Analysis Overview
SHA256
5f57e85e2eba8616976591ec6e3a4db172c1687a2c875c5b3ae10067867fbcbd
Threat Level: Known bad
The file 5f57e85e2eba8616976591ec6e3a4db172c1687a2c875c5b3ae10067867fbcbd was found to be: Known bad.
Malicious Activity Summary
PrivateLoader
Lumma Stealer
Detect Lumma Stealer payload V4
RisePro
Executes dropped EXE
Adds Run key to start application
Detected potential entity reuse from brand paypal.
AutoIT Executable
Enumerates physical storage devices
Unsigned PE
Program crash
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-13 08:56
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-13 08:56
Reported
2023-12-13 08:59
Platform
win10v2004-20231127-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Detect Lumma Stealer payload V4
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
PrivateLoader
RisePro
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Wo7ck94.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1CL83uX8.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2sX2253.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ez2qD12.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\5f57e85e2eba8616976591ec6e3a4db172c1687a2c875c5b3ae10067867fbcbd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Wo7ck94.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2sX2253.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ez2qD12.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\5f57e85e2eba8616976591ec6e3a4db172c1687a2c875c5b3ae10067867fbcbd.exe
"C:\Users\Admin\AppData\Local\Temp\5f57e85e2eba8616976591ec6e3a4db172c1687a2c875c5b3ae10067867fbcbd.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Wo7ck94.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Wo7ck94.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1CL83uX8.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1CL83uX8.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffddced46f8,0x7ffddced4708,0x7ffddced4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffddced46f8,0x7ffddced4708,0x7ffddced4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffddced46f8,0x7ffddced4708,0x7ffddced4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffddced46f8,0x7ffddced4708,0x7ffddced4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffddced46f8,0x7ffddced4708,0x7ffddced4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffddced46f8,0x7ffddced4708,0x7ffddced4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffddced46f8,0x7ffddced4708,0x7ffddced4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x78,0x16c,0x7ffddced46f8,0x7ffddced4708,0x7ffddced4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffddced46f8,0x7ffddced4708,0x7ffddced4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffddced46f8,0x7ffddced4708,0x7ffddced4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9715712148044454914,9954035266058618917,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9715712148044454914,9954035266058618917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,6578766116527245872,12846004372247238400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6578766116527245872,12846004372247238400,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,12879933549269009479,9310957163510201312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,10568337992926727729,9967520157685426900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12879933549269009479,9310957163510201312,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,10568337992926727729,9967520157685426900,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2sX2253.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2sX2253.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,6439857424428279353,579841939252072851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5660 -ip 5660
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6439857424428279353,579841939252072851,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3593655132294013731,13730223530878735063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3593655132294013731,13730223530878735063,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,14683875251561946455,16867789485795356634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 608
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5264631280953302119,11440136963117786938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ez2qD12.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Ez2qD12.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 8056 -ip 8056
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 1072
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7112 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2e0 0x2f4
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9120 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9120 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12904695015965561435,2529216496467122009,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7472 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 21.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| NL | 67.26.109.254:80 | tcp | |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 54.83.128.231:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 104.103.202.103:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 231.128.83.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| IE | 163.70.128.35:443 | www.facebook.com | tcp |
| US | 2.17.5.46:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | 103.202.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| BE | 64.233.166.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.128.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.92.85.52.in-addr.arpa | udp |
| GB | 216.58.212.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 214.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | soupinterestoe.fun | udp |
| US | 172.67.221.65:80 | soupinterestoe.fun | tcp |
| US | 8.8.8.8:53 | dayfarrichjwclik.fun | udp |
| US | 172.67.174.181:80 | dayfarrichjwclik.fun | tcp |
| US | 8.8.8.8:53 | 65.221.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | neighborhoodfeelsa.fun | udp |
| US | 172.67.143.130:80 | neighborhoodfeelsa.fun | tcp |
| US | 8.8.8.8:53 | diagramfiremonkeyowwa.fun | udp |
| US | 104.21.18.224:80 | diagramfiremonkeyowwa.fun | tcp |
| US | 8.8.8.8:53 | ratefacilityframw.fun | udp |
| US | 172.67.161.55:80 | ratefacilityframw.fun | tcp |
| US | 8.8.8.8:53 | reviveincapablewew.pw | udp |
| US | 8.8.8.8:53 | 181.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.143.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.18.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cakecoldsplurgrewe.pw | udp |
| US | 8.8.8.8:53 | opposesicknessopw.pw | udp |
| US | 8.8.8.8:53 | politefrightenpowoa.pw | udp |
| US | 8.8.8.8:53 | rr4---sn-q4flrnel.googlevideo.com | udp |
| US | 8.8.8.8:53 | 55.161.67.172.in-addr.arpa | udp |
| US | 209.85.165.233:443 | rr4---sn-q4flrnel.googlevideo.com | tcp |
| US | 209.85.165.233:443 | rr4---sn-q4flrnel.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 149.177.190.20.in-addr.arpa | udp |
| US | 209.85.165.233:443 | rr4---sn-q4flrnel.googlevideo.com | tcp |
| US | 209.85.165.233:443 | rr4---sn-q4flrnel.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 233.165.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 209.85.165.233:443 | rr4---sn-q4flrnel.googlevideo.com | tcp |
| US | 209.85.165.233:443 | rr4---sn-q4flrnel.googlevideo.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 172.64.150.242:443 | api.x.com | tcp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 104.244.42.197:443 | t.co | tcp |
| US | 199.232.168.158:443 | video.twimg.com | tcp |
| US | 93.184.220.70:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| FR | 216.58.201.110:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.150.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.168.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 54.87.226.161:443 | tracking.epicgames.com | tcp |
| US | 8.8.8.8:53 | 200.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.226.87.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| DE | 52.85.92.24:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | 24.92.85.52.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| IE | 163.70.147.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 192.55.233.1:443 | tcp | |
| IE | 163.70.147.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| GB | 142.250.200.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| FR | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| GB | 104.103.202.103:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | 187.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.103.202.103:443 | api.steampowered.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | udp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| DE | 52.85.92.24:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.219.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 90.219.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 35.186.247.156:443 | sentry.io | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 34.197.79.40.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Wo7ck94.exe
| MD5 | 5a8e94c0ddac554de280bbf40aa0cfeb |
| SHA1 | 3ddc83b35dfb482eeabbc1b71b6d1d74bfcd36c3 |
| SHA256 | 5e2a319a86c63eec391d510491fe8481a9073febdf7cdf6bfcf63fc83690733e |
| SHA512 | ed089a4f9ccc9bde7a3ee122c33308a997c0b53a6ac1edeb8a34e7ed67c54e6693329e6c19c36c9fb9d3a86d3aa524876b6e61338172cdd13062bb6a1a4e46ae |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1CL83uX8.exe
| MD5 | 329f3006f3d6b2f6ee7675f3fe41dfc9 |
| SHA1 | 9a7dc3b2a18a346f3f91075e64e02682a0629419 |
| SHA256 | 1d75ed25369ab7907ebfda19a9e2051592377154de6150a67b9feae3cc9d3560 |
| SHA512 | 126ee47e01908e5cd5a571988616a27f1915e7ca253722b0a12668ba71d1581e0aba9d4cf9b9d5a97cd823213950ce4fea26f262ccc5798666f292e9977b6043 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5990c020b2d5158c9e2f12f42d296465 |
| SHA1 | dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4 |
| SHA256 | 2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643 |
| SHA512 | 9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 208a234643c411e1b919e904ee20115e |
| SHA1 | 400b6e6860953f981bfe4716c345b797ed5b2b5b |
| SHA256 | af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458 |
| SHA512 | 2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2 |
\??\pipe\LOCAL\crashpad_756_KMASEPOLILTNAXBQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2sX2253.exe
| MD5 | f8e7488fd4ced59d6eb387447bc37430 |
| SHA1 | 560ed0a592273875ae66a93efd611f76a9da7ee7 |
| SHA256 | 30d11b5bd1ed2f376bb2c6dd47299a54702bf9cfdfc0d32e5f50c1adf83ae347 |
| SHA512 | 0e7445eb71a24e10c13a706189cc972d9d590bbd456f27b4008243161868fc6b0e86fd8fadf42f61502aa913f39e2a3fedb7de236b80a2bff05378b7ade6cdb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 232e31016b35ce7b156e0184ccf79cd7 |
| SHA1 | 59a9ed80c8cfdc1b99f73ea7942b1ad2691d73e6 |
| SHA256 | b3e2211fc3b1954c40e699756933b2a69cbc77c5705732c8d2a766d72d4a168d |
| SHA512 | 8cfe3f3fc367a0219fc1e5eb9f17391fbf599b00c7569d20edf347f2b3a60bf86f0f47ad37c9a55059f887c30d6e0e219da6ddd848efaf5b055553bb1ee6322a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fca6ccf9e693a8021d5d882b29779538 |
| SHA1 | 8755db3a76ff78ca064f9401f7072d7474853ead |
| SHA256 | 0b5a780c90d024383dbd242f6118d4e1629aa73d36c164707b936f69e663683c |
| SHA512 | 1dca47011a4fc91496767e862d7e6514c413aa01d5a1f6d3c0dae38ace3011045ac550fc3b1f45426c2a426137b26effc8d9f30679fc9740775706c89e0a3130 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 059ef96f736430d4ed40b63c455b8c0f |
| SHA1 | 45fe53a648d99b866378d3a2ee9448c6d63c4f43 |
| SHA256 | 6c7d0a07391e852da00c759e1bf5ebc6c83abed599d6d064bfa4ed4d894889a2 |
| SHA512 | a7fb640784e09f475644c550b35cd9831aa62eb9e3484e7326dc4f46a9d3a36d37a71496a11e4432050ab8aacfe5588c18783910d358efc095f34ab0a9e3a98d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | feca79c09d3ff3559048d3ebdbc0dee4 |
| SHA1 | 7febc516e1c22723df58c86ef7d636412c97387b |
| SHA256 | 0671ede1d414ce507667df0b98e3e7b3b0c71e6ea5f9a8b16939b37ff3115398 |
| SHA512 | eb1ade1c0ac4fd50ae2a14d7bb0d4ca2103e3880148bb68b4d0d52b3de0819100609c49a70430693edf3782dac96378941004f60b283ca29daba2ad0eef4d475 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 831bd07ec018f2509a23eaed08ec5159 |
| SHA1 | bf55a7089fcba00fa9270ea2d34764275de6ab81 |
| SHA256 | 6c41915a748af259adf4aecc34f8e91e0477c5bf32835221fd7c56755afb9d18 |
| SHA512 | 30ee78ec950b9b13a846515b5e4b3ed70e4d0997153516301e6375819dfae46fd6c2a04a3d557f64eea12b0b08ffaa37af80c580a193ff7f0fa2ae1eeee37f8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\71ebcef1-09c4-49d6-a016-d20d0a2749b4.tmp
| MD5 | 8f92601ef1c1283d3e52ebe9d371550c |
| SHA1 | b651ab1033237723524a911e6d301b29ff40dead |
| SHA256 | dc575a9c18d51cfb866e583c55f2805e096b19c5730d38501e95c3dcb9fbaad9 |
| SHA512 | 8ab0f46a7ebaf446624193b473a06e8b50a510c64057724895ee6c7572c502626f1cd7a3ac6a3a141b1f11dcfe7f00e79fbd447d82016edf01635c7a37ac631f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3ca42cfe16c50ec99328f8884a15c8da |
| SHA1 | 8980481dccde9eebb85a77333b9b50456066146e |
| SHA256 | 3c29aa95ee1a43bbe0401f7983ba784ec3ad2ecd15c02bbe482153458d5ca9de |
| SHA512 | 1ab9cc4f0da9d1044eec32133d0de61aba87ccfcb74f2e74398ffe6c4b802c36a7b0b8e8b8c0ed29f21069e048de3afc465a609db6234dcd32750632dbd73df3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 70499985fdd381b613d51a44e67a11ce |
| SHA1 | 5bc4ea42a69a48734b207fda9039cb23e26de452 |
| SHA256 | f06fa549f675d61abf9625ce65cc4ad512e716cc5e32b244e71e422364f7c9c2 |
| SHA512 | 9b3d5a0ed9b49f98ff7ff45f4a128f243683e7d275574ead043e7bf142a756533a6b316e48a775a4e7c8ad17cffe70b5d9269df16e2786320cb00e5d29d50d7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9f5e1aba3b9ccc954db480564094bc22 |
| SHA1 | d8b6b4da96ebdbf65d0bc2326c29af7a82e35683 |
| SHA256 | 57c1665f9deb08572efc1b2ab2dffad9083099b13d6c92bbbc8309e6e484a8f3 |
| SHA512 | bef018043c2f95bd73b40fe63577414064750b0bbbc5f182a5a1c57485fe7d14d21fd383d726fbc6db4522cb2f1b4dabb77b0f431a0768cde1524f32518cd6a3 |
memory/8056-285-0x0000000000A80000-0x0000000000B80000-memory.dmp
memory/8056-286-0x0000000000A00000-0x0000000000A7C000-memory.dmp
memory/8056-287-0x0000000000400000-0x0000000000892000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3f04bb8f30f19b8d5c3e1da20373ba99 |
| SHA1 | 53b9d3e38a0e10c3f575c9ee6ea161d24905ee2b |
| SHA256 | 03c63e740480d77a82c4622f29f828c6479660a794f95b9ece51229220857dd4 |
| SHA512 | 40bbb70bc25ff36fb79eac343d35ee72c6846f78f3cd9d5d321ce31b8fa8e2a40587a8d2e9ad95b47d471b12aff592a6413493e9a02a3ccabe877296744e8dcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2e77472f1304e712d82b53aff25d14b2 |
| SHA1 | 2a6e211611d9a8a9bdd51c8ad6e5b372aa2e8801 |
| SHA256 | a68b9cce924b7d34beb63a0abe761351ce7721d41ac44238fdf3dcd96bdd66e2 |
| SHA512 | b2eea3654e61029b14ed7577afc8be69e615625ac832767ba7940942bc7a937dacf2bb9ef02415fa87d51eba992346b3ad155694ced49ecb0e1457a3da6aa567 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | a5c0be3da852e47f36df74b2cf1cf0ac |
| SHA1 | e63b389a6274c11c613dc5d8caaac0ad26626636 |
| SHA256 | 5b75ed570b9a97ac1f133222803b779504e54788c52e4b94243dc6553c4817c4 |
| SHA512 | a06f46f36e72d3ec8c2e84efac67f087e0b6b4e8973963065534d423194b0bdd26ed61a57cdfedc7cff9e223402c57f2c9ec43dd6bb6524f905986cb57639867 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ee7c9471143935651597c11b0da8d0db |
| SHA1 | 1c77138abba3bd47556cf66eae7bcf065d28e826 |
| SHA256 | 7c1be6b00394691507e092664f6a3d09b97cb00761d62f4b8f98273e11cd28a3 |
| SHA512 | f4a9762a2ec044e5360a910853e8c09e97f03af6d031f85a6b0fa079684e65aa07164a59b0d8ba6b4c25c5f232a48b6b2f0f52c0742371d9a4eab7eeb523a0b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/8056-341-0x0000000000400000-0x0000000000892000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6644e15c3991a7d8c03eeae755c09cb6 |
| SHA1 | a1e01f4a65e7f3b0b0697f3d0a27f8239c313f76 |
| SHA256 | 972d10a47a67071285f0473e90c7cc2353ace7e71b14a88c44d93aff9b5ec25e |
| SHA512 | c083cf0b8ce1ec1bbf4f8c0a63c8253500ed0fe666376a9bfc47454b900a44209afe2f07e21d6d617e3e7e7d4e3a890ba54cf6392344dd95937d6b6889aeeb91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 5a6206a3489650bf4a9c3ce44a428126 |
| SHA1 | 3137a909ef8b098687ec536c57caa1bacc77224b |
| SHA256 | 0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28 |
| SHA512 | 980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b0bd9769a49f4b7824050712553db6c0 |
| SHA1 | 29bbe6bb1f7c8b535f909206547238bcbc81f50d |
| SHA256 | ec9f29570f84e00c47d98bd745e985ecf3ef41501ee99bdf5a2583760edde8ec |
| SHA512 | a369e233f43c25da2e5b9c81ecfdbffbc9b668507e5dda6150c256b938a2596493f9b41662acd7088daaadb347a270d2440c5bedbee6e784b5bbe265b86d6fb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a6e5941439551b824e6c6f04a0f8cb36 |
| SHA1 | 1a097d433e492ff8220bdba12d39f1b3ef33528b |
| SHA256 | 293e6c59c6bac953d7cf216feb3ad51fa2fa43fa5339669dcb352c119694b349 |
| SHA512 | 14c5c935cbb17931a48d6af4bb5add91cfcd635323cbeb41046a9fd43c6f8d62233142928268e3eebb68c9d9cae395ede5756fd6f8af7509293a27ba5f3674e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589621.TMP
| MD5 | 0900d81b47ac96719c3d71cb6a0b289d |
| SHA1 | 6c44d3f4ff356821a930bc88329cd450748b1848 |
| SHA256 | 4e3d0153c6dacc3d516afacaeddd3d11d8bd534b38fdc2f16bac53eb0a97d7ad |
| SHA512 | 5395c6e8b9a0027a2ac29096a28ac5a5028c4fa09df9587e933d43e4b9c1a368176ef53a934fe2dca0ebc28309e8b6b27840afbc17f54e7c698f6d16f66aed65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 45c3b4698abe3c199b5964d73b591734 |
| SHA1 | 10e36dcf58a869a25de9f791f148b0e54e974e89 |
| SHA256 | d97ddb1dd9944634e77c9b7edef2af6ddc2cde7669576bd6707daf0ecc2f0b90 |
| SHA512 | 1c422c57b62e193dabaff9c59075c29a64cae4c5c77623f5c764dc1fbc75074f1ad713b9b29cf93132d4a5fb491c10d44584f49f27a08cf52ac2acd81580e23c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a36f.TMP
| MD5 | 59a844b5bc3093da527a7c386313db95 |
| SHA1 | 3547f6db4755197b91d4f7d275626334dbad27f5 |
| SHA256 | 513765368353a9b751133ed7b6fbcf3085773fbd04e97aad6164318a4b87ff07 |
| SHA512 | 861b5e4ae29311bfcdbc5e8245d22ba9e9aa347912a15fed8da9d19a0d12362e45b36c2dfc101e24106e50aa7e99cb06862147dcadd6292ab9f10d38441d93a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 0efbc78e17ac05e5496e3fc0d39196be |
| SHA1 | 3ab7c184dcbe213430d068f7a9e7b34cc3d32cdc |
| SHA256 | 7121bae0928d32df8f374cb484d16beffbfd21b695381561067a77d89fcea665 |
| SHA512 | 5fb85090bbe4175b0eb10fd40a602d241f8a4f5b24892d18c70f89accb6067b013fdf52ff3f4f233831ec48fcf78d0c74a30b4076e69d44a527f77150d073bca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 909324d9c20060e3e73a7b5ff1f19dd8 |
| SHA1 | feea7790740db1e87419c8f5920859ea0234b76b |
| SHA256 | dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278 |
| SHA512 | b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\32ec3a2a-48c5-42bc-80f7-b6e61d8d7b95\index-dir\the-real-index~RFe58b61c.TMP
| MD5 | f420b8a5a888621bacab6d529c805d5f |
| SHA1 | cb11016aac2f1e2c86e6d56dc546e02f031226d3 |
| SHA256 | b57a41f1a566d8a49f791e92a032523af924a14e92cc7b8bd028bc6bbd58f158 |
| SHA512 | 01eec1e37ededc7f693dc50702bea9f605d22ecbb32f4ece527195b5476df2c35d8a19ec05f1d9e0b6a09dad1ffba6dadba5eb307f98ca480cde4edb784de47d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\32ec3a2a-48c5-42bc-80f7-b6e61d8d7b95\index-dir\the-real-index
| MD5 | 1e570d090f8131e091b892699db5fcc5 |
| SHA1 | 8631ae6011b534621594c7b040cf34f34a772f39 |
| SHA256 | a3105543af0e6163e961a7f6c93e1af2b7c5e62f18e9c1797b0f8f41eb897966 |
| SHA512 | 43073d684f3998b2fbaad917eda3b53bc421ff3ac06ab469979d1670b5e25607f133e1f3f5f56354369561aa359544725357d649285e17d41163ae40c07b6bcf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 489d13682fa0ba5d14306f310c8cee9c |
| SHA1 | 3e473dc5e9b89c5ed5bca154fc061580ce10d59b |
| SHA256 | 1007fdf05f2547cdd96581010eac21fcc87718a490e3baba97f7676de2e9b04f |
| SHA512 | cea2390da1c582917a386020bc3d59c442a5538dbdebdfd161659e703b36cac02ba66b9cc943c92cd010694fd9c63398eb556a2bfb5a49696ca74fa8c2e5bcc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | d55250dc737ef207ba326220fff903d1 |
| SHA1 | cbdc4af13a2ca8219d5c0b13d2c091a4234347c6 |
| SHA256 | d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd |
| SHA512 | 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 569038ce2c7a181f0f00f547eab6f583 |
| SHA1 | ea1179d149521330d39b5b6b32db3141ed660a14 |
| SHA256 | f12c4b481d276f7b55c35b481814e44f2f46cf1effbe2f78ec052ff3b1d5e33a |
| SHA512 | 325a83dbdea226f019c31f51736683e3f029e9de2b128d34aeb5ebcc1918493bff0bcc15ce67466bac2abea7e01ea319207b382367d983d8780393bbca7161e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7ddf1ff601f645f0d5c0884c45f9cc45 |
| SHA1 | 869d76043cc36aca4ef018738fbf408264c02d30 |
| SHA256 | ad12a1476b8101192bb6123178bd9715a96f7527e44354d48768f383381436b1 |
| SHA512 | 5f7b3d6137aca08d9e0f5e6f6c03bbf41775e4e9534f7d501e1870a451db3cb2f3b93da3f5effaf2860df44b0c1d985efdf5340d00b08dbd3c1815c640fd1990 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
| MD5 | b3ba9decc3bb52ed5cca8158e05928a9 |
| SHA1 | 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0 |
| SHA256 | 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4 |
| SHA512 | 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1509d52c9099badb68934311961c19a1 |
| SHA1 | fc6c89b28d36fdad287c5162644c5e5a9cf8c4ab |
| SHA256 | d81018918c86422ddf7808ddf307b5443fb8b363d9610ec968e2de411cd29693 |
| SHA512 | 792fc9764fce96291474f4f6a093dc6b0dc337fb3f6df5d44ee6c4c60e944e0d63b42cffe69282ab6d18b7d3abd82b3b3ff78d286964704176b29248706b1b95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 950b8318c3e66c1f6f0630ebf0c98efb |
| SHA1 | d6f6cdf59a965c01cddc0b1bf849443f02c4e4ab |
| SHA256 | 32d02926eef2a6d7395ffabf0445fb8f892f7746e2651c1f1bb288b296ed59d3 |
| SHA512 | 253bd366f6a652e468e278b1bc4e665a18b231810be8ad0c9540fb85a420dc05bbd12d90a6c68d0c91c2d91d84226958d442e7e10dcc8007e9e925f4fb63b231 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 291817a00bcb11d602f2ff0c1b66a355 |
| SHA1 | 09283fecbcc4ab7597326290c567695599d0fbde |
| SHA256 | 06a7172792bbf08106c760a05d1667a87baf79b31fbd696d6963173c5094539e |
| SHA512 | 598a301afd17fe3a12e1e2f5e112eb84f31ee2a173c0b2904cfeb7345090bc5d32cd6703355df77d686038a94c865bb24fc5f9f4a69a016a328a4b2372e4d705 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9456403a0b718a26ef9c81e63dbc2300 |
| SHA1 | e6c9a7033686fbd77a37773f8d2e79ac8bf8229f |
| SHA256 | cd962cb5720db4c95cb191ebc5b3b6283a06633a4e7ff304bf108218172ef3fe |
| SHA512 | 51157b6fec2cab368c64f6d9a10bb938136b8bdcc1817de92299ebf0eb49a6f210c587399b797f9b72f3aac7d056fe4edf0c3729ac28ca88df842b0befccbe35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 924399d4249a70f5e01710e1022d9240 |
| SHA1 | bf9541326f2232d5b89c5324b244126f178d2d65 |
| SHA256 | 1c71b0c739854fa1b6cf6227f18d221e63b16e30dffc9f61615eec5a3dfff566 |
| SHA512 | 302aa290f376233ae6644531e5af397456580b338d1b126cda6e10b68afae9aa489e9304093dfe4eaa1ca378e7f899b77923d9042c5f59ebaa1ffbe1e61e4436 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 38303d72e831367b4e3eb33f4fe1d8ca |
| SHA1 | dc94fec56321193e603fefb17904c6780acd3d00 |
| SHA256 | 5215fb44fafb58cda57116704d59ae882a95b3c75e9268ab76b47806a8e2cf01 |
| SHA512 | 59147a9c116d16168fe035a7522bae0a52a643f2e189e6551297a453a32fc08a9857464f99bd5c99deab83e9f2fd727bacc124d79708bde91fe8453047295e5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ace74df7459e05c3734fdadab3b01cda |
| SHA1 | 35cb9445748d47c2f25f92d507df1aaff7c230da |
| SHA256 | 091e06054639991c9042420273713a85fb7061e4cb333ac08b926106a8dbdd49 |
| SHA512 | b74558492c4ee3a1b3a893ddefe5d5077251427a34d24b1bf8e1502e1c719cbc1c24d98869e136e842c5127db8443f7907f5e6f2cfa57bc72f906dea8ad4c873 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 7397d91a1d870c157040f9ce5215736c |
| SHA1 | c9a821e68b52ab3a448c0c612cfb6e4309f02046 |
| SHA256 | df9b26ec0c585a283e5799c7d57bb8f2facf0bb1ee0bc0cb59e99a06d95961e0 |
| SHA512 | 90363f2f043c5e79fa16e10c3ae066b37cf33e6efda184c69b5cf6cd350e2dce9c330bc5f8a32ceaebfe764ab253bba08c4ac0576ae126d984a42b08ddbbd706 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | eb5b39a406f242b702c708b0bd05e8b9 |
| SHA1 | 29968be6073f952bbb0a7103fa534c8d6b3c81d5 |
| SHA256 | f19a58d2911c0e593d97f0dbd4062fe4d4733a843e72fe6b8d671fd85ec831ad |
| SHA512 | da3d9e92cc365a64536fa222d7eb67c9e541e26e130a4bad3986ac9b39fcec00ba91a1581087262fb4b4716a7fc5e2173e049c384eb5c310ffec8e0d45cfee81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | f932d9768bbfb343aa3ebd4241555f09 |
| SHA1 | 7725217346004468af5bf9c5623fcfc597190cb7 |
| SHA256 | 8ab74c52c4e2c64893db6e690c79c365d60f02dec39f0f6006364f55a12c2152 |
| SHA512 | baed952f91543f5aa6902ecc36afa740e632095658380fb26368a3b94a4bc4c73cf3c0939cfaa1731555ae37277b9f03cab4177ba8478fc0be05a2a3d610e037 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5d77b25233e52d498559308729186ee3 |
| SHA1 | 6d758dc92856ee3aaa675f12c0880250b97fe726 |
| SHA256 | a7e8340f1fd3c4f0363d2d16af4259172670a1b6fccb05e86f63b0a046018fbf |
| SHA512 | 6c1d1e90fa141d9acbd57d3d20c4196bd990cba05c750d7d06bea716a6f515a88f78cb043715cd09ee668843883f16e506739325c7be40b9982e786ea019b78d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\c871baa0-1d13-4eae-839d-9a030ab7fc73\index-dir\the-real-index~RFe59d1dd.TMP
| MD5 | 950afd5cf2ebf18392634e9291a74af7 |
| SHA1 | 5ebe1e20e5cf8d7e956da4da6fdea861eba3e37b |
| SHA256 | f08cacf59515e738964240893c565f65089a1dcaa990a370db33310ee0bc5f31 |
| SHA512 | e6c6d4ff57856cad86c338f5e3a388cbdc553ab615d940368d8e312871f79d001840ffec536348bc7f6e94f6e092ba0049fbd4b1e0ee89bd88306ea2abba8097 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\c871baa0-1d13-4eae-839d-9a030ab7fc73\index-dir\the-real-index
| MD5 | 6fb3bb21cecc8ce219b71394db608825 |
| SHA1 | 618072b87046cae17510877655f710315aef9412 |
| SHA256 | 2520aa6286db49e2697add9908d8e2997bc10bdd9437349df6720a443e9363e2 |
| SHA512 | 959d2ef5f62dd4623b76d3224aa18b3eacd313d40ca9ec32623d2c22fea454643c4af13de2facbc4358c029264b6a8edf8ebdf43f8cf1a457c3e54470631ffbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 3c8634026388e45b47eab8a0cf79949c |
| SHA1 | 707a9c6c436e16fde1f4bc98813b70a479786e3d |
| SHA256 | 36b60c48e7d5cf9bcc0ced7f3564ec05738d226cfc8808ad29e7fe7f500d09eb |
| SHA512 | bc23ba7da93a35cd86e6dc810237837ff5aacfc8d55bd40f722f170dccf4da8c9aa2259ed24c00a835f428f7187c78e8844e78dcd648920b98c58f24b7c2f12a |