Analysis Overview
SHA256
4fde9c840e9036098cad6fc7786c67f2b5afdb2bf79f326691ddd945402e7647
Threat Level: Known bad
The file 4fde9c840e9036098cad6fc7786c67f2b5afdb2bf79f326691ddd945402e7647 was found to be: Known bad.
Malicious Activity Summary
RisePro
PrivateLoader
Lumma Stealer
Detect Lumma Stealer payload V4
Executes dropped EXE
Adds Run key to start application
AutoIT Executable
Detected potential entity reuse from brand paypal.
Enumerates physical storage devices
Program crash
Unsigned PE
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-13 12:24
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-13 12:24
Reported
2023-12-13 12:26
Platform
win10v2004-20231127-en
Max time kernel
152s
Max time network
156s
Command Line
Signatures
Detect Lumma Stealer payload V4
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
PrivateLoader
RisePro
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JM0012.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7wy6yV36.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\4fde9c840e9036098cad6fc7786c67f2b5afdb2bf79f326691ddd945402e7647.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JM0012.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7wy6yV36.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\4fde9c840e9036098cad6fc7786c67f2b5afdb2bf79f326691ddd945402e7647.exe
"C:\Users\Admin\AppData\Local\Temp\4fde9c840e9036098cad6fc7786c67f2b5afdb2bf79f326691ddd945402e7647.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x120,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe789446f8,0x7ffe78944708,0x7ffe78944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JM0012.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JM0012.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 4260 -ip 4260
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2072254818956727065,8448896810877648310,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9942060953766167493,9971561707295730080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9942060953766167493,9971561707295730080,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,16224087209975508285,10883444996333298007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16224087209975508285,10883444996333298007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,402219342939148483,13106873279760835238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2072254818956727065,8448896810877648310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,402219342939148483,13106873279760835238,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,13911673262306400219,6630831054126532795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13911673262306400219,6630831054126532795,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1480,325644188836619972,3852185474426871924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1480,325644188836619972,3852185474426871924,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,11636644674430059035,12966641807602329436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1520,11636644674430059035,12966641807602329436,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 608
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11003232817263254981,5325121712184170056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1420,1443610852333350980,16016008659145242521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7wy6yV36.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7wy6yV36.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6000 -ip 6000
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 1064
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8540405504137921047,13769414938220773800,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5256 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 2.17.5.46:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| IE | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 46.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 52.206.110.145:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| GB | 104.103.202.103:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| GB | 172.217.169.46:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 84.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.110.206.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.202.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.242.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | soupinterestoe.fun | udp |
| US | 104.21.24.252:80 | soupinterestoe.fun | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dayfarrichjwclik.fun | udp |
| US | 104.21.80.57:80 | dayfarrichjwclik.fun | tcp |
| US | 8.8.8.8:53 | neighborhoodfeelsa.fun | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 104.21.87.137:80 | neighborhoodfeelsa.fun | tcp |
| US | 8.8.8.8:53 | 57.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.24.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | diagramfiremonkeyowwa.fun | udp |
| US | 172.67.183.217:80 | diagramfiremonkeyowwa.fun | tcp |
| US | 8.8.8.8:53 | ratefacilityframw.fun | udp |
| US | 188.114.96.2:80 | ratefacilityframw.fun | tcp |
| US | 8.8.8.8:53 | reviveincapablewew.pw | udp |
| US | 8.8.8.8:53 | cakecoldsplurgrewe.pw | udp |
| US | 8.8.8.8:53 | opposesicknessopw.pw | udp |
| US | 8.8.8.8:53 | 217.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | politefrightenpowoa.pw | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 104.18.37.14:443 | api.x.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| GB | 199.232.56.158:443 | video.twimg.com | tcp |
| US | 104.244.42.69:443 | t.co | tcp |
| US | 93.184.220.70:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 14.37.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 18.172.242.107:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.172.242.107:443 | static-assets-prod.unrealengine.com | tcp |
| US | 52.203.30.102:443 | tracking.epicgames.com | tcp |
| US | 8.8.8.8:53 | 102.30.203.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.242.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 221.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 220.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| IE | 163.70.147.35:443 | fbcdn.net | tcp |
| GB | 142.250.200.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| FR | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| GB | 104.103.202.103:443 | login.steampowered.com | tcp |
| GB | 104.103.202.103:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.103.202.103:443 | api.steampowered.com | tcp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 18.172.242.107:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| US | 35.186.247.156:443 | sentry.io | udp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.218.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 90.218.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | rr4---sn-q4flrnes.googlevideo.com | udp |
| US | 173.194.191.169:443 | rr4---sn-q4flrnes.googlevideo.com | tcp |
| US | 173.194.191.169:443 | rr4---sn-q4flrnes.googlevideo.com | tcp |
| US | 173.194.191.169:443 | rr4---sn-q4flrnes.googlevideo.com | tcp |
| US | 173.194.191.169:443 | rr4---sn-q4flrnes.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 169.191.194.173.in-addr.arpa | udp |
| US | 173.194.191.169:443 | rr4---sn-q4flrnes.googlevideo.com | tcp |
| US | 173.194.191.169:443 | rr4---sn-q4flrnes.googlevideo.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 26.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vj2gy27.exe
| MD5 | 5bceb29dca11f268a2e0b269840a99ee |
| SHA1 | 4965f02ace233480c6d29f55f4bdc82d35f49427 |
| SHA256 | cea1a8b113919127f8d2265ec4c50a3bbd75ee4fcf9841bf56064363ca124b34 |
| SHA512 | 6ef8526fecbd48d4f90ecac0fb338bf0e56eb78e0c806459295f0cf00648bcc29f39dab99da24ebdf82f2162bc1c72f2874efb9eec7ae0e3d8262439e31f834a |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1rC71oL2.exe
| MD5 | 9517ea30f72e8083489d64e385505868 |
| SHA1 | c450725af575c56405fdbf91a8445b8f71db5656 |
| SHA256 | 7e85e2d8f4d61d46b08a0d6f0fc9bc2c1eae5e19abdb9d2e0931d382f200c0a7 |
| SHA512 | bff006bc917c78d6ea454eb7f8fc9b1748a9125b6983e48199b8d378cc639ae31f85ed8a3b497a6ff4ab135a86392647247ee1232c4f52cb4087c0ca584335a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5990c020b2d5158c9e2f12f42d296465 |
| SHA1 | dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4 |
| SHA256 | 2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643 |
| SHA512 | 9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 208a234643c411e1b919e904ee20115e |
| SHA1 | 400b6e6860953f981bfe4716c345b797ed5b2b5b |
| SHA256 | af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458 |
| SHA512 | 2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JM0012.exe
| MD5 | f8e7488fd4ced59d6eb387447bc37430 |
| SHA1 | 560ed0a592273875ae66a93efd611f76a9da7ee7 |
| SHA256 | 30d11b5bd1ed2f376bb2c6dd47299a54702bf9cfdfc0d32e5f50c1adf83ae347 |
| SHA512 | 0e7445eb71a24e10c13a706189cc972d9d590bbd456f27b4008243161868fc6b0e86fd8fadf42f61502aa913f39e2a3fedb7de236b80a2bff05378b7ade6cdb2 |
\??\pipe\LOCAL\crashpad_668_SPZSAKRYINUJFMAO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ce67806c08111188b7424dc998d083f2 |
| SHA1 | 4e2cf698868c2e025c0b61df4a8e7668597b8d50 |
| SHA256 | b7478184b076cde9e511ae4d59e2d08171bd94a7910fca3c002d21c2f2cf486c |
| SHA512 | dc31fa08e04fbe7c166e87804be490f06bb3ac8e41e8a87caf61f594b92fc47b8e3bc51b24fd024bbdc5ac26cc0b2c64fa7398e98ad9945581c5792b50b9f33f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b6ae0e62-aa66-4e44-990f-269168a54a61.tmp
| MD5 | abe3a9980a671fe97b457e5d6b8ec349 |
| SHA1 | ab8a27a9cde410669b67e1813a01f14490cc2469 |
| SHA256 | f47e9a475288cbd9c18d7d28fe2a002297e7e13eded6e084db27419e9b009926 |
| SHA512 | 2a63680ab2cf7f3263977b3aa636efcd1e8cfae3baaca48879d448aeabe286e20c0b2b69efcdb7d60a40f81c5bcde48c5feb0ce498b8b269857d1276fc9d28fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1b1c82950f810e17a91383542694dd4a |
| SHA1 | 0626fc6a253dc5d5ed03cc2b21cc7e1e6c93bfdf |
| SHA256 | b5bd4a666b080c3c1c70cfca40830c5f6eca46525a43422da8421d0a72778868 |
| SHA512 | 1515b6d5d9e62d8a7a9bd09ef91b1276c903094d901d633c8023574cced5ea9e8ba00fb88d4d03041adc3fe43d466599d82bc53658ef8e00183cf396e7501b8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 32aa6abae172eda06c1a3ecffe3beedc |
| SHA1 | a4b32acf341fe5cd7b3118331cb8bafc8f40fc9d |
| SHA256 | 2adc288e24b56296912c969ab42a768ec8bad59fe1e9c4c4e469b09227c0ba98 |
| SHA512 | fe9cca78a9437d27d54740eaec3bc6619892a535169561f23cc70f091b0c93d64fdee54ee13bc5de4adbb639db79043e1bc0d4674496e81398942a997ab88d48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c14d9aea-739d-4fd7-8143-6db3aa897a68.tmp
| MD5 | cbe5bdfdb4b4a7f6610b0b69b35db167 |
| SHA1 | 3eb86345451865ec483b8884e1ac7175fe14927f |
| SHA256 | 4a889bdabb3361a8fa225010af3ee22e8c1eb129a6a0b4707f14587a0dca1a40 |
| SHA512 | e938f7201f6847a648589cb65cc37dd7a0d3fa4879c6fe3530bb9a9c0a99c0e94b4abd393e60935d2fd667e9f8c9bc841add6d49874b082d2c896474dde81dce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4dd740097b4a83caf19f49f9fc68806a |
| SHA1 | ccb8844ccfe4e3cfe68b8764158b7374dd1d0e46 |
| SHA256 | f09c83063a3b444dcd8bcd1b83573c9ff9c1a0bdd7564b32edf8ff0d9f4f35ab |
| SHA512 | cf4248cce1d29b78571f7bc92e20a45ec9f64fd4384050310c92d6f6b18079650572b507682787783720cdfdca8f046d84400b38a7a7caa90a8adb99f28d3652 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 60f88b631f1f1f9ef4211ee269883b51 |
| SHA1 | cc4b369e830a99cf978e8d7b28ad3492f357b5ba |
| SHA256 | cef42f5fb645521319395be7911bb6f5fb27dc76a5a7b51af68044c50de89252 |
| SHA512 | 1f08b0f9afc1f46d017b6681a2634ae8ca0a792f1a166c6543ee0a582f2324ec36fba54aacd2cefeaba7b3a353b7125eb42cef97b54092c227df0a874b196282 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 68f08ec59cfe93f9998375943ac65d95 |
| SHA1 | 83d4561d32b4502f5899f544e543c603d6a98945 |
| SHA256 | bbff534c5c65f8018dfd9dd24bdd5e3fc6f35f8d94ae412975fe0582ceede773 |
| SHA512 | e1a58ee77399afc47a54f755a5ba8cb63797745ec4264f9055ef8b30cfa2355f084003a6cad105f346fa530233d635e3fb4d3ad442b4b5bbc8a793c3e44e01a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4803ef3ea7f119719a28e9fe93ef5e9c |
| SHA1 | 60ee9ad98e60cc897584ca291e3c3072f8c92dbc |
| SHA256 | 62425f8b77712052ff70ec727c0226606f579aa117b292a24a7d1c056b368c24 |
| SHA512 | 22a5330fa6bbc3e824186db12128a929c35d4b79a5ec9ce65ecf849e16632d5451f8e1078965000d80ad6ab15d4ab19eb2d5dd3657fcad159225d5365157455d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\be42d687-e405-404a-a003-a181c087c169.tmp
| MD5 | 205ec2f766c222b1f02e971896850e18 |
| SHA1 | ac9c88ad3b9aa430344cbfce522fc74cbd7b0b70 |
| SHA256 | 6ae33e34e011064621a1dc0b6a3b48e1dc1c7d27e82c37836a4a0268f7d6cccd |
| SHA512 | 713177d48f79678e4e256519c41120c8ebc9bccb5f784ce193b5e307dfb0fc55250e6ac2ee0c479d71cb669cea3a64089cb41e42f6b358180998cdf72fdf8d3a |
memory/6000-334-0x0000000000A00000-0x0000000000B00000-memory.dmp
memory/6000-335-0x00000000024F0000-0x000000000256C000-memory.dmp
memory/6000-336-0x0000000000400000-0x0000000000892000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e8ecf66dfe4647a5435ad110ae21f8f6 |
| SHA1 | 8363d627f4fc4d62d6bf03a3ac34ac65d5b4b30c |
| SHA256 | 0ea9a1cc6e5b44d3bf8c511648d3bee4aff8804e16bf49bf6b7b7a2df20ada0c |
| SHA512 | 6399810528367a01938354ebae98f24506b6742f07d329d75b4545dddc43ab4dea6a1095a7136e44ae7e3b560d18951f804e15e8d1701e373cdcccd04bc38440 |
memory/6000-365-0x0000000000400000-0x0000000000892000-memory.dmp
memory/6000-366-0x00000000024F0000-0x000000000256C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a67e390933b968e3abbe288a60b9411 |
| SHA1 | c01263aa809a66611e01c01253aa75a3811b87af |
| SHA256 | b97d39b84f6824a813e87c993544e0622b7237f7295f4da1c2cf306ee3a2faa5 |
| SHA512 | d2884938719126fe147b08f5e7281d6bcc7124861259198ff1f1c6d528ef61d307b0947aabf6ba533e30da4c6f80958f76d28eaaa95e9d2226d57789871738a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 5a6206a3489650bf4a9c3ce44a428126 |
| SHA1 | 3137a909ef8b098687ec536c57caa1bacc77224b |
| SHA256 | 0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28 |
| SHA512 | 980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f145c2082b92b560b7694f407eee69ca |
| SHA1 | 3e46237ecba9c8759aeae88ac7ddcc8794335e65 |
| SHA256 | 123d601c71b4115bc1f8b93c74d99e7773ea22bf7217fa375605f3e9916fd321 |
| SHA512 | 0a0a8997fc12ca5751a652509a74e7c90faf7716c03c41bc1d575751bf9c05456eb36df0f63f264c0ffe590ef488942bfe9b338c44b6beda2794ed7d4b45365a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 172d1cdb29178fa8c792237786db14fb |
| SHA1 | 066bdd7b0e347069a55a033a290083372ad44176 |
| SHA256 | 2f41423f4d6ba504a0f0fb4ea57762a49a982494f9a5265f0f8bb887e631a8be |
| SHA512 | 2f0ecd4cfee9bb3d2f925f774cf0dc157dda11c6f6f0bc492637816d2b20fc2dcc90c1789e9c6cf683bb0dc582a7be8a0528a5829773e07671ec29deddc7aa14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bf63.TMP
| MD5 | 47c311507fd7b8e1115bd59c6e413ca2 |
| SHA1 | 17a592d94bcdd6c348006c1e807370c854dd5fff |
| SHA256 | 750c37ec5e6f55263a5cdde5f4fda29cf65fc3f2b60e41e381c9c3361ea4b4d2 |
| SHA512 | cba75d98475fd44b093d6b1a7cb8c97003fb15b214895799fda3c6ed608a498e33066e68fb9895595320851f65b1e3bfb7cd40d68e0cbb34e6956206d20473db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 909324d9c20060e3e73a7b5ff1f19dd8 |
| SHA1 | feea7790740db1e87419c8f5920859ea0234b76b |
| SHA256 | dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278 |
| SHA512 | b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ad7044f875ff7c0c6616a73ae5bc6eb6 |
| SHA1 | bd3be93a221d1720ca91837d2a77637f05890ab2 |
| SHA256 | ff591c6e8f0c73064866763465f2851d5bba15ed4c9d4375cf19dcb942c6282d |
| SHA512 | 68fcef89db0e958b6f0af8e69f1d8ec4838fc0d7b7232b318d05b83e3715b1f83140dd095365a0a3778eb4937e2cf34956d6033c4cc255799ca8045af6078723 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1b368be75326e710dd1839ae644aa65e |
| SHA1 | f78a977b510a48f29acc28eb9085c2bdd90b4e07 |
| SHA256 | 89c3709ab23b264e651108458cf60d8fa09e88f6ffae28db987200d26afa9b4e |
| SHA512 | fc13097f963bafc9f73acd5ce66a9a6d92f93cd83be44970c76d8b6fc0ac9f674dda49d65343c8873ab7f51a29b82c2a8836ecf078757292eeec39d5615580e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | d55250dc737ef207ba326220fff903d1 |
| SHA1 | cbdc4af13a2ca8219d5c0b13d2c091a4234347c6 |
| SHA256 | d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd |
| SHA512 | 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | b3ba9decc3bb52ed5cca8158e05928a9 |
| SHA1 | 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0 |
| SHA256 | 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4 |
| SHA512 | 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 452426a1d966248314a99b3c2f462ea1 |
| SHA1 | 5ff652a49cab45b9d370c69d8ecca46a9eba9354 |
| SHA256 | 499cb1797a7efb39e82217842c4c22318723a2a537746afec877d851ab4eccf9 |
| SHA512 | 236f70f38996bf76f98ba2b43021b80eef65d1fcad26be29dc617be18c65798f50c23aca228d2a3267ab95cfebe67d336972ecaf6da3bc6b94f2e7c436d79e3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ed939d7135b184d53d8189a65d3d6ffc |
| SHA1 | b357d73e7e15faa658f28f3f67b4f6b241c788fd |
| SHA256 | deb7d3999e851a019917a40c4f41834c7f5e366ceca9f6227bd2f35330248884 |
| SHA512 | 247421b8704b2e6f25796454b9ca9959486e934c2ee1821e13f28f1234f683e43912540fea90614310d205195ef9e3fd9ba39b3798c98a681e259b5dd23da6a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 806df4cac0d7990d72a5d535c8faa2d3 |
| SHA1 | 722145424d98b8bbd6bb08fb539c4c45ebafafb8 |
| SHA256 | c328dd1e74eeb9c2071b72b58a717d4967065dd8fcedcb030ae00ede9ba1b1d7 |
| SHA512 | f770a30ca57cd3642265c6ee1308b7bf88e18e0553d2afbf1efc4467e449d60d231e844f07024edc9f3f06218d70f18adf0644791638cea1c01487dca1410445 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 6de854749eecea8517d84f585b5d7302 |
| SHA1 | 266f330a948637cfe7d3376dcfebf3ad371fbaa0 |
| SHA256 | 32f28ae817614e694dc670ca464eda160b27a9864b75c1cbe6662a4f9cbdfd7e |
| SHA512 | a8e3115ab787d3d9ffbed13f3a6a086a9cc7ee07a4cfeeebba53c54cef0c64504d581dd0250ebf37a76af917a72641fe310fc88f97a09321f7be82fba5ecd7d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 83436693de2e136da59d03490e91c60c |
| SHA1 | 0943b5599641caa3561989251498598f9ff1fd52 |
| SHA256 | 1d58cc733b384e535e1af4d610c33537159e93bf318c90cd4109261541680c8f |
| SHA512 | 023c9ccb52292f49b55eedffcdc682f2e35918288518cbe076790d47156e7188f3df03d2056c5d7f173c4e2b1fe8a777b43d8a07f1be01f2af6082015642910e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 76f022f910dc6d30653b578cfc886082 |
| SHA1 | 1043a88392bdefa923c69c1fc8f73bc01106365d |
| SHA256 | b060b3ee500ca9ffaeef5f954cc2b6105dba47579dac6527565898b690830e56 |
| SHA512 | e320eac76e369d34024bee5256e245b5e8a6b21853f03335111f957cf31421bbf5054a2b8893736d2b8fba614d99b8a25945c6d6ce6fd03f4d220bd05ecda8c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | a84f6048e20fd801670b563bcd33cd9b |
| SHA1 | 3a4023b53ee96d5d7ed1d6ce324b42e6de7a83b2 |
| SHA256 | c434436770f9f0baef1d9b4fb81e9d48b663e242c7df78349370512c9dd638a2 |
| SHA512 | 17eae0f466cf385ff9e0a1234b1aea88b38c1949e40fef8228f96866a3027fe5e165a2f48641b47bf72dd4a84182db5697318cb57620f2936c8bf56a917672d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 802b6012a02c1cc337e576a5e0257ead |
| SHA1 | af084d84ee0be334a78c0a23f2bcadbffef3a287 |
| SHA256 | d6c607098107da63e8a9c63c89accf189f737d2c67dcd8b69ff316305f60ebd1 |
| SHA512 | 71bbfce562ffee34beb14ff2ae0cd756c50340c7d3db0d30be9d72ab577c89675d7e689e609e086a0928dddad43dc44aa01de4a8ca95a98b9382a716dd39adb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f9d306534f551ba4354efc30be47ce9b |
| SHA1 | f52351c73cc210e8192eedf2d43084cfae4d1328 |
| SHA256 | 44cf015952e313c898b2d9db63c49cea03db3e1ba2e0fb1990f477664f480ad5 |
| SHA512 | 1ac5053105119a743d483f29001e23b4f388df3cf0ee9a6de97d543934428e7a813eddfac97670e7d62f8bc761e01d0898da4097409b5c29550fac262299ded8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe598301.TMP
| MD5 | dcc505ed9d36009a14e8a23cdf80a5b1 |
| SHA1 | 177e2e572feadff788b50c87105607b8dff3b594 |
| SHA256 | 5e16638c38ecfd3580d8129e7c807c7412a68c5cf2f7ad6244f6863702736435 |
| SHA512 | 97f912c7150662bb3ed8f20fa0ce13499dae4b65590a8c4ffbeb2655f8a0382dbb7484e1dd08f5480eeaa5e5d1cd5b5bea97a52d81b0599d9d24725828a56b1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1d24eda6d0808c68c79fc49c5cc62ed0 |
| SHA1 | 687765610cb318b31113533d5d3fb881966e3dcb |
| SHA256 | 0def3a1665bdc859f0f12306bdddabd0d0bca767ee303de0195d674f8cbe8f4f |
| SHA512 | bdcee5337701fb351000f73b5ecd486556562478c0efb2827986d8ae7094f7c193aa7b1806817b6804c9ae3307b8e3c62ea8c2073ad18e83a0e7eaccf6040597 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f6c1c5fa87e83f9cb2439e6782b86631 |
| SHA1 | d00da40e98d52ac4f9844508eb8e7c36140655e5 |
| SHA256 | 433031fd0f39629e3883fa4da3b06476a081968fea253fdb43903d1c47f6a353 |
| SHA512 | 9163f834242b83689537e87441de4b5c399c78a0aac27e4873f7aad295e93d5d87cf062d715d16f3d707f1bd7731e2e4357ca6bfd3b5a1f2d4b2c8af10335626 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e307bbee5295e7ee75404a5d9811325d |
| SHA1 | 1bc5b9da600123faf33a1f7cb07be01ac040d2ea |
| SHA256 | c271a2d2d234815bd1cf765f3f3e2ebf99e6cae4c7961335b66cab62ef4fb55f |
| SHA512 | db22bc6d5e1bd3dfbc5aaa21966097c4fb3d6a1bb1b4363e6bfbc4468a78ef55941e2d0576bb84756506febe9e5b6ddd7ebdb3358e38e1f9db42427691b82e46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3d9042d035d913299d069f37b08c2ea7 |
| SHA1 | 7177e67bc4a84cd1885272b15e6df3e783590cce |
| SHA256 | c01bae00f2692b640252e43810da199a11d290eb4c5e74fb244a1a17a6acc914 |
| SHA512 | 50053ba4ff91cff0302eb11d98f1979f6a13a89834ecaef38489e3e15089655898df66bad6d0774380d5c98ec5b426be1820c7fd625f39b325e538df0225dda0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 214263662661f65d6c0a75b0f648ecb0 |
| SHA1 | 8fe8d401149e7438f29ee458bebf92e8a338c227 |
| SHA256 | 4110b7fd716543bac4c85a4f545fe548ea96de5d9aa4043ad01d86a3fbd721e3 |
| SHA512 | 88b6c28f72a58718fbb9e0ea065b84514356c7920fd33b67fa7477dfafdc392d0ade2dd2b7be8c2810c5ac603abf3db149159a8ce6f5e63d9b6e397677a346a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\8e2715a6-d982-47d8-9719-87a6221158b8\index-dir\the-real-index~RFe59f37e.TMP
| MD5 | d22533f6ccb9c200b95b9c2a2aeec00a |
| SHA1 | 24a97da4115a1aa96fbc4b639c3ec1f2033b891e |
| SHA256 | 9a42ba7d9b2b4ff01f73f8ec279bebc8d02c6cd51a4f648146e378b53993c44b |
| SHA512 | 9945e6cd7f58742588c23438bd8d4a54b54fa5799df3d64acd156a48b893d0d21bc18ea40b696d9a770a70ce90ce8c5bd27815cb84829f58118c1ab67205246d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\8e2715a6-d982-47d8-9719-87a6221158b8\index-dir\the-real-index
| MD5 | 2aec8b414ba176091e40879e96d72aa2 |
| SHA1 | 22eac5dbcfbe710c5e52a13fec8159acb8937d5a |
| SHA256 | 35475a9e3e264479952741d83fe14e3ed05c4ad3d821b7cdd94423b96b92ff4a |
| SHA512 | 8302620647073a6073861e766a2a2ecb99e696025928040cf7aa9b1d49e5f3afe3eba75f0c0078d9ce0647ff30beb02b0bd113e017d6925eb5bf4707b43d166a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | d26f3943603f7fb6f751e2b9055749e6 |
| SHA1 | 37f0e56939aec20367361469daffa7e9bd2672b5 |
| SHA256 | 1ff5242deee8fd95d68d81ec9db7179c1813704d7cc8812df3bec62a8484e6cc |
| SHA512 | 567ffde7d5c5a4d8916f0104265fdc04f5b2601ae32be2276ccc47531aa69a49e833f34fce332cedb49bfc7ac133d92531262ee873f29116d5835825a3ebaf40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 0651878414a2110355cc8b386b90a8ba |
| SHA1 | 0b7bef98276246b76c998278c695f085e9568102 |
| SHA256 | 91d1092278aa18a1d60b6d4fca74854236c821827b27a7afe6da541668f9183b |
| SHA512 | b42a981c71d3decc940741d9ab4700f95522d6c7345c1bef6ce4402201c5e324bbcb9f9644bb60d029bef40f6ef8071c3ca3439fa5640994b356edfbca06af37 |