Malware Analysis Report

2025-01-02 03:50

Sample ID 231213-pk26dacehn
Target 4fde9c840e9036098cad6fc7786c67f2b5afdb2bf79f326691ddd945402e7647
SHA256 4fde9c840e9036098cad6fc7786c67f2b5afdb2bf79f326691ddd945402e7647
Tags
lumma privateloader risepro paypal loader persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4fde9c840e9036098cad6fc7786c67f2b5afdb2bf79f326691ddd945402e7647

Threat Level: Known bad

The file 4fde9c840e9036098cad6fc7786c67f2b5afdb2bf79f326691ddd945402e7647 was found to be: Known bad.

Malicious Activity Summary

lumma privateloader risepro paypal loader persistence phishing stealer

RisePro

PrivateLoader

Lumma Stealer

Detect Lumma Stealer payload V4

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Detected potential entity reuse from brand paypal.

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-13 12:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-13 12:24

Reported

2023-12-13 12:26

Platform

win10v2004-20231127-en

Max time kernel

152s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4fde9c840e9036098cad6fc7786c67f2b5afdb2bf79f326691ddd945402e7647.exe"

Signatures

Detect Lumma Stealer payload V4

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

PrivateLoader

loader privateloader

RisePro

stealer risepro

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\4fde9c840e9036098cad6fc7786c67f2b5afdb2bf79f326691ddd945402e7647.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 484 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\4fde9c840e9036098cad6fc7786c67f2b5afdb2bf79f326691ddd945402e7647.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe
PID 484 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\4fde9c840e9036098cad6fc7786c67f2b5afdb2bf79f326691ddd945402e7647.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe
PID 484 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\4fde9c840e9036098cad6fc7786c67f2b5afdb2bf79f326691ddd945402e7647.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe
PID 1248 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe
PID 1248 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe
PID 1248 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe
PID 1556 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5000 wrote to memory of 3904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5000 wrote to memory of 3904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3376 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3376 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 668 wrote to memory of 2600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 668 wrote to memory of 2600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 824 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 824 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1484 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1484 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 3352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 3352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2592 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2592 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1248 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JM0012.exe
PID 1248 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JM0012.exe
PID 1248 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JM0012.exe
PID 1204 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 5704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4fde9c840e9036098cad6fc7786c67f2b5afdb2bf79f326691ddd945402e7647.exe

"C:\Users\Admin\AppData\Local\Temp\4fde9c840e9036098cad6fc7786c67f2b5afdb2bf79f326691ddd945402e7647.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x120,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JM0012.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JM0012.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 4260 -ip 4260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2072254818956727065,8448896810877648310,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9942060953766167493,9971561707295730080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9942060953766167493,9971561707295730080,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,16224087209975508285,10883444996333298007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16224087209975508285,10883444996333298007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,402219342939148483,13106873279760835238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2072254818956727065,8448896810877648310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,402219342939148483,13106873279760835238,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,13911673262306400219,6630831054126532795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13911673262306400219,6630831054126532795,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1480,325644188836619972,3852185474426871924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1480,325644188836619972,3852185474426871924,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,11636644674430059035,12966641807602329436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1520,11636644674430059035,12966641807602329436,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11003232817263254981,5325121712184170056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1420,1443610852333350980,16016008659145242521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7wy6yV36.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7wy6yV36.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6000 -ip 6000

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 1064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7404 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7404 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7252 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5256 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 187.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.facebook.com udp
US 2.17.5.46:443 store.steampowered.com tcp
US 8.8.8.8:53 www.paypal.com udp
IE 163.70.147.35:443 www.facebook.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 46.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
BE 64.233.167.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 52.206.110.145:443 www.epicgames.com tcp
US 8.8.8.8:53 twitter.com udp
GB 104.103.202.103:443 steamcommunity.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 104.244.42.193:443 twitter.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
US 8.8.8.8:53 84.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 145.110.206.52.in-addr.arpa udp
US 8.8.8.8:53 103.202.103.104.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
BE 64.233.167.84:443 accounts.google.com udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 110.242.172.18.in-addr.arpa udp
US 8.8.8.8:53 soupinterestoe.fun udp
US 104.21.24.252:80 soupinterestoe.fun tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 dayfarrichjwclik.fun udp
US 104.21.80.57:80 dayfarrichjwclik.fun tcp
US 8.8.8.8:53 neighborhoodfeelsa.fun udp
N/A 224.0.0.251:5353 udp
US 104.21.87.137:80 neighborhoodfeelsa.fun tcp
US 8.8.8.8:53 57.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 252.24.21.104.in-addr.arpa udp
US 8.8.8.8:53 137.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 diagramfiremonkeyowwa.fun udp
US 172.67.183.217:80 diagramfiremonkeyowwa.fun tcp
US 8.8.8.8:53 ratefacilityframw.fun udp
US 188.114.96.2:80 ratefacilityframw.fun tcp
US 8.8.8.8:53 reviveincapablewew.pw udp
US 8.8.8.8:53 cakecoldsplurgrewe.pw udp
US 8.8.8.8:53 opposesicknessopw.pw udp
US 8.8.8.8:53 217.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 politefrightenpowoa.pw udp
US 8.8.8.8:53 www.google.com udp
FR 216.58.204.68:443 www.google.com tcp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 api.x.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 104.18.37.14:443 api.x.com tcp
US 8.8.8.8:53 t.co udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
GB 199.232.56.158:443 video.twimg.com tcp
US 104.244.42.69:443 t.co tcp
US 93.184.220.70:443 pbs.twimg.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 14.37.18.104.in-addr.arpa udp
US 8.8.8.8:53 158.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
GB 172.217.169.46:443 www.youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.172.242.107:443 static-assets-prod.unrealengine.com tcp
US 18.172.242.107:443 static-assets-prod.unrealengine.com tcp
US 52.203.30.102:443 tracking.epicgames.com tcp
US 8.8.8.8:53 102.30.203.52.in-addr.arpa udp
US 8.8.8.8:53 107.242.172.18.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 221.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 220.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.200.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 fbcdn.net udp
IE 163.70.147.35:443 fbcdn.net tcp
GB 142.250.200.3:443 www.recaptcha.net udp
US 8.8.8.8:53 fbsbx.com udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
FR 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 202.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
GB 104.103.202.103:443 login.steampowered.com tcp
GB 104.103.202.103:443 login.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.103.202.103:443 api.steampowered.com tcp
US 104.244.42.194:443 api.twitter.com tcp
US 104.244.42.194:443 api.twitter.com tcp
US 18.172.242.107:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 rr4---sn-q4flrnes.googlevideo.com udp
US 173.194.191.169:443 rr4---sn-q4flrnes.googlevideo.com tcp
US 173.194.191.169:443 rr4---sn-q4flrnes.googlevideo.com tcp
US 173.194.191.169:443 rr4---sn-q4flrnes.googlevideo.com tcp
US 173.194.191.169:443 rr4---sn-q4flrnes.googlevideo.com tcp
US 8.8.8.8:53 169.191.194.173.in-addr.arpa udp
US 173.194.191.169:443 rr4---sn-q4flrnes.googlevideo.com tcp
US 173.194.191.169:443 rr4---sn-q4flrnes.googlevideo.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
BE 64.233.167.84:443 accounts.google.com udp
US 8.8.8.8:53 26.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.46:443 www.youtube.com udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe

MD5 5bceb29dca11f268a2e0b269840a99ee
SHA1 4965f02ace233480c6d29f55f4bdc82d35f49427
SHA256 cea1a8b113919127f8d2265ec4c50a3bbd75ee4fcf9841bf56064363ca124b34
SHA512 6ef8526fecbd48d4f90ecac0fb338bf0e56eb78e0c806459295f0cf00648bcc29f39dab99da24ebdf82f2162bc1c72f2874efb9eec7ae0e3d8262439e31f834a

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe

MD5 9517ea30f72e8083489d64e385505868
SHA1 c450725af575c56405fdbf91a8445b8f71db5656
SHA256 7e85e2d8f4d61d46b08a0d6f0fc9bc2c1eae5e19abdb9d2e0931d382f200c0a7
SHA512 bff006bc917c78d6ea454eb7f8fc9b1748a9125b6983e48199b8d378cc639ae31f85ed8a3b497a6ff4ab135a86392647247ee1232c4f52cb4087c0ca584335a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5990c020b2d5158c9e2f12f42d296465
SHA1 dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4
SHA256 2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643
SHA512 9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 208a234643c411e1b919e904ee20115e
SHA1 400b6e6860953f981bfe4716c345b797ed5b2b5b
SHA256 af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458
SHA512 2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JM0012.exe

MD5 f8e7488fd4ced59d6eb387447bc37430
SHA1 560ed0a592273875ae66a93efd611f76a9da7ee7
SHA256 30d11b5bd1ed2f376bb2c6dd47299a54702bf9cfdfc0d32e5f50c1adf83ae347
SHA512 0e7445eb71a24e10c13a706189cc972d9d590bbd456f27b4008243161868fc6b0e86fd8fadf42f61502aa913f39e2a3fedb7de236b80a2bff05378b7ade6cdb2

\??\pipe\LOCAL\crashpad_668_SPZSAKRYINUJFMAO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ce67806c08111188b7424dc998d083f2
SHA1 4e2cf698868c2e025c0b61df4a8e7668597b8d50
SHA256 b7478184b076cde9e511ae4d59e2d08171bd94a7910fca3c002d21c2f2cf486c
SHA512 dc31fa08e04fbe7c166e87804be490f06bb3ac8e41e8a87caf61f594b92fc47b8e3bc51b24fd024bbdc5ac26cc0b2c64fa7398e98ad9945581c5792b50b9f33f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b6ae0e62-aa66-4e44-990f-269168a54a61.tmp

MD5 abe3a9980a671fe97b457e5d6b8ec349
SHA1 ab8a27a9cde410669b67e1813a01f14490cc2469
SHA256 f47e9a475288cbd9c18d7d28fe2a002297e7e13eded6e084db27419e9b009926
SHA512 2a63680ab2cf7f3263977b3aa636efcd1e8cfae3baaca48879d448aeabe286e20c0b2b69efcdb7d60a40f81c5bcde48c5feb0ce498b8b269857d1276fc9d28fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1b1c82950f810e17a91383542694dd4a
SHA1 0626fc6a253dc5d5ed03cc2b21cc7e1e6c93bfdf
SHA256 b5bd4a666b080c3c1c70cfca40830c5f6eca46525a43422da8421d0a72778868
SHA512 1515b6d5d9e62d8a7a9bd09ef91b1276c903094d901d633c8023574cced5ea9e8ba00fb88d4d03041adc3fe43d466599d82bc53658ef8e00183cf396e7501b8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 32aa6abae172eda06c1a3ecffe3beedc
SHA1 a4b32acf341fe5cd7b3118331cb8bafc8f40fc9d
SHA256 2adc288e24b56296912c969ab42a768ec8bad59fe1e9c4c4e469b09227c0ba98
SHA512 fe9cca78a9437d27d54740eaec3bc6619892a535169561f23cc70f091b0c93d64fdee54ee13bc5de4adbb639db79043e1bc0d4674496e81398942a997ab88d48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c14d9aea-739d-4fd7-8143-6db3aa897a68.tmp

MD5 cbe5bdfdb4b4a7f6610b0b69b35db167
SHA1 3eb86345451865ec483b8884e1ac7175fe14927f
SHA256 4a889bdabb3361a8fa225010af3ee22e8c1eb129a6a0b4707f14587a0dca1a40
SHA512 e938f7201f6847a648589cb65cc37dd7a0d3fa4879c6fe3530bb9a9c0a99c0e94b4abd393e60935d2fd667e9f8c9bc841add6d49874b082d2c896474dde81dce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4dd740097b4a83caf19f49f9fc68806a
SHA1 ccb8844ccfe4e3cfe68b8764158b7374dd1d0e46
SHA256 f09c83063a3b444dcd8bcd1b83573c9ff9c1a0bdd7564b32edf8ff0d9f4f35ab
SHA512 cf4248cce1d29b78571f7bc92e20a45ec9f64fd4384050310c92d6f6b18079650572b507682787783720cdfdca8f046d84400b38a7a7caa90a8adb99f28d3652

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 60f88b631f1f1f9ef4211ee269883b51
SHA1 cc4b369e830a99cf978e8d7b28ad3492f357b5ba
SHA256 cef42f5fb645521319395be7911bb6f5fb27dc76a5a7b51af68044c50de89252
SHA512 1f08b0f9afc1f46d017b6681a2634ae8ca0a792f1a166c6543ee0a582f2324ec36fba54aacd2cefeaba7b3a353b7125eb42cef97b54092c227df0a874b196282

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 68f08ec59cfe93f9998375943ac65d95
SHA1 83d4561d32b4502f5899f544e543c603d6a98945
SHA256 bbff534c5c65f8018dfd9dd24bdd5e3fc6f35f8d94ae412975fe0582ceede773
SHA512 e1a58ee77399afc47a54f755a5ba8cb63797745ec4264f9055ef8b30cfa2355f084003a6cad105f346fa530233d635e3fb4d3ad442b4b5bbc8a793c3e44e01a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4803ef3ea7f119719a28e9fe93ef5e9c
SHA1 60ee9ad98e60cc897584ca291e3c3072f8c92dbc
SHA256 62425f8b77712052ff70ec727c0226606f579aa117b292a24a7d1c056b368c24
SHA512 22a5330fa6bbc3e824186db12128a929c35d4b79a5ec9ce65ecf849e16632d5451f8e1078965000d80ad6ab15d4ab19eb2d5dd3657fcad159225d5365157455d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\be42d687-e405-404a-a003-a181c087c169.tmp

MD5 205ec2f766c222b1f02e971896850e18
SHA1 ac9c88ad3b9aa430344cbfce522fc74cbd7b0b70
SHA256 6ae33e34e011064621a1dc0b6a3b48e1dc1c7d27e82c37836a4a0268f7d6cccd
SHA512 713177d48f79678e4e256519c41120c8ebc9bccb5f784ce193b5e307dfb0fc55250e6ac2ee0c479d71cb669cea3a64089cb41e42f6b358180998cdf72fdf8d3a

memory/6000-334-0x0000000000A00000-0x0000000000B00000-memory.dmp

memory/6000-335-0x00000000024F0000-0x000000000256C000-memory.dmp

memory/6000-336-0x0000000000400000-0x0000000000892000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e8ecf66dfe4647a5435ad110ae21f8f6
SHA1 8363d627f4fc4d62d6bf03a3ac34ac65d5b4b30c
SHA256 0ea9a1cc6e5b44d3bf8c511648d3bee4aff8804e16bf49bf6b7b7a2df20ada0c
SHA512 6399810528367a01938354ebae98f24506b6742f07d329d75b4545dddc43ab4dea6a1095a7136e44ae7e3b560d18951f804e15e8d1701e373cdcccd04bc38440

memory/6000-365-0x0000000000400000-0x0000000000892000-memory.dmp

memory/6000-366-0x00000000024F0000-0x000000000256C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2a67e390933b968e3abbe288a60b9411
SHA1 c01263aa809a66611e01c01253aa75a3811b87af
SHA256 b97d39b84f6824a813e87c993544e0622b7237f7295f4da1c2cf306ee3a2faa5
SHA512 d2884938719126fe147b08f5e7281d6bcc7124861259198ff1f1c6d528ef61d307b0947aabf6ba533e30da4c6f80958f76d28eaaa95e9d2226d57789871738a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 5a6206a3489650bf4a9c3ce44a428126
SHA1 3137a909ef8b098687ec536c57caa1bacc77224b
SHA256 0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28
SHA512 980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f145c2082b92b560b7694f407eee69ca
SHA1 3e46237ecba9c8759aeae88ac7ddcc8794335e65
SHA256 123d601c71b4115bc1f8b93c74d99e7773ea22bf7217fa375605f3e9916fd321
SHA512 0a0a8997fc12ca5751a652509a74e7c90faf7716c03c41bc1d575751bf9c05456eb36df0f63f264c0ffe590ef488942bfe9b338c44b6beda2794ed7d4b45365a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 172d1cdb29178fa8c792237786db14fb
SHA1 066bdd7b0e347069a55a033a290083372ad44176
SHA256 2f41423f4d6ba504a0f0fb4ea57762a49a982494f9a5265f0f8bb887e631a8be
SHA512 2f0ecd4cfee9bb3d2f925f774cf0dc157dda11c6f6f0bc492637816d2b20fc2dcc90c1789e9c6cf683bb0dc582a7be8a0528a5829773e07671ec29deddc7aa14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bf63.TMP

MD5 47c311507fd7b8e1115bd59c6e413ca2
SHA1 17a592d94bcdd6c348006c1e807370c854dd5fff
SHA256 750c37ec5e6f55263a5cdde5f4fda29cf65fc3f2b60e41e381c9c3361ea4b4d2
SHA512 cba75d98475fd44b093d6b1a7cb8c97003fb15b214895799fda3c6ed608a498e33066e68fb9895595320851f65b1e3bfb7cd40d68e0cbb34e6956206d20473db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 909324d9c20060e3e73a7b5ff1f19dd8
SHA1 feea7790740db1e87419c8f5920859ea0234b76b
SHA256 dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278
SHA512 b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ad7044f875ff7c0c6616a73ae5bc6eb6
SHA1 bd3be93a221d1720ca91837d2a77637f05890ab2
SHA256 ff591c6e8f0c73064866763465f2851d5bba15ed4c9d4375cf19dcb942c6282d
SHA512 68fcef89db0e958b6f0af8e69f1d8ec4838fc0d7b7232b318d05b83e3715b1f83140dd095365a0a3778eb4937e2cf34956d6033c4cc255799ca8045af6078723

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1b368be75326e710dd1839ae644aa65e
SHA1 f78a977b510a48f29acc28eb9085c2bdd90b4e07
SHA256 89c3709ab23b264e651108458cf60d8fa09e88f6ffae28db987200d26afa9b4e
SHA512 fc13097f963bafc9f73acd5ce66a9a6d92f93cd83be44970c76d8b6fc0ac9f674dda49d65343c8873ab7f51a29b82c2a8836ecf078757292eeec39d5615580e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 d55250dc737ef207ba326220fff903d1
SHA1 cbdc4af13a2ca8219d5c0b13d2c091a4234347c6
SHA256 d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd
SHA512 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 b3ba9decc3bb52ed5cca8158e05928a9
SHA1 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0
SHA256 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4
SHA512 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 452426a1d966248314a99b3c2f462ea1
SHA1 5ff652a49cab45b9d370c69d8ecca46a9eba9354
SHA256 499cb1797a7efb39e82217842c4c22318723a2a537746afec877d851ab4eccf9
SHA512 236f70f38996bf76f98ba2b43021b80eef65d1fcad26be29dc617be18c65798f50c23aca228d2a3267ab95cfebe67d336972ecaf6da3bc6b94f2e7c436d79e3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ed939d7135b184d53d8189a65d3d6ffc
SHA1 b357d73e7e15faa658f28f3f67b4f6b241c788fd
SHA256 deb7d3999e851a019917a40c4f41834c7f5e366ceca9f6227bd2f35330248884
SHA512 247421b8704b2e6f25796454b9ca9959486e934c2ee1821e13f28f1234f683e43912540fea90614310d205195ef9e3fd9ba39b3798c98a681e259b5dd23da6a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 806df4cac0d7990d72a5d535c8faa2d3
SHA1 722145424d98b8bbd6bb08fb539c4c45ebafafb8
SHA256 c328dd1e74eeb9c2071b72b58a717d4967065dd8fcedcb030ae00ede9ba1b1d7
SHA512 f770a30ca57cd3642265c6ee1308b7bf88e18e0553d2afbf1efc4467e449d60d231e844f07024edc9f3f06218d70f18adf0644791638cea1c01487dca1410445

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 6de854749eecea8517d84f585b5d7302
SHA1 266f330a948637cfe7d3376dcfebf3ad371fbaa0
SHA256 32f28ae817614e694dc670ca464eda160b27a9864b75c1cbe6662a4f9cbdfd7e
SHA512 a8e3115ab787d3d9ffbed13f3a6a086a9cc7ee07a4cfeeebba53c54cef0c64504d581dd0250ebf37a76af917a72641fe310fc88f97a09321f7be82fba5ecd7d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 83436693de2e136da59d03490e91c60c
SHA1 0943b5599641caa3561989251498598f9ff1fd52
SHA256 1d58cc733b384e535e1af4d610c33537159e93bf318c90cd4109261541680c8f
SHA512 023c9ccb52292f49b55eedffcdc682f2e35918288518cbe076790d47156e7188f3df03d2056c5d7f173c4e2b1fe8a777b43d8a07f1be01f2af6082015642910e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 76f022f910dc6d30653b578cfc886082
SHA1 1043a88392bdefa923c69c1fc8f73bc01106365d
SHA256 b060b3ee500ca9ffaeef5f954cc2b6105dba47579dac6527565898b690830e56
SHA512 e320eac76e369d34024bee5256e245b5e8a6b21853f03335111f957cf31421bbf5054a2b8893736d2b8fba614d99b8a25945c6d6ce6fd03f4d220bd05ecda8c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a84f6048e20fd801670b563bcd33cd9b
SHA1 3a4023b53ee96d5d7ed1d6ce324b42e6de7a83b2
SHA256 c434436770f9f0baef1d9b4fb81e9d48b663e242c7df78349370512c9dd638a2
SHA512 17eae0f466cf385ff9e0a1234b1aea88b38c1949e40fef8228f96866a3027fe5e165a2f48641b47bf72dd4a84182db5697318cb57620f2936c8bf56a917672d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 802b6012a02c1cc337e576a5e0257ead
SHA1 af084d84ee0be334a78c0a23f2bcadbffef3a287
SHA256 d6c607098107da63e8a9c63c89accf189f737d2c67dcd8b69ff316305f60ebd1
SHA512 71bbfce562ffee34beb14ff2ae0cd756c50340c7d3db0d30be9d72ab577c89675d7e689e609e086a0928dddad43dc44aa01de4a8ca95a98b9382a716dd39adb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f9d306534f551ba4354efc30be47ce9b
SHA1 f52351c73cc210e8192eedf2d43084cfae4d1328
SHA256 44cf015952e313c898b2d9db63c49cea03db3e1ba2e0fb1990f477664f480ad5
SHA512 1ac5053105119a743d483f29001e23b4f388df3cf0ee9a6de97d543934428e7a813eddfac97670e7d62f8bc761e01d0898da4097409b5c29550fac262299ded8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe598301.TMP

MD5 dcc505ed9d36009a14e8a23cdf80a5b1
SHA1 177e2e572feadff788b50c87105607b8dff3b594
SHA256 5e16638c38ecfd3580d8129e7c807c7412a68c5cf2f7ad6244f6863702736435
SHA512 97f912c7150662bb3ed8f20fa0ce13499dae4b65590a8c4ffbeb2655f8a0382dbb7484e1dd08f5480eeaa5e5d1cd5b5bea97a52d81b0599d9d24725828a56b1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1d24eda6d0808c68c79fc49c5cc62ed0
SHA1 687765610cb318b31113533d5d3fb881966e3dcb
SHA256 0def3a1665bdc859f0f12306bdddabd0d0bca767ee303de0195d674f8cbe8f4f
SHA512 bdcee5337701fb351000f73b5ecd486556562478c0efb2827986d8ae7094f7c193aa7b1806817b6804c9ae3307b8e3c62ea8c2073ad18e83a0e7eaccf6040597

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f6c1c5fa87e83f9cb2439e6782b86631
SHA1 d00da40e98d52ac4f9844508eb8e7c36140655e5
SHA256 433031fd0f39629e3883fa4da3b06476a081968fea253fdb43903d1c47f6a353
SHA512 9163f834242b83689537e87441de4b5c399c78a0aac27e4873f7aad295e93d5d87cf062d715d16f3d707f1bd7731e2e4357ca6bfd3b5a1f2d4b2c8af10335626

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e307bbee5295e7ee75404a5d9811325d
SHA1 1bc5b9da600123faf33a1f7cb07be01ac040d2ea
SHA256 c271a2d2d234815bd1cf765f3f3e2ebf99e6cae4c7961335b66cab62ef4fb55f
SHA512 db22bc6d5e1bd3dfbc5aaa21966097c4fb3d6a1bb1b4363e6bfbc4468a78ef55941e2d0576bb84756506febe9e5b6ddd7ebdb3358e38e1f9db42427691b82e46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3d9042d035d913299d069f37b08c2ea7
SHA1 7177e67bc4a84cd1885272b15e6df3e783590cce
SHA256 c01bae00f2692b640252e43810da199a11d290eb4c5e74fb244a1a17a6acc914
SHA512 50053ba4ff91cff0302eb11d98f1979f6a13a89834ecaef38489e3e15089655898df66bad6d0774380d5c98ec5b426be1820c7fd625f39b325e538df0225dda0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 214263662661f65d6c0a75b0f648ecb0
SHA1 8fe8d401149e7438f29ee458bebf92e8a338c227
SHA256 4110b7fd716543bac4c85a4f545fe548ea96de5d9aa4043ad01d86a3fbd721e3
SHA512 88b6c28f72a58718fbb9e0ea065b84514356c7920fd33b67fa7477dfafdc392d0ade2dd2b7be8c2810c5ac603abf3db149159a8ce6f5e63d9b6e397677a346a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\8e2715a6-d982-47d8-9719-87a6221158b8\index-dir\the-real-index~RFe59f37e.TMP

MD5 d22533f6ccb9c200b95b9c2a2aeec00a
SHA1 24a97da4115a1aa96fbc4b639c3ec1f2033b891e
SHA256 9a42ba7d9b2b4ff01f73f8ec279bebc8d02c6cd51a4f648146e378b53993c44b
SHA512 9945e6cd7f58742588c23438bd8d4a54b54fa5799df3d64acd156a48b893d0d21bc18ea40b696d9a770a70ce90ce8c5bd27815cb84829f58118c1ab67205246d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\8e2715a6-d982-47d8-9719-87a6221158b8\index-dir\the-real-index

MD5 2aec8b414ba176091e40879e96d72aa2
SHA1 22eac5dbcfbe710c5e52a13fec8159acb8937d5a
SHA256 35475a9e3e264479952741d83fe14e3ed05c4ad3d821b7cdd94423b96b92ff4a
SHA512 8302620647073a6073861e766a2a2ecb99e696025928040cf7aa9b1d49e5f3afe3eba75f0c0078d9ce0647ff30beb02b0bd113e017d6925eb5bf4707b43d166a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 d26f3943603f7fb6f751e2b9055749e6
SHA1 37f0e56939aec20367361469daffa7e9bd2672b5
SHA256 1ff5242deee8fd95d68d81ec9db7179c1813704d7cc8812df3bec62a8484e6cc
SHA512 567ffde7d5c5a4d8916f0104265fdc04f5b2601ae32be2276ccc47531aa69a49e833f34fce332cedb49bfc7ac133d92531262ee873f29116d5835825a3ebaf40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 0651878414a2110355cc8b386b90a8ba
SHA1 0b7bef98276246b76c998278c695f085e9568102
SHA256 91d1092278aa18a1d60b6d4fca74854236c821827b27a7afe6da541668f9183b
SHA512 b42a981c71d3decc940741d9ab4700f95522d6c7345c1bef6ce4402201c5e324bbcb9f9644bb60d029bef40f6ef8071c3ca3439fa5640994b356edfbca06af37