Malware Analysis Report

2025-01-02 03:50

Sample ID 231213-en69dsfhep
Target 8607f0798a6daae3bcc2286e314e93570e0252d06d3c699939a0d58e8763115e
SHA256 8607f0798a6daae3bcc2286e314e93570e0252d06d3c699939a0d58e8763115e
Tags
lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8607f0798a6daae3bcc2286e314e93570e0252d06d3c699939a0d58e8763115e

Threat Level: Known bad

The file 8607f0798a6daae3bcc2286e314e93570e0252d06d3c699939a0d58e8763115e was found to be: Known bad.

Malicious Activity Summary

lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer

Lumma Stealer

RisePro

Detect Lumma Stealer payload V4

PrivateLoader

Reads user/profile data of local email clients

Executes dropped EXE

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Looks up external IP address via web service

Checks installed software on the system

Accesses Microsoft Outlook profiles

AutoIT Executable

Drops file in System32 directory

Detected potential entity reuse from brand paypal.

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

outlook_win_path

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

outlook_office_path

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-13 04:06

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-13 04:06

Reported

2023-12-13 04:08

Platform

win10v2004-20231127-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8607f0798a6daae3bcc2286e314e93570e0252d06d3c699939a0d58e8763115e.exe"

Signatures

Detect Lumma Stealer payload V4

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

PrivateLoader

loader privateloader

RisePro

stealer risepro

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\OH5qi75.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\8607f0798a6daae3bcc2286e314e93570e0252d06d3c699939a0d58e8763115e.exe N/A

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe N/A
File opened for modification C:\Windows\SysWOW64\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2232 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\8607f0798a6daae3bcc2286e314e93570e0252d06d3c699939a0d58e8763115e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\OH5qi75.exe
PID 2232 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\8607f0798a6daae3bcc2286e314e93570e0252d06d3c699939a0d58e8763115e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\OH5qi75.exe
PID 2232 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\8607f0798a6daae3bcc2286e314e93570e0252d06d3c699939a0d58e8763115e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\OH5qi75.exe
PID 2444 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\OH5qi75.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe
PID 2444 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\OH5qi75.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe
PID 2444 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\OH5qi75.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe
PID 2580 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4652 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2052 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5116 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5116 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3792 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3792 wrote to memory of 4508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 448 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 448 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2580 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8607f0798a6daae3bcc2286e314e93570e0252d06d3c699939a0d58e8763115e.exe

"C:\Users\Admin\AppData\Local\Temp\8607f0798a6daae3bcc2286e314e93570e0252d06d3c699939a0d58e8763115e.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\OH5qi75.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\OH5qi75.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb361946f8,0x7ffb36194708,0x7ffb36194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb361946f8,0x7ffb36194708,0x7ffb36194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb361946f8,0x7ffb36194708,0x7ffb36194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb361946f8,0x7ffb36194708,0x7ffb36194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb361946f8,0x7ffb36194708,0x7ffb36194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb361946f8,0x7ffb36194708,0x7ffb36194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb361946f8,0x7ffb36194708,0x7ffb36194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb361946f8,0x7ffb36194708,0x7ffb36194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffb361946f8,0x7ffb36194708,0x7ffb36194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,14502706394735370851,459017130838057547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,14502706394735370851,459017130838057547,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,10644973128755865783,4711778699125297981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,10644973128755865783,4711778699125297981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12088917132825885921,211177346762013911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,14489851655244627878,11798574315158002581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10238174135977807081,16016796168531997994,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10238174135977807081,16016796168531997994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb361946f8,0x7ffb36194708,0x7ffb36194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14489851655244627878,11798574315158002581,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11654473986859439772,5060931150542341362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11654473986859439772,5060931150542341362,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,12088917132825885921,211177346762013911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12076114551345577519,12135968877519559466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4196 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4196 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6428 -ip 6428

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 1792

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Tf9Kl55.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Tf9Kl55.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 8132 -ip 8132

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 1008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,18175813454783439378,14662215947363409524,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3212 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 104.244.42.65:443 twitter.com tcp
IE 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 store.steampowered.com udp
BE 64.233.166.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 92.123.241.50:443 store.steampowered.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 44.207.70.167:443 www.epicgames.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 104.103.202.103:443 steamcommunity.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 50.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 103.202.103.104.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
BE 64.233.166.84:443 accounts.google.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 193.233.132.51:50500 tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 167.70.207.44.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 71.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 51.132.233.193.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
GB 142.250.178.14:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 152.199.21.141:443 abs.twimg.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 api.x.com udp
US 152.199.21.141:443 abs.twimg.com tcp
GB 199.232.56.159:443 pbs.twimg.com tcp
US 172.64.150.242:443 api.x.com tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 192.229.220.133:443 video.twimg.com tcp
US 104.244.42.133:443 t.co tcp
US 8.8.8.8:53 220.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 159.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 242.150.64.172.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
GB 142.250.200.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
GB 142.250.200.3:443 www.recaptcha.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 52.203.30.102:443 tracking.epicgames.com tcp
US 3.162.20.52:443 static-assets-prod.unrealengine.com tcp
US 3.162.20.52:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 52.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 102.30.203.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 www.google.com udp
FR 216.58.204.68:443 www.google.com tcp
US 8.8.8.8:53 200.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 18.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 soupinterestoe.fun udp
US 172.67.221.65:80 soupinterestoe.fun tcp
US 8.8.8.8:53 65.221.67.172.in-addr.arpa udp
US 8.8.8.8:53 dayfarrichjwclik.fun udp
US 104.21.80.57:80 dayfarrichjwclik.fun tcp
US 8.8.8.8:53 neighborhoodfeelsa.fun udp
US 172.67.143.130:80 neighborhoodfeelsa.fun tcp
US 8.8.8.8:53 diagramfiremonkeyowwa.fun udp
US 172.67.183.217:80 diagramfiremonkeyowwa.fun tcp
US 8.8.8.8:53 ratefacilityframw.fun udp
US 104.21.74.182:80 ratefacilityframw.fun tcp
US 8.8.8.8:53 reviveincapablewew.pw udp
US 8.8.8.8:53 cakecoldsplurgrewe.pw udp
US 8.8.8.8:53 opposesicknessopw.pw udp
US 8.8.8.8:53 politefrightenpowoa.pw udp
US 8.8.8.8:53 57.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 130.143.67.172.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 217.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 182.74.21.104.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
FR 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
GB 104.103.202.103:443 login.steampowered.com tcp
US 3.162.20.52:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.103.202.103:443 api.steampowered.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 fbcdn.net udp
IE 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 104.244.42.66:443 api.twitter.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 rr2---sn-ntqe6n76.googlevideo.com udp
AU 173.194.28.7:443 rr2---sn-ntqe6n76.googlevideo.com tcp
AU 173.194.28.7:443 rr2---sn-ntqe6n76.googlevideo.com tcp
US 8.8.8.8:53 api.hcaptcha.com udp
AU 173.194.28.7:443 rr2---sn-ntqe6n76.googlevideo.com tcp
US 8.8.8.8:53 7.28.194.173.in-addr.arpa udp
AU 173.194.28.7:443 rr2---sn-ntqe6n76.googlevideo.com tcp
AU 173.194.28.7:443 rr2---sn-ntqe6n76.googlevideo.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
AU 173.194.28.7:443 rr2---sn-ntqe6n76.googlevideo.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 211.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com udp
US 8.8.8.8:53 84.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.178.14:443 youtube.com tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
GB 142.250.178.14:443 youtube.com udp
US 8.8.8.8:53 www.google.com udp
FR 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\OH5qi75.exe

MD5 e383f617905ef6b1869e13862e96f9ef
SHA1 d4904939dba61f7d0ea048dd3843adb5b06b0305
SHA256 10dca26e2ee1368e1d86485d38103f6f7a30d052b609b64e7d3ca8752feeb084
SHA512 f1a594e2ca43faff228e883f34b65f3c70ff3731274c091ded3d3f016e0fbe19cbaaa67bbd4f1bfb5dff10ecba52bf04aac4bb3f13dd008cc5c5e96ad1fe3ff3

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ox88Lc4.exe

MD5 90ce411ea578eb83eb4b13a8f4af78ee
SHA1 dcf3497f82832ab2bd0f3c7555fe1bb91612aa23
SHA256 aaa17e1ceba83a8402aa06eef18b48322c09fad510254895cc331fa2bf61f015
SHA512 2b8be70e49d5afb83111a9568b689a80575130722c5d37e8cb24aeb40278e4eace8a155bfbbc7283bf894ffe86a264eaeabfe9284c9e52d4ae7a22896be651a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 38c73375cadbfed84fc3b8973f3bb346
SHA1 0bc038a4cb1075be034fa7a7e3221b228cea9df1
SHA256 dbb92682ded8ca0718490b2cae6caf28ce3c4799bee40c4df40f06a7fa02b158
SHA512 236713a89124755326876489f3c2163d74e9270f3a5b69a7303450ddc929ae35eae22754967968e3cd45c7436c57e8d4ba9ea10124333cf24725e122f361752d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a556bb6f129e6bd2dcfb5e29b7483f3c
SHA1 54f04d95d772d4837334739544f6871c10f24110
SHA256 c88e30f34c1dd579de34700a10a25c92e55f09b47be34ef7742a01aea47f222c
SHA512 405908519a2b51c42c380ebb160557fb551bbec0c015c7a6fa61acc01eaa32a6ae20895aeaa1879a4aea3b0cc6ec1754d30610a3e343105a0ea4350156a6fb2d

\??\pipe\LOCAL\crashpad_2412_OFJBKFXWHZFRTBQP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d73ac068deac5e18c1f043b637f7e71c
SHA1 57b343f60e6a8682d75d6ba3b2737a006e52148e
SHA256 9d39151f36a91806ef7c553de6a80c867114a7546f3a6008092eaf397dc4796e
SHA512 89d6f16269c071187355c39db26aa20844d3b5b49600752ddd7e7477b8a2ed17ca308a37e2bae527cd7cbb0f72b881dd9689f4985561b482cd82202d22288235

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5cbadb31d184000d10fe028aca8e3045
SHA1 83e1756ae3c16c741388216b409d6420e0339904
SHA256 fc876dc9bbc03a932699777d2b255d21bb4db3d85e62e800c46731cdfd39af6c
SHA512 6b0f0ad62580e68d21f44a619cc609cde19abd2dbe94e43a6f775d89b9191f9dff69f98eed7c66f1f917a7f4f9ecaba0dfded2e382461fd8a3ed5c2072dd0f6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8d312509-06f0-4892-b0ec-7696e8990703.tmp

MD5 dc272cc924e9c22a1e6d59bbcd08c839
SHA1 2a15fd59787bdeff987655577945c576f00f84c7
SHA256 c9f19f83059ca26efce26840df4afc3efe7d51c146c3867b35db5c404a9d34ac
SHA512 23d6a10392eeed7e3f5f16470b66679adb7e23d4b7a2e74d705d65e2aed3cdc8fc2e6e55c3349e69e6e32b910abf3607f826729dcf335b7356b65ca5df505540

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3e1b25181e67cc47e3bb248c3213111d
SHA1 ff0a9caa7187a518781f9eb47ac68fdba6486a1b
SHA256 55c941d7c6353c97a9617761dc760c50c5103072cf85798d72cc420daabbe63a
SHA512 52b1d0496638ce08b991b02d3168e1cddc33cfab47cd7ecdfb7ccc5d53bcd2b53729e3e88931d1933163f56354a4a9a772aefa3d42f8114fad0ecd08b4b283ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fd75a0832598c624ddb92985d3bcff98
SHA1 8f492aff5bc0a21020b03dbf43e2b929639f4d10
SHA256 9224132332b84c8b9e757def3b508c0c517e966f791c26d78dc67fb8a16586da
SHA512 227903d8464ee2e6ed92b56fc32f916ddaec21e309831015db1500e4af96f1c0204df36edf5a95550685769080d234033e42b6ab3e13e9cfeab7ed803f1f85ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17307a462bcd972f9d9bc0c4dd50e9c4
SHA1 9f18104a28f10c4b50b02d9b740491ccfd3006ad
SHA256 fbbe1ec1c5a2e339dd5dbdd3222e95472139fa5907a0733944ba640e39b6d850
SHA512 d222966f846806fb68f09545677e3dada31c62bb5d361991f9d8a60b9d0535eef58e283dbefd68c9eaa818a449cc0c94255effc8917e4f85768d612f1e32949a

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe

MD5 f8e7488fd4ced59d6eb387447bc37430
SHA1 560ed0a592273875ae66a93efd611f76a9da7ee7
SHA256 30d11b5bd1ed2f376bb2c6dd47299a54702bf9cfdfc0d32e5f50c1adf83ae347
SHA512 0e7445eb71a24e10c13a706189cc972d9d590bbd456f27b4008243161868fc6b0e86fd8fadf42f61502aa913f39e2a3fedb7de236b80a2bff05378b7ade6cdb2

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ST9445.exe

MD5 c2d1b584837b5aa9369757b662525890
SHA1 a100ca7337bb1ba601c16c44a4c871c931bff11c
SHA256 9ef48091ef5ff953b12c8b7dfc516d880cb939a0f0292d33788611a699994010
SHA512 02d9b862e9fd6967c5a5a013239d165ecc9b56bbcf90f1232edc58986e528c170ab20c7cefb9a08ebe79f09c63c2c27593c395efd1d2e26073677b135443b88a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c3fcdf6295468c483b99adc6f69aa600
SHA1 4e8c4fde146fef847df84fba9b1e4991f2c8ef18
SHA256 c6a0beadd98e8d309d60c312337a9ecd9597792dbbb8334542786575c1ca7c3a
SHA512 d1a56e783b2e5e4321f9ec956035f2cd5534650d1784b8c101cbfb54628d79440aff437873face32aeca83b668018e468eac21dde32b1317dc7f93131079accc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ed53e4e9f8edb446106f67cf5b115af0
SHA1 41df02e96af730b33ac510edc9a48a6897d0f821
SHA256 09e0843ffb2fceb469cb6d47250aa8f167ecfa93d974192298e1142e9d2c9301
SHA512 2589a73f1142473e662eafa22e18aca3bd6714dc590f5a139d80fcad5a0118445ca746c767ccd2184c7858b1e98a8262ce2d924ec0542374181771593bbcf376

C:\Users\Admin\AppData\Local\Temp\posterBoxu8n5yk5G9M746\QdX9ITDLyCRBWeb Data

MD5 f95c760025244cab62eaa0107d13cda0
SHA1 cb6c7db612bb41ed7c393b93c83a8509ae70ddbc
SHA256 5ba2aa1a173c7e7ebcc7f4b1f65469db5a9ce1121c29057344019016cd5fc636
SHA512 ea4b89f4d1c8ea76e253a8ac8fd0f7cd1956ef68f75b63c0cd6c451e96b95aa14e0dab29f9dc38c3da4940e36f81865b6911fd0ac2bbbc7bc798827ca031a7dd

C:\Users\Admin\AppData\Local\Temp\posterBoxu8n5yk5G9M746\ZunTSaNJLBVfWeb Data

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Temp\grandUIAu8n5yk5G9M746\information.txt

MD5 7752ec6698e720102b1873002e7db063
SHA1 5c69f2cdeced5d1f5f3b52e0aefb5d0794d6c13b
SHA256 b1aa95ce8b778467fb8a41a56beb9a9a3f8478f4cbbd8714e0e57062a315ead4
SHA512 9124c2196e6c65ef73d72f88fc1a7d5288524d4b706f7554ba417e0b01913051ccf838ea0386fefd99afef9f907a0c65d357851e1161f79e90fed3614bc9644e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ca87c2c754c27baf45160098348c5a67
SHA1 6e557236e39ff79ad63e146b15144d338422b91f
SHA256 5bc60cd286a75409fddefb11828e92c8cb0cbbf639a8117177e9e12888d6f6be
SHA512 af38169e34afbb90b1129db7e8a24de095a1e15f41dbf88f3e52e5ad657b00741473ce85eb4edde603a694fe6d64f7e4b201253d4b3a3c0ea452053e57b1f1ba

memory/8132-481-0x0000000000B30000-0x0000000000C30000-memory.dmp

memory/8132-482-0x00000000024F0000-0x000000000256C000-memory.dmp

memory/8132-489-0x0000000000400000-0x0000000000892000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 464121a647701977abe9fc7884f3d940
SHA1 7db67e3c15563f70c882b87af9bd3dd4810a5ca3
SHA256 2c00b3e16f8f1d7184e09811e4a023060fb4577b6dbdf68f3f0561a4d8d8cbc7
SHA512 49ba9241920343ed60c719e762ae826620788b1ff06b95ec932c9c63bc37813b0aaa18d07236711cc2be25ec862bd20147fe671b03879d3dc6d0d14254ef372d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 aa3db81e5ed16930c40f0a83dd947008
SHA1 594657b7812f4eb6b515b885f6004c366f38d1cf
SHA256 becaf8dcc2fd6c3fade9787edc3848cc901fd0690a4b9e1dd29ca24e1449bd71
SHA512 faef7417672e0919285c95e480226b82d7272a5057ed8342557bd995631d5332f497b82ffd1f5577d37e8972ef4b30c6441974b2197df1dc19bb1a4cf907e4c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/8132-529-0x0000000000400000-0x0000000000892000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 b3ba9decc3bb52ed5cca8158e05928a9
SHA1 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0
SHA256 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4
SHA512 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 d55250dc737ef207ba326220fff903d1
SHA1 cbdc4af13a2ca8219d5c0b13d2c091a4234347c6
SHA256 d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd
SHA512 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 909324d9c20060e3e73a7b5ff1f19dd8
SHA1 feea7790740db1e87419c8f5920859ea0234b76b
SHA256 dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278
SHA512 b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 03580b87b2783fc415ee7d92146bc9e8
SHA1 51d57f070a7f3e623ed7925041da8f6c97d3bfc2
SHA256 89b8761dac625edbb32d01d90a152bd475b7372132580e9b02402b8aef3989ab
SHA512 ba38ceebf5d18fed94fe7000adbe504c96ca5ea06bd504c5e8b6daa74d05e114ed80479f5b40feb1cbe74536bf73460562a38a2d2146f2e5afeecd3901945f97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f155.TMP

MD5 6007eb0d6fd326458def6fddb3efea61
SHA1 7e07dc38d276a804502455655f181407f397c05f
SHA256 12458da30cea9dc451666ac537bfc02f9ff027eb437d07eaefb44e90c337ef00
SHA512 6355098259accbaa42fad1563759dd40245647ba14643543260ba64b0f538ca68a65466a276d60f123abf9b23f8a74b3f19ad64b5ec824b326f3137b78bb64aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0dd3bc148e5af5ba33573fb8c6711bf5
SHA1 d989ae778bf70b8f65b1bab36ddd2ce3a1cf0104
SHA256 1330b7ebf25aa4be13ee8e125dae9ab361a145a195331b82eaaf5892e3ca8e6b
SHA512 1637f78cdc9cbe4063ca9fecbf4e244f16abb2e027a2840f6f82f4edaaefb9e798e1d9f57124ae0e1250768c4253c228aeeb299924e7c12862c12b5787054753

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 f11dd5143f828da627721eb1046655ca
SHA1 d613b22c5deba19d8495663d03274b37ddfc929f
SHA256 09884c4af2b8566c21def5020544fa93f26afeb6c939916b4abf70992b2b6e90
SHA512 540e7dc7d00b1438e5484eb900f5ab2b2162cae2bc3f314dfd7025d611d736793f5b6d377262a4b0a02bf91ebf7552151cd59c87d3e99b6e74a9f6298bb5d69d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9c7bfae699d5dc061957612779eb584e
SHA1 35b9c57a8eef08a9ca946944c4a14a472ce885ee
SHA256 2e133d05f6362489b1ab84a0c6e81e29f6264ceb9ac6765e63c0de2738088ef0
SHA512 c4220930058333fa89eb852f0ef2a73253d6ba8b909abcaa02cb9843a03f1faa14d4ca29ac61ef21b0b53b3740be611b1bff8ba13fe70b5bf32d3c574b32e0de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 807926b9cbfa2cfeed723e3cd8949413
SHA1 971490e866e9724f8206a1b722951f8d11d9bdb3
SHA256 9b7c3e6bdf96c3acd705b2b486086ef622466fc63762aae99505c0ae6ff6fa7b
SHA512 fac80a0c2c8fbb90ff24db8aff8bcacbd56e1e602642552924c4dd8de30ee142eae4ccef6e86d0cc91b7fbf10d6c5e18061a6b129fa34944eb7a865f4d31aba9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 efecbbf77d07ed75e4c903e38ce057d3
SHA1 88572929636c11b836b36295313fe294ee601335
SHA256 63fc97f12e79117ca8f66d7a59b19a8a234696d08220fb908d1b59254db6819e
SHA512 378c57d3c90c1432f47b1fa12f524ad08cea15423a420b820467572f1cb0ad08bb3db890d70545d095f950100da049abd5054f7c8d188ff29efa3b3d1c5b96ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6fc99dded26ffec944f4a5b04f612dbd
SHA1 5d174f320e90e135073a2aa0ce6420554154027e
SHA256 49f5884f2324f6d68517b91497e0ed1e96d0353ef658850c5a4135c08a61234f
SHA512 c98a38e56f53d5871c7c8acb61ef1748b3087387fc7822bd2652e8ceef81548525cc0fd472d45e795fea69910425b4a55055b2b13df5daa15bec3cfdc06b36fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\27f274cb-80e1-4921-a679-e75d6af9136a.tmp

MD5 8b0d4a0a753212a4dc3b26a8d7f88649
SHA1 6664715b099e55121c2f622df7beb9ed04535870
SHA256 2a1d023fe50f6c17d1f62d235593755968f38c4c7f9217627ddf97e396726ec0
SHA512 e64053b536acdac5932eeaf406fdb3ad009604119abba3c413b295a688e4ed43ab08b86651f07b192ac76a05e7a0f30938a257a613ec28235b7347063820e4c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a79985a672d48cbe324ee89f5e412e13
SHA1 d8b9dd42bcfbf86eaf497c24fde8bbc84b644b2f
SHA256 8f730d911f4727b50aa7b5dc0545b0cb7bec68f580879ef517157ac536e940b3
SHA512 ca8ca3b64d8671fd31a9e8f04540dfe4e6880edb0e9b8a7e604f0df1b4769bf9def2fd8ff4a239538af70ed49c9b7efb4e1f80a5d78d9f790249db3b611cd58f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 c6647f5a94a982f3a01684b195f3ab7f
SHA1 12fc8a4a780c164250529420c22a2e4bd14c906e
SHA256 861aa2feef017d2ee5a6097013984fd682bc8008032b020e13ea57eeef58262a
SHA512 515f388befee187a5797237c6c4e91931639a279e2a8cedf391ebee0f7bf544d813d6659f8ee8bde49dd8648ad3d1cedf1d70ef7140223e0bba3e74a398ddcc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584b3d.TMP

MD5 14306c5e5ef1069aabe43a895e2ae397
SHA1 75d0e1f9e9653718f55edef2598715d2fe00316e
SHA256 c1b50cae3f55fb80653cd5880b286b101ac12aabc88ac172a0bff9d82bab84d5
SHA512 600ac5849251ae84de73b8b6d7530d8c036a25af278836491d2958d030632a305ed3c2e2f505ae43b57f71bebd28327af91d90d5d8f2ffcc4e6d50d45db3387a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a1daeb658baa333a743961106de308bc
SHA1 c9df463f70331388341398f464b33500897d019a
SHA256 01f215e929419ec57adf685c8404fb3781b7cc169f85ea87bfd924c58f38cf66
SHA512 16b94631c0418e99efb1d968524877677d03377b1e9092e56a9cf94a900ac38b536e1451581583f2dd42c8c8e8828ad2717894cad7afe639a3001964515c302e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 bd63ea1a17d7fc869201b60fa8df189b
SHA1 2f9daa76e6e736f1f01e40dd2a4fb714190ed830
SHA256 64aa96a69a5730e6fc3bd15c629608b147305b6f7000fecdd7fd18d3ff093387
SHA512 111ee493fd4609bfd96431870465918cb6c9658bba540ad8ad6909a8f0a6c0b319f697a56f410c3b4bf44e893a816f7f849f76a634fb2f8967f2f83725609198

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 618b881e830f018b622f756b33c8ea62
SHA1 792525781e696c87bb91f2cb107d4ff9f75504b2
SHA256 e1afd25782b3095adac7da26b979092d361b4f1a14e964bb43bef240c78d1b49
SHA512 c7c41ebf11079dda967b8dbbffd7aa5d7744dc7787aab8ba14186d16a0cfd9b53f20bc8f79d5da8c0fcd092b3f04e56db334514b76ceafb5ca003fbf13b0fce5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a51cbecf73ebdd813c8c8f8ccac222a9
SHA1 10f1888f1dccc466cf982f9301bb10ac0d594154
SHA256 a32ffbd46a0963e1305e5be3650808a6e37877d706ca4be9a5e3ac30e3450972
SHA512 7744e31a77e5cdb660e80ac704c6c45e7c523f6d9c6a6da93a214d6e57e50d097bd641c4dcb7e1574d29bc398a3d5187681af7daa2abaa02106d827b434c6d0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ee137dc78d4728dfd188b3fa06db9a3a
SHA1 d9a54d924dfc1b398293d64f77312ee18ad732de
SHA256 205d0a5535d711fa351734d87ebdac20ddce974cd3a4dc59bff7036d8b77666b
SHA512 c039b0390a2c10e7da5f6638232a901842511fcbd1ee9abc21b445cffa6a2eb833a72dba53ab954e2ea33ca4f98507f334c6a2c8bc483a3a5e18d0e04054a394

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\43d34de4-b777-400c-8cec-5e1012c5c04b\index-dir\the-real-index~RFe58a2c3.TMP

MD5 09c346cbfedc44d4a2a6c2aa9663115c
SHA1 b93fe682032cdf218a8ee4eef0c101593195bb1d
SHA256 da44c2528ad49136c78474a7db946629445f6abf400e60fc5faa82927631b7d6
SHA512 61ec34bf2c786534bd840d7aedb40857fcf45264f5859172cbaa319f81174758509ad8a4de5227980196f36b5101b023f30fca488b6f6e588519116bdb222345

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\43d34de4-b777-400c-8cec-5e1012c5c04b\index-dir\the-real-index

MD5 780228c52011cc9576a013d74b4341d0
SHA1 f9ee5ee16419de1fbaf2fe55061539fff0244574
SHA256 ed69554fefa94f30dcedd73204bf00e7e1ae1afd4fade757b6cf031b6de98092
SHA512 b178b6dcbe2a4f9dfee64315ea7942bb1e54e340a2459750676e32fe5191b65d58eed24a6ecc311f5a045acee989de0c4b7b1cd4f5b47db3e7fe9bd542976c5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 3e8736356ed47cc091092e66252ef71b
SHA1 4c8b77254192af6c77b78fd2aa0914f51277f38f
SHA256 77d73df641757a1ba2555fea87e0e5840bb3094df1eea6476ae6a9e020509814
SHA512 a3b36fdb5a26142a3feef4b255e547fa55e2048b061fae7b00bc64883193ee44646c81468b8ff019e22fb7542943a10f9fca0d501e94854f6a2598cb845af4eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cfa40bab8ff42fa8ba55405340bcc81b
SHA1 6acf81482b4b8837fc67e6aca7700d696e7cd2db
SHA256 f7c46345f9523a61e0640fa76d13de390eff8590e0e0cbfdb9634b97f1e5b097
SHA512 54bdc47be029fd61f71dfeed99225895d30ee112cb954de91004d6c1fd3e5103fd1dc1d383c3ca464336fc7b49189f40e2d28cf2b79717435f3b15c266796181

memory/4140-2218-0x0000016216870000-0x0000016216880000-memory.dmp

memory/4140-2234-0x0000016216970000-0x0000016216980000-memory.dmp

memory/4140-2250-0x000001621EF60000-0x000001621EF61000-memory.dmp

memory/4140-2251-0x000001621EF90000-0x000001621EF91000-memory.dmp

memory/4140-2252-0x000001621EF90000-0x000001621EF91000-memory.dmp

memory/4140-2253-0x000001621EF90000-0x000001621EF91000-memory.dmp

memory/4140-2254-0x000001621EF90000-0x000001621EF91000-memory.dmp

memory/4140-2255-0x000001621EF90000-0x000001621EF91000-memory.dmp

memory/4140-2256-0x000001621EF90000-0x000001621EF91000-memory.dmp

memory/4140-2257-0x000001621EF90000-0x000001621EF91000-memory.dmp

memory/4140-2258-0x000001621EF90000-0x000001621EF91000-memory.dmp

memory/4140-2259-0x000001621EF90000-0x000001621EF91000-memory.dmp

memory/4140-2260-0x000001621EF90000-0x000001621EF91000-memory.dmp

memory/4140-2261-0x000001621EBB0000-0x000001621EBB1000-memory.dmp

memory/4140-2262-0x000001621EBA0000-0x000001621EBA1000-memory.dmp

memory/4140-2264-0x000001621EBB0000-0x000001621EBB1000-memory.dmp

memory/4140-2267-0x000001621EBA0000-0x000001621EBA1000-memory.dmp

memory/4140-2270-0x000001621EAE0000-0x000001621EAE1000-memory.dmp

memory/4140-2282-0x000001621ECE0000-0x000001621ECE1000-memory.dmp

memory/4140-2284-0x000001621ECF0000-0x000001621ECF1000-memory.dmp

memory/4140-2285-0x000001621ECF0000-0x000001621ECF1000-memory.dmp

memory/4140-2286-0x000001621EE00000-0x000001621EE01000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2439267b918675ae243d5467391bcc56
SHA1 0d0bee1031171ad96f30f6d7d8672d3543fad2e8
SHA256 f88176f6d277e4c163dc98ff59986510055bd6e971d8a4fb43883dc2fe2983a1
SHA512 d1122ae99c0d3126d8406a0472d13de5a87c9ccce83a99ae5c527d799eaff4283432ff8caa86962688ce9c1af318b869381cef5907917b66096d66a62608d330

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 57bb8ca5e91e0dcfa896af410633ae8f
SHA1 bb6660b011caa694fc2211ac1ce9cd4a7c3d51ea
SHA256 2ce15e9746e6f24fa612ad99355e2c3e374a7947e6e04e2faf3042482e7c2e36
SHA512 4f3e9c1133ee98f425b4ced42a3adcda19330b32ec563be6987bbb4fac076d60de021e72bbc626e1b0b22481f802ababe3c47dae62a70ea078a810f65b68f6b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e57cc18073103fa2ba7ee23450a2662f
SHA1 9b4f4ee053e421f181ac3e25374b947442cad463
SHA256 4e8707c710def9e4eb793ae51e9510a45332f079c2579d504ca9bbb866d37d34
SHA512 e1646cb8253153d971b54b0fd244eb26b6738a379e18f9113b326ccddf3e4fb1faff437259f532597cf225c5c5523b11d924ca2d6ddd13bd45a0d23489a32972