af727

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

memory/7552-665-0x0000000073EB0000-0x0000000074660000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c169e815078c9b4b16f8464cce926af4
SHA1 642fcae8dc1eacfb3387c57d4272054039e4adbe
SHA256 7b697f37e67046b595e48096fb259483016a2f2762f446ef2ccc57c9a6c18499
SHA512 16283786761ae31ae5d39cc5bd62017936a234273af36644a76812d5894d1a96909c08eef965014baf8e6ecf88b18c433efcdf1503637b519bca3f9432f27b26

memory/7552-725-0x0000000007B80000-0x0000000007B90000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2392b332e1621da1e2a2b9a4843e1c59
SHA1 a4861a49d11782eb455495994a9f6b383a3c9e98
SHA256 8a75d67b413b1ed2a56fbc2e20ac5fab819895d6689296dc1eaaa1a1a2d9ad69
SHA512 c52c972932a2cd5880120fad6f7342c7dfec0387df877957a4bfc4f4195271a92ff4d567accefb5ab9168054cb3935cf371269052e9980f8f4e5b8b149b99d67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe582eac.TMP

MD5 48ed8552ea10a058428efbe77765d276
SHA1 9c19da2c0f4e219fbcfee35219518b5ed23b85b9
SHA256 b30933c15e71e7a348239b3ba5630d56937c9a0fb8b9ca00587d819e399e97ea
SHA512 e56baebe71187256544e534fdaba7a7d37aaa32b6d4f5f8148389ccb33047b3cf6336fc105b98df07843efb7687088dcc89aea9504fa4e85f4bf649d3ce8a73b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 bd7777b9e8ceb6cf73609165267ee461
SHA1 3b2efb18b3a3b342b6192c70a9f4093ef5cdde39
SHA256 c769d82bcfb8714adbf530181b87ba99d4d2eb28687d149c5cdc229d15acabd5
SHA512 9e8c802d70aac40f0d35ff51d3f0aadf7854e97a4e40593e5844628680287ad90723067dc8f715149c1d3f58d030f7169bfb9821c55d840f146cea31e6204c3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a69568dd4a817d91c1fb01a381ff6939
SHA1 1cf4ec856dc8be916cbbe19f558d5ea4e772c761
SHA256 3b36938c843e10209891ef88b5677980f1391cc64d1a84ae1f275764666541b8
SHA512 7bcd1b894e88c69329e46fdd807c1ee72d15e1c5ce2c206a3e99f58af7acad29784a6d0667eefefa7985c4a979a379100e8528df49ae805c4be3624b8344ad50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7f37eb932decd9f0acb6422026226307
SHA1 7df8365d349ea4763b3ab42b3eadd8920126e34e
SHA256 4793513aa82417f8e88d0daac8b70b56e3e83be10dec3a2a97bf4741a46b99f0
SHA512 6aedf574dd44358ad8376e0e8afe277139349d35d78284e2cb0ba238778708ca085094e0894aacfe758e12aab7a0edc87535c5ecc181b89ea4548929a3528786

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\58ff2bfb-ec51-4574-94ff-b022e66a6b70\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1f797ad493ae9537894f861e1d86a4d7
SHA1 317e846e85ccb112c9d00f653550f4d06b3790e5
SHA256 5d4550aa959bd1c974a31072ef64749231f6f09ca6b11755798201443a0058a8
SHA512 b4f8b3952081015aa6ff45208d2872e84f8a985edd1e5f54c71d5ffe746403835bf2f0da42721626ad0cf6bf50c0ac309be021e907f85b10dc8bc7c6a5df6999

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a7fbfe0ece0abd374c4164adbcca280a
SHA1 ef20b78c2541bc3b477c9155943d68e9c2fdc137
SHA256 4f5a56d731feba2cd020abee3f0003ae126f06950287d3f4e06227b1759df307
SHA512 aa08a31e372841efe2a1a83ecec7cf4c4f0269328e7acede972d3a8da8592ea0d57c06b815ede956cce69653e7d7d2dae7d0a819beceacab6aa394d0035d9b13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4e55af2be2e0262898e538645035b526
SHA1 4ce424bbc17041625ea4d582084e4f5e4d86a31c
SHA256 1a059a0eed3fc3dc5c72d7c267e5482f6c41ae340ef4317f569cd1aade15fe59
SHA512 ef43ec7a44fe95c54b19bbfe1d3fa520fe9a6bf5eafd79dcb1362fd3677351b5fe67f123ab66d1b6b49405073c7becd4a6a3dd2be9788d26d4b2a33ab3386fe9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 35b073b3f2abe6ece234b3123f42c8a2
SHA1 0a50a45c523283fa8adc9a946dfe9c18a9cf4206
SHA256 64b8692c93ea3bdd87273843db68c7eb2f0b990a1345e6830a59c8f16362fc26
SHA512 691fe0900d67eba8b85d42bf8c907e5fe8ca9f37df6454287f702a28d89ba1236c8adba347ff959ba712baa7caf883a0fe193b2f7c644a0b790bd09ef31cbc86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a541264378d84ffbdfcbd1d9325a2343
SHA1 d7503dfff24f02cdae40a3c25df14ebc751c87ec
SHA256 0b7c62f42272218f9375504fc6489cf39f9e880d1eab60c7c2a07e4a8186f143
SHA512 f14f54eb3cbc844a22b46a02dc32cdddee516360c04240320c1657adc0efed4928efeabdec3eec1ca913473b54f65105f61591e195dad8bf450de579639b2dca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\8c2d223d-6dee-4ed4-a15d-b5eff66a8ae6\index-dir\the-real-index

MD5 73f9b4adbf781b4c8d44de47a2cc7678
SHA1 e89faa7b425b25272d19ccd8c2554f0637266005
SHA256 6b06eb6e8b96626198019b2a284a360f3a911b0407284ea771bff0b3424fde86
SHA512 ed7db7059e6789fffd23f5317a940a410aebd5727d1b5731563d9ba51c215501276aa2cd5e61660492207128154034b5d72307058f22f49538c8ec61c559e408

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\8c2d223d-6dee-4ed4-a15d-b5eff66a8ae6\index-dir\the-real-index~RFe587f6c.TMP

MD5 6e929be592a269902dac6d88c426c439
SHA1 84ba391ac2e765ef04a17f21d6d07866e715a092
SHA256 b5aa8cb1298728570b5f60b4f9b70b6c40b97f3644d93a70dbe14cd8bdbc0924
SHA512 cfae3dd95f79498563e042e950c5bca9ac75af980654ace321c459a60f5878b78d6fb7c2e40124194dfc52d887ce96c202e2a6ab3babbaae7ba77be25939874e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 784e56ae3a72f828fb005c669cbab79c
SHA1 6c457671a4c912610860cb855869408a1b1da1d0
SHA256 bc6462cd26b6d62fb045b2183cfab5034a0f471570dc1933f5a88f0c6599ded2
SHA512 2bfcfe26089711965058082c33c0206c328f37c37e73428e9e7c753d9593a24be4e69d6e41f8c80dc46cc6b9e87b2d5d9252673635e1a05bec040fdd0a4eaed9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 72e9704b377bc65374c11e3f76a80233
SHA1 27e251821361a28aa15984d4508d3f687fe5567f
SHA256 7f98b7e97e54e38be7669e45b580505f0e1ce381773f22dd43a12ba73d34705a
SHA512 86b18cbb60c3eaf9abece68d42c3798753a51346f165e12ac5b9d9df8417e0d84b17f4c750f7e8a6f6a446f6af24953a275377dbd849f9df587301b7264d32ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 7e89b949b892c6ec932e6287ebda275f
SHA1 7b4b368d02c62ad70deeb0fcbd0d8ee4c97415d1
SHA256 64d3b50053ccea5e6ec63764519e87ca9668e020c87a47d256a6c09f41202052
SHA512 33d8ab3fbb7c401ea86184d4e94f74667a0ddf5c4039ef7e75704616716731550959ae83b3389dfb79ad2ddcd772515d8345e925c7b7370b39401e19a940a0b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589c6a.TMP

MD5 9fd872a9a29b264ab3b26d3319814c4f
SHA1 9ff4e2a416afbdd43a11392d39d47b4ae4fc0c8f
SHA256 83213143c08d90e5a8b3e8b2857c9ced670c0f7c4d50db579ed6ee2eadf43869
SHA512 590c6a1f778c44677d22a1ee5d2283824816fea1dbf2f1dcd7fc866e548aa11bde4b567be4fc585805b01d95b901acbbb8ac1dc0031081c6f0016bcb38d64230

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3615e3e0-6eb5-4a23-bec9-a9892623c59d\index-dir\the-real-index~RFe58a851.TMP

MD5 f570d607eda29b187909fe0fffa5aaf7
SHA1 4c85b69957524a05fbc03b84233798fc8a5a83fc
SHA256 12c1ca80e228974fbde103f00ec211c641e1ef8e0f9b31c0c1d265e42b282871
SHA512 5a0c4d3f6665b3be8c9a0d8f168815c39d3056d014266e9112c5275d6599b2542329731b08308c998059dbc6411c92f82fd83d89b62e373b65cafac476bd8adb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3615e3e0-6eb5-4a23-bec9-a9892623c59d\index-dir\the-real-index

MD5 9744af01410793e4bc7b5c1d97bc33ab
SHA1 a1d02da637db233531e1bba6bdc912aca138b12c
SHA256 e29db4b46d65cf47add0a759cf8eb0ecc3d36c7c34bd3096d23351fde182add8
SHA512 cc700901722ead167f0c36cdcd77046a53aa43decd9a833ee5fbc04460c8040740b9f10227cd8dee6e6006d1a9b7461c5479e5160b8543646307a0d7905a0fb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d59290b508266da2645ea531911bbde0
SHA1 d636b714851876d2de1b05ebe34606e3f5cb85d2
SHA256 2ec139f807f64921fd4948db96370e9377dcfac9582a93098e67c7f3c8517eba
SHA512 cfdd23e235c45922938575dfdd418981afdea9270c019530f747a394f686388caec65aaef2ca9721ad4489faac914391c70de41ea61261fd7f7e7e797e2f94c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 03a4b02ded01a8d177b8b35363a78346
SHA1 edbb546631227e6987e68dd9203a615326997284
SHA256 104cabb4ad48c87ee2dcd597d5c79bd36f2cee741a72d12b9b381cc8a64ee7df
SHA512 d023491b694e2c5985eb82a58f3c071dd2bf68c10a9890b743d0440ec214b32d196dee85759ed650dc9ec2a895d1a98f1fe05fee966a260b8624d951cb9dbee7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 787feb1c976d50fd438ecefcd1bb5063
SHA1 298d439979290ba22dfdfedc4b1a00e36ef657af
SHA256 7e46b9765a826e491f9a110ca499cfd478529eaa203a22aa6fc7d6d91324fea9
SHA512 0109692d6bd65a2a2a466c0c3914493970236c63f36a656fc427a456f4d858c7006885c4ef811096a4a954358f14416727850e8d73019e68124d849a2133a29c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 073d058106e36989e21babdf3dbeb7a6
SHA1 3e80c501d4f2204924a26b15354b5c5cb707ecef
SHA256 40e50513aaec2513f6551e4d957ae935f907ae46ca4c0d3f7ea3504ba8e3b319
SHA512 62cd105a8230a80e6cc335f18728cc8fe9cdab11c267bc4a222c6129a8488bb0858bdac93e1342e0f67809b68d2aeca51b430e92f25d88adef9a5a4d23b80bb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\40ec0fc4-e105-480a-bbf8-6d9f7544ddb8\index-dir\the-real-index~RFe58d85a.TMP

MD5 89bdf870ebea6c72f1ac2d625fa60e09
SHA1 c333793bbf777e1b03893179db4f7c9ab51acdc3
SHA256 978f242f0ffa861fb826312795bf409e17da157d9ab26ba25b6b41b70f7818fc
SHA512 e554978570375b2a42f16cae97abd7c62d741281cdf65e4570028585442eca4013bff7230e8ad73f577c4f0f8dedc61de61d9b17b3e290d82023dc946b174cc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\40ec0fc4-e105-480a-bbf8-6d9f7544ddb8\index-dir\the-real-index

MD5 52566e3ca9d2d6f55537475b1c1c00ce
SHA1 2609df6ba2cfad450ce3fb6c7152e2d01b3ac599
SHA256 c5c471a5e35690894615ba14d38d6ed824362512af6541798c776ebb04922aba
SHA512 fc9a17a55218059ac327d17addd8fc4720be95ae9015fde4dc24d9ab6c55f955f7c73665a65aa39505e5f70e20535f8aef96bb0138888c2a5d2acfbe9a383bd0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 12156273f66f42e6f88d476dfbea0089
SHA1 201e0ee239cefcf9691b4452ac48dcabb4dff197
SHA256 59f5fa60e75f84691164c9048b01a04b43536ee8b04a662eb1f586e6c507b2dd
SHA512 8d267918bb1ebb524b2c88d04c8d3ba85498b02fd05e56c38f33d2bb57dcead3c216b9c1be3624cc4838c98a078fa92560de8ebba8fc357e545bbca72c6b26f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cd9953cceaaec787ecc2349008d7038e
SHA1 01ea94e70d8710e55fe3ae05d380a99aefadcd64
SHA256 c7557531a610c8f359a4af2e9c49a9f5fd29a67691b536e40c56f853a2ff9940
SHA512 5357e5193e910f8565729e6c27dcdb21e25f44910e23f966a9afc2acfbca2db03a550d5c240e3e81739f6437f1b04833d41b16151c421b00cde90b3cc49f1038

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fe1a27ccb2db3fc6d29d513d077281a3
SHA1 fbafa8729a848de96ea68c3350b8d7af9efbfc56
SHA256 a1d3ddc6a8c666f6d7f66ae6409e7812d7d9c5e333c8d8e97b828c3817261055
SHA512 c6f7348df95e7024136047a4cd57b03cd3ff32c90d8027a5b1dc0b641d1a84960b0425789ad5bfb427f45b1a47c1c62eada3e7d4a22949f4735e0669fa938c33