Malware Analysis Report

2024-11-13 19:09

Sample ID 231111-zqb69acc52
Target b11f693fd82d813661ae7ea1c14e556ea78b44f0929d86acda6bbbb5605df695
SHA256 b11f693fd82d813661ae7ea1c14e556ea78b44f0929d86acda6bbbb5605df695
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b11f693fd82d813661ae7ea1c14e556ea78b44f0929d86acda6bbbb5605df695

Threat Level: Known bad

The file b11f693fd82d813661ae7ea1c14e556ea78b44f0929d86acda6bbbb5605df695 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

Detect Mystic stealer payload

RedLine payload

RedLine

Mystic

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Detected potential entity reuse from brand paypal.

AutoIT Executable

Suspicious use of SetThreadContext

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 20:54

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 20:54

Reported

2023-11-11 20:57

Platform

win10v2004-20231020-en

Max time kernel

149s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b11f693fd82d813661ae7ea1c14e556ea78b44f0929d86acda6bbbb5605df695.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\b11f693fd82d813661ae7ea1c14e556ea78b44f0929d86acda6bbbb5605df695.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tI1sl87.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iQ2Mf68.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 756 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\b11f693fd82d813661ae7ea1c14e556ea78b44f0929d86acda6bbbb5605df695.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tI1sl87.exe
PID 756 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\b11f693fd82d813661ae7ea1c14e556ea78b44f0929d86acda6bbbb5605df695.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tI1sl87.exe
PID 756 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\b11f693fd82d813661ae7ea1c14e556ea78b44f0929d86acda6bbbb5605df695.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tI1sl87.exe
PID 1048 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tI1sl87.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iQ2Mf68.exe
PID 1048 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tI1sl87.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iQ2Mf68.exe
PID 1048 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tI1sl87.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iQ2Mf68.exe
PID 4228 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iQ2Mf68.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe
PID 4228 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iQ2Mf68.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe
PID 4228 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iQ2Mf68.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe
PID 4080 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3968 wrote to memory of 2152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3968 wrote to memory of 2152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4612 wrote to memory of 2080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4612 wrote to memory of 2080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4448 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4448 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b11f693fd82d813661ae7ea1c14e556ea78b44f0929d86acda6bbbb5605df695.exe

"C:\Users\Admin\AppData\Local\Temp\b11f693fd82d813661ae7ea1c14e556ea78b44f0929d86acda6bbbb5605df695.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tI1sl87.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tI1sl87.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iQ2Mf68.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iQ2Mf68.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdc13846f8,0x7ffdc1384708,0x7ffdc1384718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdc13846f8,0x7ffdc1384708,0x7ffdc1384718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdc13846f8,0x7ffdc1384708,0x7ffdc1384718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdc13846f8,0x7ffdc1384708,0x7ffdc1384718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdc13846f8,0x7ffdc1384708,0x7ffdc1384718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffdc13846f8,0x7ffdc1384708,0x7ffdc1384718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x17c,0x180,0x184,0x158,0x188,0x7ffdc13846f8,0x7ffdc1384708,0x7ffdc1384718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4754348861214007663,5996399442160379388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4754348861214007663,5996399442160379388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7751222733325017969,14484924652058766495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7751222733325017969,14484924652058766495,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,263395963397505002,4419026525349836637,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,263395963397505002,4419026525349836637,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdc13846f8,0x7ffdc1384708,0x7ffdc1384718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdc13846f8,0x7ffdc1384708,0x7ffdc1384718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1540,15695121123745201030,1306109223574523326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,10368810381800330682,6151309497081380610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdc13846f8,0x7ffdc1384708,0x7ffdc1384718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11pN7372.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11pN7372.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12XA407.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12XA407.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6360 -ip 6360

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13oc563.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13oc563.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,7225686233883407641,13026952110607159423,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6212 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.epicgames.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 52.2.199.143:443 www.epicgames.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 104.244.42.193:443 twitter.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 143.199.2.52.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 91.31.251.142.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 83.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 93.184.220.70:443 pbs.twimg.com tcp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 t.co udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 104.244.42.5:443 t.co tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
NL 199.232.148.158:443 video.twimg.com tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.54:443 i.ytimg.com tcp
US 172.67.209.38:80 killredls.pw tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 54.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.171:80 apps.identrust.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 fbsbx.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 c.paypal.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 135.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 8.8.8.8:53 login.steampowered.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
NL 23.222.49.98:443 login.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
NL 23.222.49.98:443 login.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 254.105.26.67.in-addr.arpa udp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.36.10:443 jnn-pa.googleapis.com tcp
NL 142.251.36.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 71.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
RU 5.42.92.51:19057 tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tI1sl87.exe

MD5 8750dd0b49b66f071a731b49fd30d47c
SHA1 d8aaed5f12dadcce24ea08fd61f7a2515b32617d
SHA256 ea328a7b5cd90cd303bf726d5564c7455aaabc48fd649034f27589bab9b33aa7
SHA512 983987f3ed4c64d814feadfa57a745a4d6550ab190c82dab721c4e32515e14c5b68222270988bb6d8e4b9e16bcff2548ff82334dd001e59e9a4757e579bb97ca

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tI1sl87.exe

MD5 8750dd0b49b66f071a731b49fd30d47c
SHA1 d8aaed5f12dadcce24ea08fd61f7a2515b32617d
SHA256 ea328a7b5cd90cd303bf726d5564c7455aaabc48fd649034f27589bab9b33aa7
SHA512 983987f3ed4c64d814feadfa57a745a4d6550ab190c82dab721c4e32515e14c5b68222270988bb6d8e4b9e16bcff2548ff82334dd001e59e9a4757e579bb97ca

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iQ2Mf68.exe

MD5 a472d16fd3cd562e55ad7fc7190cc61c
SHA1 326ed48e9e5fbc2eb3bb34ad4390509cbe1da0f9
SHA256 23b393afbd3acba4f235e44e560a41156f59c6b3aeb579b2e343472c811e0fc3
SHA512 cf68ce3f1ab60a257c0203352294f7ddb7b20ef5aee0b34ce0b453b0678d87b9a5b20a7ea4421616d1c906bce2da5c0611586692ac2fa404ac7d3b8e41924874

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iQ2Mf68.exe

MD5 a472d16fd3cd562e55ad7fc7190cc61c
SHA1 326ed48e9e5fbc2eb3bb34ad4390509cbe1da0f9
SHA256 23b393afbd3acba4f235e44e560a41156f59c6b3aeb579b2e343472c811e0fc3
SHA512 cf68ce3f1ab60a257c0203352294f7ddb7b20ef5aee0b34ce0b453b0678d87b9a5b20a7ea4421616d1c906bce2da5c0611586692ac2fa404ac7d3b8e41924874

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe

MD5 aac14d9cd5ba304dda9fe12df67e92fb
SHA1 7a57bfd18ef3cc218772afae471e14a2e1e2c3ae
SHA256 9d89ab20d8ba9f66250c139301f160d53d385fc1f0d0213ba327e0775ff40f5a
SHA512 a0ca1d6ce747c3269447940d15e4f53fc850102094ed523f2a1b87de1e215724507ce3d903eb0d32fc76e9a54f5f50f86516e65cd7a2cea58061aff96626f019

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\10VS43nP.exe

MD5 aac14d9cd5ba304dda9fe12df67e92fb
SHA1 7a57bfd18ef3cc218772afae471e14a2e1e2c3ae
SHA256 9d89ab20d8ba9f66250c139301f160d53d385fc1f0d0213ba327e0775ff40f5a
SHA512 a0ca1d6ce747c3269447940d15e4f53fc850102094ed523f2a1b87de1e215724507ce3d903eb0d32fc76e9a54f5f50f86516e65cd7a2cea58061aff96626f019

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_2696_MQXMJLKULFUVLBUW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_3968_JKZBKJNPTCYNSMFC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2652_YKHKFYCRRJWKUIUC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_4752_OANFKTBTWYGWGNKR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 afb9922978f11a52e6630f3b510d20af
SHA1 439356d3f556cb84d5b2327ef7865944d71e7cae
SHA256 5988695fb74d57d0d7198e91634210b16a58fe83ac053f9f2194952a649d96ae
SHA512 56f5c31bd59afabb171f2bbc0f4c726c2ae8a36075ab318593f204325af73b37c511f193cb11aae4b0a67e6adc2d8e52c3f9e5abba3b10a779d3a7b601e78bd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 afb9922978f11a52e6630f3b510d20af
SHA1 439356d3f556cb84d5b2327ef7865944d71e7cae
SHA256 5988695fb74d57d0d7198e91634210b16a58fe83ac053f9f2194952a649d96ae
SHA512 56f5c31bd59afabb171f2bbc0f4c726c2ae8a36075ab318593f204325af73b37c511f193cb11aae4b0a67e6adc2d8e52c3f9e5abba3b10a779d3a7b601e78bd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 64242c2f90e9a3e5446e0672f0a0d7fc
SHA1 d0685d6624ed990aca7a4897cf3bdb21cc5fdc58
SHA256 326d0cf7768f1141e99fe8d430e55b13f15ac9e65fa52a4175956d046adeaf15
SHA512 4307d99769826746c46770db277b30add1417c7c1f3712aa953a2f4e04a39946315b8872e945f35be5e863b4c64664508d20f4619425daf56df099b681c86adf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a7f446b10f8d2267a40c9ad38385a95b
SHA1 7d13c799e1bf9489c623585221dc1e7696eb12e5
SHA256 17a7689182cccec27026debbcbf6c3086905985642ec332b597a1a1d92f1ed18
SHA512 51cbc02dfb20efcd18485d0a231fdf5c05507d255f3dced22a14cd328b878abfe50210b94244a423e6efecf66b18627e49fb2ef591dd29c03a348a26c40e1c71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 64242c2f90e9a3e5446e0672f0a0d7fc
SHA1 d0685d6624ed990aca7a4897cf3bdb21cc5fdc58
SHA256 326d0cf7768f1141e99fe8d430e55b13f15ac9e65fa52a4175956d046adeaf15
SHA512 4307d99769826746c46770db277b30add1417c7c1f3712aa953a2f4e04a39946315b8872e945f35be5e863b4c64664508d20f4619425daf56df099b681c86adf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4c2efa3156e20375a06ffcdf2e52b5ca
SHA1 8da44d12e932287db264fd521dd14f8146b56c65
SHA256 b55034e875f887476bade4aae34792219d621bfddc01a17e0008a19d2c1d0f9d
SHA512 6c05c502f2c162c5f4ce238fba00470a10a544eb6a59b29ae5ab54f850cce55cc761e7a1ec1b30500ac8ce157230f4222a6495f39df01ada040479c8c9cd843e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3e271a2761b832aadee1440a0dc1f6b8
SHA1 b88daf94b2b45db5895c6bb3311da15d0e14179d
SHA256 ada9ddefc0123bee8a21b474450ee7a1f95d8b5a284f1466a7f35218cd3407cc
SHA512 509dad08165f37fc2406cc39788280fdf9c0d1530e046606162980fa94a60a33e4882000933cbd5548e3e19b09dfdf61ff5660e1efc693a6900974681e219a59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3e271a2761b832aadee1440a0dc1f6b8
SHA1 b88daf94b2b45db5895c6bb3311da15d0e14179d
SHA256 ada9ddefc0123bee8a21b474450ee7a1f95d8b5a284f1466a7f35218cd3407cc
SHA512 509dad08165f37fc2406cc39788280fdf9c0d1530e046606162980fa94a60a33e4882000933cbd5548e3e19b09dfdf61ff5660e1efc693a6900974681e219a59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4c2efa3156e20375a06ffcdf2e52b5ca
SHA1 8da44d12e932287db264fd521dd14f8146b56c65
SHA256 b55034e875f887476bade4aae34792219d621bfddc01a17e0008a19d2c1d0f9d
SHA512 6c05c502f2c162c5f4ce238fba00470a10a544eb6a59b29ae5ab54f850cce55cc761e7a1ec1b30500ac8ce157230f4222a6495f39df01ada040479c8c9cd843e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11pN7372.exe

MD5 f01c232ea03cd5aa7b9de4a1fd38660f
SHA1 a6069b3a83f8dcf1fe5a2a79eb8bdb5ecf36af0e
SHA256 ac85ca8d2ebc786b040e841b8dfa97546a0e255246797b4cc9fdeccf14ac6dba
SHA512 1b39bc97fa866ded9fb56edc01d85db1f43460961f4c1f494d024304058c7696f71c42075d2bda76f97d896b7f236247549679c2685382962effeec8ad603ec4

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\11pN7372.exe

MD5 f01c232ea03cd5aa7b9de4a1fd38660f
SHA1 a6069b3a83f8dcf1fe5a2a79eb8bdb5ecf36af0e
SHA256 ac85ca8d2ebc786b040e841b8dfa97546a0e255246797b4cc9fdeccf14ac6dba
SHA512 1b39bc97fa866ded9fb56edc01d85db1f43460961f4c1f494d024304058c7696f71c42075d2bda76f97d896b7f236247549679c2685382962effeec8ad603ec4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1654f668bbbac3d36ea2c920dea9f3d6
SHA1 d3398fb02849b50efc1d9c7ffe2679f33c872d13
SHA256 3845918b3ae4426da0a2093b1128e172ef2c1c715db73007cda9821bd8282fb8
SHA512 39ff0510b336d483880cb2c03b4db55d82b9904cad4ce5617773458a84017f0328425696b1d36b4a6109dae07134a984ba96c35719bca98c643f0ff64ffcbf0b

memory/6360-165-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6360-166-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6360-167-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12XA407.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

memory/6360-169-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\12XA407.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

memory/7264-189-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13oc563.exe

MD5 d5a7b1cc1bda31a478f6d32810fa3f30
SHA1 f22d905a851766bcc999d1f98f9dc7521b0525d3
SHA256 7ae4dfa01d615b6b45da8d502f251a38ef9381b5de9435c484f48ee390f5f738
SHA512 011d0a6aa65bbd43b665cf74b6a9b3a43c0e4f802383159c22e5fe30eeb2de516f8b89a3b252c1a79807342dec17a66f2a0a59cf59eb27c95c8b4da53fb5efdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a7f446b10f8d2267a40c9ad38385a95b
SHA1 7d13c799e1bf9489c623585221dc1e7696eb12e5
SHA256 17a7689182cccec27026debbcbf6c3086905985642ec332b597a1a1d92f1ed18
SHA512 51cbc02dfb20efcd18485d0a231fdf5c05507d255f3dced22a14cd328b878abfe50210b94244a423e6efecf66b18627e49fb2ef591dd29c03a348a26c40e1c71

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\13oc563.exe

MD5 d5a7b1cc1bda31a478f6d32810fa3f30
SHA1 f22d905a851766bcc999d1f98f9dc7521b0525d3
SHA256 7ae4dfa01d615b6b45da8d502f251a38ef9381b5de9435c484f48ee390f5f738
SHA512 011d0a6aa65bbd43b665cf74b6a9b3a43c0e4f802383159c22e5fe30eeb2de516f8b89a3b252c1a79807342dec17a66f2a0a59cf59eb27c95c8b4da53fb5efdd

memory/7264-206-0x0000000074670000-0x0000000074E20000-memory.dmp

memory/7492-211-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7492-213-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7492-214-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7264-212-0x0000000007F30000-0x00000000084D4000-memory.dmp

memory/7264-217-0x0000000007980000-0x0000000007A12000-memory.dmp

memory/7492-216-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7264-219-0x0000000007B30000-0x0000000007B3A000-memory.dmp

memory/7264-218-0x0000000007BA0000-0x0000000007BB0000-memory.dmp

memory/7264-228-0x0000000008B00000-0x0000000009118000-memory.dmp

memory/7264-229-0x0000000007CE0000-0x0000000007DEA000-memory.dmp

memory/7264-236-0x0000000007C10000-0x0000000007C22000-memory.dmp

memory/7264-237-0x0000000007C70000-0x0000000007CAC000-memory.dmp

memory/7264-242-0x0000000007DF0000-0x0000000007E3C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 afb9922978f11a52e6630f3b510d20af
SHA1 439356d3f556cb84d5b2327ef7865944d71e7cae
SHA256 5988695fb74d57d0d7198e91634210b16a58fe83ac053f9f2194952a649d96ae
SHA512 56f5c31bd59afabb171f2bbc0f4c726c2ae8a36075ab318593f204325af73b37c511f193cb11aae4b0a67e6adc2d8e52c3f9e5abba3b10a779d3a7b601e78bd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a7f446b10f8d2267a40c9ad38385a95b
SHA1 7d13c799e1bf9489c623585221dc1e7696eb12e5
SHA256 17a7689182cccec27026debbcbf6c3086905985642ec332b597a1a1d92f1ed18
SHA512 51cbc02dfb20efcd18485d0a231fdf5c05507d255f3dced22a14cd328b878abfe50210b94244a423e6efecf66b18627e49fb2ef591dd29c03a348a26c40e1c71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4c2efa3156e20375a06ffcdf2e52b5ca
SHA1 8da44d12e932287db264fd521dd14f8146b56c65
SHA256 b55034e875f887476bade4aae34792219d621bfddc01a17e0008a19d2c1d0f9d
SHA512 6c05c502f2c162c5f4ce238fba00470a10a544eb6a59b29ae5ab54f850cce55cc761e7a1ec1b30500ac8ce157230f4222a6495f39df01ada040479c8c9cd843e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 64242c2f90e9a3e5446e0672f0a0d7fc
SHA1 d0685d6624ed990aca7a4897cf3bdb21cc5fdc58
SHA256 326d0cf7768f1141e99fe8d430e55b13f15ac9e65fa52a4175956d046adeaf15
SHA512 4307d99769826746c46770db277b30add1417c7c1f3712aa953a2f4e04a39946315b8872e945f35be5e863b4c64664508d20f4619425daf56df099b681c86adf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7065eacae64d34b3e40a203a51b9ff6d
SHA1 fa127bfe12b153ff9f7bf92620a293c98f126117
SHA256 f1201111d3a6330f2bec3014e296d3e85a7d1d078db67ef9fe6750218a9b188c
SHA512 9e408da35fcfde227523cc83cba9caff9c61cff8a54e82eabfb8cbfb28f5f75c763519bee145382c838a4413940ac978648beeb45d4d86b349e6ee49823d289c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3e271a2761b832aadee1440a0dc1f6b8
SHA1 b88daf94b2b45db5895c6bb3311da15d0e14179d
SHA256 ada9ddefc0123bee8a21b474450ee7a1f95d8b5a284f1466a7f35218cd3407cc
SHA512 509dad08165f37fc2406cc39788280fdf9c0d1530e046606162980fa94a60a33e4882000933cbd5548e3e19b09dfdf61ff5660e1efc693a6900974681e219a59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3fc96db45d3bd3475a15c2718a488283
SHA1 94718c316dc0afe1cb4d5d0ff4dcbb16d298f9ed
SHA256 574b4342cbc802dd009319d4f75e32d35d202a03ef99bad69c101ea2a6d7610d
SHA512 62b730c3ba617180271cda39d484f41086a9840f8bc5a11798ee2c49e647d4286fbf27652a46bb695dc02abb88bd0d045e670a24ce2f9da3608826aaa010521f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 fd20981c7184673929dfcab50885629b
SHA1 14c2437aad662b119689008273844bac535f946c
SHA256 28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22
SHA512 b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a5c0c0a9e703a79f9a9ed806e1185524
SHA1 b7bad04bd7bc3dae989ce17a06f0a1c8924ab612
SHA256 91302b0470f7827a9d691c8dad1303193a2dc312a7bcf69c50c649d462a1ada3
SHA512 34753d26abf0c1194b0a5b0ef5294c521d7c401a9a7d5d40c98dccca41d87712b084fc61383beb0c7dbc3fe28078c00c9573f8993f35ec9014ebf8c6cd29cec6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f29d.TMP

MD5 df4fae49af2f15e4e7ef6c8ae586e36a
SHA1 2662f854e5aae739fa644b28fc615503b95b1245
SHA256 737e9c9ac93894fbd5228087fa6cb688f9912f4db4f78eefc457237319c7bdbc
SHA512 2bbd0829567b13d4cb9b17864063de332f7df606bb4d8e5a570272adf13b9b283fd604ba28654af8a237b940693c9b10d2564e474f7f26493ce48ff4f648e0ce

memory/7264-668-0x0000000074670000-0x0000000074E20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 9feaa92c7a2516d5dca97ce395902666
SHA1 b833affc1af46fc7c73dd042c29087cf441b737b
SHA256 e133f93eb9e39e162a0161714c5c7c476c1b8fe2f3a4a9c111cc1d905282be7a
SHA512 c3031c0310d55366fa05cf1a3f8eaa78c541b993b24b57603d7b11a77a662b23b9bfebe0ff87f843ad810156371765f9c5b7de5423adb7a3ceb7d55e90e0172a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe580af8.TMP

MD5 ad6298cf0d4be639427f871a5fb1e2a3
SHA1 86a6201205fccd8ae41889c55e184c8288651f0f
SHA256 eab60a7f06d7467d57429c3529d07d4d32af7d9973da33c99b4f7ccc9c8b5602
SHA512 72eca86bb3c1a028eae988b22052cd24e4b213b18b588751ec1a2eb2abf5c0a18fd03cbc0fcf1b83d54adf1d36ae72465a383bf50c3eb1222b35ebc9e4b205c7

memory/7264-765-0x0000000007BA0000-0x0000000007BB0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5bc73615e035f80e9502e6a15cbeef62
SHA1 227fa0cc35024cd0bb168fafe4bb23e8c6115a45
SHA256 c71f13173d266b4e54eaa4def2c66e59e087b3b635a4d5c9186343d52655cad9
SHA512 d6062c8a69375d32a7072a78bd7691655640fb3b6f6622a5ec1ded1735fd2ae713cc4b75fc9cf686b8b28f2a7991d3c1d967dbb42ba0acb9a0d4ad21228bed00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f8f80cd9-ca96-4362-9316-fd46800bb1c7\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1c7c4152ed66bdc4f776b9a0f366002a
SHA1 7e571480b8dae4716231382f08a3638130a71d74
SHA256 755986c0ba222a102ea813425c0a09cb2e47e3a327fa38358b8d5b17856d34d9
SHA512 88e2d3164a50fb4f9d968bded41981a50b68f9037f507c8cb2a6f0c495aa26ef3f2a876a99a81f34029e799047d2eba194e3808ea6676925f8e8fc06d4aea2c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a8b376c6d603bc4e0aa8a4a082cf81c6
SHA1 2bee7607038270336cbcc15a45286b93b1febc11
SHA256 7d2e864d44f7cd62d67ddcab2822f3981750d11b1c5927a348b255380d8ef313
SHA512 661c3a33936ec8a33c923ec36bdb10f84047bb64e3dfb7431d65d5b72aeb6f3a1983488e235cf1d3b99f175f6664535d348a8be1bd065b8059232471b43b4685

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fd0d6a07a065889b62dc81a86ec8bdf1
SHA1 c86d8e7722f45e8fe207a2a97005b7a4a1cd5246
SHA256 08364e89c6b127f1d37354b4fc006a266e046911dae3f04dc2454788a91c9990
SHA512 4c4afef8af14a1a96a55ef275c3dca7442ddc96261bb67c87aabe7901552a37f0ef9ac47b331164feca15f76e218508717444961f98dc911d045a35dfa2fd37e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5dd07f5e7da38aaff1a0eb017d91dd9c
SHA1 59da903c50cde2cb023a65eb394b79eb9c12228f
SHA256 d0114d603ff28d98d2ee32fdf4e2422d304276de8334d105ad1ddb636264280e
SHA512 cb39c4606360fa02cff7de19fd5c0d55ac8e9a9f798f2d2506b6fc7035e601dcae45570d50d046b2403c58a4ce6c6cf0a5ddcb2487438989af48e3fc43ea5583

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 53525674d9e802a53488a57e2bc44b61
SHA1 0f0f00b9e46a417b7d565d78b8b0559fc8a8e5f0
SHA256 9735c522210e768100efc306f9a08add50f1bde5d66bf9784746937a53bfc8b5
SHA512 22dbb58af5d04a0fd8fd1aa938f5bd59e69386907b8cd5527e0280e4d46c5705ea05df529e6d3ca107465aec2fa89373fecbca2885f6c1bdc3f04934bf2c5288

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3f5b679dd513d37918cd5e60395247a1
SHA1 76094c11bea46c339d612304bfed216866fc07c3
SHA256 e7f6d918a5c8fe568109ded566cefedc8a31622f1d3b4bf731c7890aee57d6c9
SHA512 d8bb8bc1e911aded1e91e53b6698af51e8a6703ccd0dd45ab7de2ba8a2fc7bb240cc7af719e405de71ea760770b5891ac3fd558740ba6bf28e85a43be4bdb405

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\0558a95f-f248-43f8-a13a-31f3569aa1d9\index-dir\the-real-index

MD5 b0413b17b90923f130d91da19e1d5b51
SHA1 9dac8ba76879bd416fe518d3ada78268e3fd9f2c
SHA256 4dad57af322e99de22d4173af973d676f2f159cfb9ad27c537ddeed5e5a06b1c
SHA512 5e8d9f0cdd5c1b0e72d0801ca7a85ef2073deca3684177f1052760c25697e3b5c18e7867298a7efc0fbf6fbcb4a9dfc8247bea814385c21126f055ad8b584796

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\0558a95f-f248-43f8-a13a-31f3569aa1d9\index-dir\the-real-index~RFe585b79.TMP

MD5 c8ba9a011fe8c73acc9c66387cf287ef
SHA1 c95d19a035b8a4875717161ad1330cae2ee924ef
SHA256 e05ba633dc6b0edee3a2bcbfd933a6127fe906216f6790ab5af1ea0e50875a2a
SHA512 c0a3db604d28a275b099a385e783a8ed55100d2af3b88c66550c3b93c2ac0bc1c722e9f0e8f0833908842da56438311c7cd26ce8afcf7f14407e07253316287b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1cbae6cf25cf62ba3304bd5bd0ee0f36
SHA1 5e62ed42a2c75ff4f3d53d7dbd32a2a79de601e6
SHA256 f48678379ce77bb6939601b608d43fff4f7ad1abd0c75450268c4c27c63561a2
SHA512 f275cb567347dc61946bd917944a8ff992243f148c61a97e6328daae5462308732c8497a091dac1218faa1c9d7dde34ce984dcd2d38b67f8fb17184bace155e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587db7.TMP

MD5 5600d95145276802629ef612f9c15ac8
SHA1 9ca3c11cce74f3f07e5fd98fc1f54b03c1662d8a
SHA256 8b86e75d501db166da51fc643fda4effba671849e191a60921cd5e49e4572b73
SHA512 f880a93c0a98c6916493eb25806952b5358ec3851541f9d6c64a014fbd8d403616633d26f0a2416e06bdb0cb72b1f8a1f5add7e8e6b87a8740dcc56c4c724d04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 4297fff9b6c2a2a8a39a9c14af54f27e
SHA1 1af3466897be9c6e2caee877b83c9db71b4e107c
SHA256 7435f03ce17850cc9440d9bf534fd8cd27558b409293ce8add9b6d296c39e311
SHA512 23e86062283a2f852f217b7a78a6909f98456692b4d2ec2beb455412e2347e7c3cae540d6c2fe32bdcc45ff9089122c560f6c917438bde85dec6bf05af448cb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6fda9c972b777944b13ae5ef89bb6785
SHA1 e394ff4f25b04fa6825de572a7adb34169186634
SHA256 ff44c4d32b07f87b1921956633675aaa8f62f9a80b8cc5730db618ed290d692b
SHA512 e164e98d031955e942833fcf6eccb934f28f323867acbc660ed24b786c66efce0a98a54f3f374e15ebd03b27b7e03a1bdc65e8fe42b2f1a4ae8e674a7f74a958

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8d15e2090e64360e83ec771b9f2f1ac2
SHA1 690ac1d787173928c0df1a35b7a22b873f338264
SHA256 d9a29dec51b32ff45665db3970648b0a5f6975286ce2a97b7b305b3ee50a7e8f
SHA512 59849c369d9858c96e5cbe772345b68cce93d992e6a133a975c3ddfce3fdf73401e46e28f04d134f5ea64a4e20ab413362f25191a00a271fdfe7ef946aa4eec7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b07f8538-c071-4420-b1a4-60a8ba63454c\index-dir\the-real-index~RFe589e10.TMP

MD5 c20c3c4921be7722a66e811a77dd7570
SHA1 3fe0950149aa65bb68288283aeac86c3e656d5c8
SHA256 137c0f0ffbe8b205be15eaf774d96fd91f89076d09e7551e3fe11bcb85f9608a
SHA512 3e31b593dd9d0f70b9982d20cec5c2fcacd921744f5cad6cb0db19b2e5b722c7b4be5f52178fdfe13c59cb0a52453ace81813459ea25c4a6bc5b4ab3d864c0d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b07f8538-c071-4420-b1a4-60a8ba63454c\index-dir\the-real-index

MD5 022416a8a6785da5c3b66bb0c56a47c8
SHA1 fb6f76b2428b496249973b2eab6e76cf42e60c6e
SHA256 9e3bd643754e6e12144cf1729c4322c2b7e29fae0f268e517cf6b983839c20ba
SHA512 b730219b27c3e9962a5e081a6391c3f9ea926f8c1ea5467f0a7bc899c83d68a5b5ca1ae711599d630948ed97f6839be1706d8ef49c88f784bdee072e9b294270

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e8f7eb98f114dd5650b44ac8b42675bd
SHA1 17ae52fbe0bc742325dc3d5f1cbd4616e93618dd
SHA256 180abb680be615dd8008124a30afed282d0307233e5fcd7896273c88ab0824d4
SHA512 d996713195c06ab337ebada4a8b0e1b7edecf57bf5dd55b3e9d03c3b3acb35951007d999f952f4860862d07fd9a6b54c9ce6c6e6e7fb1a117ffd89287d54355a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 db8e550cc87d3a3139fee2cf13646ef8
SHA1 ad49787ba6680b0da15c478f61fb0f7030ed5ca1
SHA256 42e4089e664bd2dee767f28b53c289aa76ea04639906d8351a76b98ac24ae94d
SHA512 a49f99797e3a08f2f42d169a439cdd02f4b6581262adad9784bcabbbb00b1d0480beec646c3c18e6b82ad86b4c925871dae395c41dc727b134a993c739fee2ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 73677883af7198c55598e05210f065ba
SHA1 c88c3c5a9eb410eb9a24e63b6786b74453df12c8
SHA256 bfe81956ba470984f227111dd147e53518a8a2c94f65c4962415b2720e4dc7cc
SHA512 6595f5e1ba7448bce5692413776b9174f663c06a43643d32fccba1c8dd00415b1cd258d631ebeea685567d517c7afd7257003ff40522965d241611d72058e595

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3d949832039e29c28ebdcd4e5e90dd42
SHA1 c5250ef956215e784d7864114bd043baf7440537
SHA256 60ec806e213f8b51a6cdd792b20a9c5f8511434ec1e010418ba2d27aa214fc07
SHA512 59049d78ec9c9bd948e2701ee948307da81cec8b546e35bfebc501827cd826db86075ea1f9904f05b94c567377a816c43d6ccee9b0c429aa9159ad1a90a2546e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6b0dccfc5a11535303dfe19b39d18189
SHA1 f45b0d6d762fb1cd004f37639790b87a6d3f0720
SHA256 e7985df95a5c38b9f4381887d391ddb42bdf0d7550170cf6508b0a7e5a2d0661
SHA512 9967319cb6ad579f143120aff794937d13d0e58e29b28820eee5f6bf230276654362e7f7ecc2e07b3ef3557105eb280004b21e3f944529d3cc07485b4d84e301

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ca6c706002d8ba8d4b63ec7f359bb15c
SHA1 593d066c71e93f35ff5a288be9b9ca1ed56c766a
SHA256 cef1b3042fbd44eb245de99e2be100049911564f745150c1dc43686267451b36
SHA512 dc7ec56bf64affb171b9f845aa62bdbd91f27fedeff423c6e0dd285bf10cfac5921d58b1ff1546fd40a34d8f60a23391a8a3e0ac127acf8d9a9a2a52b30e96d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e34e20e7f26f4ede09a06e45f54b5c56
SHA1 cd9e017aa498930e6f3ac786aaaa542f4f29f121
SHA256 13b1db14fadca164d87480f42955b269755a54b70765b4517287536d604d29b4
SHA512 4be77cd9db258d0e8615930a55f1d5f20f1d2f90bf27ab0f12363d998f510fc554f839d4cbb9f4723b830ee98c86dcd990bc7d7df3ee239237e345c326e1f217

memory/3788-2876-0x000002075D660000-0x000002075D670000-memory.dmp

memory/3788-2892-0x000002075D760000-0x000002075D770000-memory.dmp

memory/3788-2908-0x0000020765D50000-0x0000020765D51000-memory.dmp

memory/3788-2909-0x0000020765D80000-0x0000020765D81000-memory.dmp

memory/3788-2910-0x0000020765D80000-0x0000020765D81000-memory.dmp

memory/3788-2911-0x0000020765D80000-0x0000020765D81000-memory.dmp

memory/3788-2912-0x0000020765D80000-0x0000020765D81000-memory.dmp

memory/3788-2913-0x0000020765D80000-0x0000020765D81000-memory.dmp

memory/3788-2914-0x0000020765D80000-0x0000020765D81000-memory.dmp

memory/3788-2915-0x0000020765D80000-0x0000020765D81000-memory.dmp

memory/3788-2916-0x0000020765D80000-0x0000020765D81000-memory.dmp

memory/3788-2917-0x0000020765D80000-0x0000020765D81000-memory.dmp

memory/3788-2918-0x0000020765D80000-0x0000020765D81000-memory.dmp

memory/3788-2919-0x00000207659A0000-0x00000207659A1000-memory.dmp

memory/3788-2920-0x0000020765990000-0x0000020765991000-memory.dmp

memory/3788-2922-0x00000207659A0000-0x00000207659A1000-memory.dmp

memory/3788-2925-0x0000020765990000-0x0000020765991000-memory.dmp

memory/3788-2928-0x00000207658D0000-0x00000207658D1000-memory.dmp

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

MD5 2dc4807e0f45c28290600e45904b825f
SHA1 9ad9df7f577786a59d31c585b14e4131f3c2fcac
SHA256 1ac05613b97dd164a0bf2adbf482f233ee9a05941462448478040b95b7c0e574
SHA512 10b9213bbf884197d7bb80b0871ae758bfc58a35d96dfa8b4a5b45a0b2b10e7a66e133a70e7daf61c979e6a2bca30a45f5fb696f76ba6d8414682096a93e27ec

memory/3788-2940-0x0000020765AD0000-0x0000020765AD1000-memory.dmp

memory/3788-2942-0x0000020765AE0000-0x0000020765AE1000-memory.dmp

memory/3788-2943-0x0000020765AE0000-0x0000020765AE1000-memory.dmp

memory/3788-2944-0x0000020765BF0000-0x0000020765BF1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\908b6ace-8e0b-429d-b4a0-26ebcca300c2\index-dir\the-real-index~RFe594f6e.TMP

MD5 7dba8a466dddc71f994b38856ae7d9d0
SHA1 9c1b7c2c8bc69b5da3b3e6d316adc609e39e218d
SHA256 0377c10203e622d9187b31664de3233864c68c77257bbb4261ce671cd759c2bb
SHA512 f66f66e6d9983e94d160acfc841e0009e4455143486fdc1fc0ff09ea1037d327f1a116b011ad014c5b2875ccb82608b822082886d11a59421f3baf449e38b695

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\908b6ace-8e0b-429d-b4a0-26ebcca300c2\index-dir\the-real-index

MD5 39b76e494c5af9befe19ecb8da8f4822
SHA1 426784db4655a166a70a4f340a3af92cb3f5514b
SHA256 19c194f5caadd37d3a421eb544837b9097d1252c5e5d59b250e00dbe39319c21
SHA512 4a6a1cda4f453839ab3fa0f267c3450ef707ebe6e16b94e34ff2b5cd51f5ce30f5767ba6d13c91d8adca40de08e7aa23689556340e8172fa0e332e210a367ecf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 fad91019c4ac1af5b637ee1c293b1ac9
SHA1 1462153b4bfdbde619c695fe40ccbae8675db961
SHA256 a56199fa4eb32c566472d640fa77157628f15e9ecea5ac8bb9f260ac4eb1deef
SHA512 093c6ce5ea80e9f3ab47c3c104346d09385b167582aa9a11d22a456a86dc5922e40dd3d3e71e1881f3ab887d04201b73bf0b94e689b193b3827c765f58db26c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e69e3ffe23f9d67a87cf6114e1fa74ce
SHA1 d60777a6d7e7039bd16d9129680386168c236a66
SHA256 cfd41f2d8fc3914e12a357a650318c4908445fcf44d3f7d5e3039dabe4ce47c3
SHA512 efe4d5e13e85d5727fa9e1266a01c689e409f2b7d30dd99b0114a633b21bfa3a4eed356934cb683db8de527f4d29b72be706c9134674a7a69cf1b9fcd36cf3f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 66e12d84bd30856b5ca3ddc2bda698a2
SHA1 40d310ed61fdb73123f1e3fb8169114f0eded95d
SHA256 d056c6a95b0e584e1239f6a8bae12cd9a7b1cd607c35d881aa2c1122888a7f33
SHA512 8b688e7b3aac88d3d79789a7d73d0fe1002b1cff0818f9e5b711aab3a7a23729bbaa1d407c421acccbeecd55cb452ea0cf5e36f816e8854a5babbb3230071e52