Malware Analysis Report

2025-01-02 04:14

Sample ID 231213-r7zpwaebhk
Target 86c963538210d4647428af35f50d5c17f597be0094b8bf539e2f6d059d442271
SHA256 86c963538210d4647428af35f50d5c17f597be0094b8bf539e2f6d059d442271
Tags
lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

86c963538210d4647428af35f50d5c17f597be0094b8bf539e2f6d059d442271

Threat Level: Known bad

The file 86c963538210d4647428af35f50d5c17f597be0094b8bf539e2f6d059d442271 was found to be: Known bad.

Malicious Activity Summary

lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer

Detect Lumma Stealer payload V4

Lumma Stealer

PrivateLoader

RisePro

Reads user/profile data of web browsers

Reads user/profile data of local email clients

Drops startup file

Executes dropped EXE

Adds Run key to start application

Checks installed software on the system

Looks up external IP address via web service

Accesses Microsoft Outlook profiles

AutoIT Executable

Drops file in System32 directory

Detected potential entity reuse from brand paypal.

Enumerates physical storage devices

Unsigned PE

Program crash

Creates scheduled task(s)

Checks processor information in registry

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

outlook_win_path

outlook_office_path

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-13 14:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-13 14:50

Reported

2023-12-13 14:53

Platform

win10v2004-20231127-en

Max time kernel

151s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\86c963538210d4647428af35f50d5c17f597be0094b8bf539e2f6d059d442271.exe"

Signatures

Detect Lumma Stealer payload V4

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

PrivateLoader

loader privateloader

RisePro

stealer risepro

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\86c963538210d4647428af35f50d5c17f597be0094b8bf539e2f6d059d442271.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KE1Am63.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe N/A

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe N/A
File opened for modification C:\Windows\SysWOW64\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1204 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\86c963538210d4647428af35f50d5c17f597be0094b8bf539e2f6d059d442271.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KE1Am63.exe
PID 1204 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\86c963538210d4647428af35f50d5c17f597be0094b8bf539e2f6d059d442271.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KE1Am63.exe
PID 1204 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\86c963538210d4647428af35f50d5c17f597be0094b8bf539e2f6d059d442271.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KE1Am63.exe
PID 2492 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KE1Am63.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe
PID 2492 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KE1Am63.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe
PID 2492 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KE1Am63.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe
PID 4076 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4616 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4616 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 560 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 560 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 2348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 2348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 880 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 880 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3260 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3260 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2864 wrote to memory of 2560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2864 wrote to memory of 2560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4668 wrote to memory of 224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4668 wrote to memory of 224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 2804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 2804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 5272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1964 wrote to memory of 5272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1328 wrote to memory of 5528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\86c963538210d4647428af35f50d5c17f597be0094b8bf539e2f6d059d442271.exe

"C:\Users\Admin\AppData\Local\Temp\86c963538210d4647428af35f50d5c17f597be0094b8bf539e2f6d059d442271.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KE1Am63.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KE1Am63.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd56be46f8,0x7ffd56be4708,0x7ffd56be4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd56be46f8,0x7ffd56be4708,0x7ffd56be4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd56be46f8,0x7ffd56be4708,0x7ffd56be4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd56be46f8,0x7ffd56be4708,0x7ffd56be4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffd56be46f8,0x7ffd56be4708,0x7ffd56be4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x13c,0x170,0x7ffd56be46f8,0x7ffd56be4708,0x7ffd56be4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd56be46f8,0x7ffd56be4708,0x7ffd56be4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd56be46f8,0x7ffd56be4708,0x7ffd56be4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd56be46f8,0x7ffd56be4708,0x7ffd56be4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd56be46f8,0x7ffd56be4708,0x7ffd56be4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,12683963953390391063,9192409713822648939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,2562995378748913562,14534514661183511411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,2562995378748913562,14534514661183511411,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,12683963953390391063,9192409713822648939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,2442923840537744214,4260199967750451950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2442923840537744214,4260199967750451950,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3764355333234397667,6309862343600766118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3764355333234397667,6309862343600766118,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13402411944334521203,15698805242111139962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13402411944334521203,15698805242111139962,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,12043821653344803682,5832749401420381133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,2002884541592552598,15823093645443118154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5952 -ip 5952

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 1348

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Bm5uX59.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Bm5uX59.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 7496 -ip 7496

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 1032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,5853632860308488689,4197600684293499064,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8056 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 18.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.103.202.103:443 steamcommunity.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.epicgames.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 103.202.103.104.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 52.203.159.187:443 www.epicgames.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 2.17.5.46:443 store.steampowered.com tcp
BE 64.233.167.84:443 accounts.google.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.1:443 twitter.com tcp
US 8.8.8.8:53 www.facebook.com udp
IE 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 187.159.203.52.in-addr.arpa udp
US 8.8.8.8:53 46.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 84.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 1.42.244.104.in-addr.arpa udp
US 193.233.132.51:50500 tcp
BE 64.233.167.84:443 accounts.google.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 22.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 51.132.233.193.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 api.x.com udp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 104.18.37.14:443 api.x.com tcp
US 8.8.8.8:53 t.co udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.197:443 t.co tcp
US 68.232.34.217:443 video.twimg.com tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 14.37.18.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 221.160.77.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 52.203.233.59:443 tracking.epicgames.com tcp
GB 13.224.81.91:443 static-assets-prod.unrealengine.com tcp
GB 13.224.81.91:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 91.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 59.233.203.52.in-addr.arpa udp
GB 142.250.187.206:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
GB 142.250.200.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 8.8.8.8:53 t.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 soupinterestoe.fun udp
US 172.67.221.65:80 soupinterestoe.fun tcp
US 8.8.8.8:53 dayfarrichjwclik.fun udp
US 172.67.174.181:80 dayfarrichjwclik.fun tcp
US 8.8.8.8:53 65.221.67.172.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
IE 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 neighborhoodfeelsa.fun udp
GB 142.250.200.3:443 www.recaptcha.net udp
US 188.114.97.2:80 neighborhoodfeelsa.fun tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 diagramfiremonkeyowwa.fun udp
US 172.67.183.217:80 diagramfiremonkeyowwa.fun tcp
US 8.8.8.8:53 ratefacilityframw.fun udp
US 172.67.161.55:80 ratefacilityframw.fun tcp
US 8.8.8.8:53 181.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 217.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 55.161.67.172.in-addr.arpa udp
US 8.8.8.8:53 reviveincapablewew.pw udp
US 8.8.8.8:53 cakecoldsplurgrewe.pw udp
US 8.8.8.8:53 opposesicknessopw.pw udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 politefrightenpowoa.pw udp
FR 216.58.204.68:443 www.google.com tcp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
FR 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 login.steampowered.com udp
GB 104.103.202.103:443 login.steampowered.com tcp
GB 104.103.202.103:443 login.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.103.202.103:443 api.steampowered.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
GB 13.224.81.91:443 static-assets-prod.unrealengine.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
FR 216.58.201.110:443 youtube.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 188.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com udp
US 8.8.8.8:53 208.77.24.184.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.206:443 www.youtube.com udp
US 8.8.8.8:53 www.google.com udp
FR 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KE1Am63.exe

MD5 6630a364ed46870f9148666542adb979
SHA1 74c69bd2a094a16754a862eda73102ebe8627620
SHA256 016c1e2052aa435baf6710a642bea52214e0f79488f3939e794543d825aef85f
SHA512 1e68f237c845fb1ae5c36c161a598ad37988b252e562b836c4ac9a70c52f4f824c5213e0b922eee348e68002d0e933e8435b2403f5839bb4c5c559b4583a0803

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MA43od5.exe

MD5 6f79c0c2afa179f5e46712254b824e88
SHA1 c7e998fa7705e2c95e7ae4b9b6192a6ea85d79f5
SHA256 6958e59dae3dbb1df18ad402b68486371ef9510d9f7499863a77cc5879a9c283
SHA512 7ddd419b552feb59292776bfcaf6d7d8bc58dc678bde831f17a4c21c30726aa96d6aa782daf92a98f21b3c2ddb29702e3f2305115960f773a04a67600daa0f6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 edf2b2514bd574ccef3a3da9d0be4d9d
SHA1 78c247610ff063087c9571c1446778eb32993893
SHA256 13d82ea9734f67a5fff85da945a9e7b49380d2f3917b11e170cea864cef2d5e2
SHA512 5090983fdbe645c7db074e142d01bedd03d1b30ca13ae8dc7a2417f871da5173d1d2ae0f4c084ce423e1c57deed1d27fad77a06fd904d8f2ff7fef797afd2210

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7c89e9212e22e92acc3d335fe9a44fe6
SHA1 c43c7e1b5fb58a40a01a6d8dd947c41a48e0b41f
SHA256 18c46c863404b31fcce434662806fa34daff0f9af0a9379d898f772b5c398b44
SHA512 c6961c171af63ddc7a72aaba4c9d910cc6a424794c416cd1ce51206f7c7f1100ca51c9e41d07d68489105dccded2294c1d761a8dc6be80d22c661014efd6a9ab

\??\pipe\LOCAL\crashpad_1328_LXYEJOVPUWCVERRT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2LA7207.exe

MD5 f8e7488fd4ced59d6eb387447bc37430
SHA1 560ed0a592273875ae66a93efd611f76a9da7ee7
SHA256 30d11b5bd1ed2f376bb2c6dd47299a54702bf9cfdfc0d32e5f50c1adf83ae347
SHA512 0e7445eb71a24e10c13a706189cc972d9d590bbd456f27b4008243161868fc6b0e86fd8fadf42f61502aa913f39e2a3fedb7de236b80a2bff05378b7ade6cdb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f2bdea4d-b238-4ad3-8921-ddd82f23e8c8.tmp

MD5 725571030f16b60f380e25b9001af116
SHA1 0bd1cd6c2d42adabd8e7c14671e86f7c9b4ec392
SHA256 1f4bfd7c0765fed4f11cd729b400fe6cdcca9f6168bf2a701a0d9596a469d1d1
SHA512 eb277c8ff27ff917920feccaaf041901c6f781e17e58792726f0861fc83601121822a187bc43d4af0b8278445ca7111d45ca3140813a92f18aaa100c9596ed36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a8ee75d6367c7ba6dc4fedfc979fd95e
SHA1 f58ebfa52e3ae6d5be7b10c121a496a02a9549a1
SHA256 ab87fcbe3f47f4766f44841dcc9d3590ca68ba72cdc728357964c4f8b5a8691f
SHA512 cd725f96e679bff5555f0c31246ec20f82b71fbcbb39db2f3d20e9c198cea716b3954178ee43ce9847ac8f75d366ae3cfcce2f79d989323e3e71c83ef818af20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 507b72f6237bde4feb24ed9886bac767
SHA1 554bdc165578194a6e09b5355779436936d37ec1
SHA256 a55df4b7d5f905417f22eac64e0d294bfcda266938b530dfd2dae262f38e3e40
SHA512 faeda2a7be870787c5cbd7243253b69541fa08482752b09af640d4ab47cde2a689d473ba5c3766bf220f99752b29044f2ba0e4731753000c2eb12ad8f683119b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8ba5df7d-0143-4581-b7b2-4711284b533c.tmp

MD5 0a6aa48aadf662d3e59c1e9013892875
SHA1 b4f24538440f1f2950a42ed6dfa9808abeb50422
SHA256 05083bcfcfb092da44af0a2789817596b41119baee957fdcd6e2da9cfac7493a
SHA512 de4822382cee2faa2631ea2a22856a6c790906720cb7c29c128bf97a8c722d0be1c5ac7eaae2eae0b9c4ec37579c6d608cf528e02121e7b60be0d158021acd18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 83fd03fe1fe854a48ac4789ca7372125
SHA1 e842b34437a9cf09463267b563384d5eef57071e
SHA256 c8b9855fbaf697868bc332369b829cf06b8e6957e2dd9864a01d00a2cb1a7dee
SHA512 7bfab7c645a0dac711b3625fd4b938e3b9731cc62f7e9e3c07c40768fca2b0bfcb066ea0bf28066d5bf7d60a0bcb50c7c534967e66a3a6203fb9b661164bfb1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 441ef2b508167dbb599cf2a1a34f0804
SHA1 cf9c5c36e4c4c629fc85f3e1b35d985c85c704fe
SHA256 1848a3d7657acf73be949b66fa1dc2b71197446da4507e9e8c3fadbd2628aafd
SHA512 e27a4c5f75588f633dbc06c97dfb7abfb49d1d684311728f2934f6591971bd4e0d18064806b1368c9a5913e9d1c2f55532250b858d59dfae58aae0397eb62815

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 981021c7ba7357f633093d363de1affa
SHA1 57e19ed155c70fc1b952392c5675b3b06f18a5cf
SHA256 4c70b0013dd7f312b9f5ba925ed3c7b00d8d85f8d30706e41c9f9dc429631f0d
SHA512 4d507b7a5db98d6d0b4e402bc507a847054be9f917fd86e2b1dbc9133a369d9318b463c0f28514d3ef676da3fd028ced877878f134f5260a09b88064adbc700b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 79470ae190547a66c4778ba1253f9e13
SHA1 438730e03a42df5b1ed8d42c222e9ab36721d6bb
SHA256 a78845e1b7f089c7a12896e10f6e279177bd6c3045d9bf47da0a38a24638a160
SHA512 7e26e2e90e484b9e54fe7aad71559119c24e3981c9486735cc0b50154fa6fce72aebe3206c01a54fa23415297c76584875a044c78feac6b38d46cdfd24950c9c

C:\Users\Admin\AppData\Local\Temp\posterBoxyXP9JUjf670iF\ZunTSaNJLBVfWeb Data

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Temp\posterBoxyXP9JUjf670iF\QdX9ITDLyCRBWeb Data

MD5 44de9f4a837691e623c12425421c22d1
SHA1 5229b2b16468353e9ae72ae2d97840448b055e55
SHA256 683050f55ee81e6cdd868cad8df884f327f903bca54f06f19e24d196d514fcae
SHA512 5f15e672310ef2f67e7517e4b23d3d1500fe18c4e53785ed8191d0b74139ccb2142e5b7495ec966e207fd46ead84bbd929d2d169b71d9477fbac4b383b0b55c5

C:\Users\Admin\AppData\Local\Temp\grandUIAyXP9JUjf670iF\information.txt

MD5 9711259666b6bb4283265a13082a6edb
SHA1 41b4358c13c57a008d915e54cab18a76a718b6e2
SHA256 53ec6f76b0f6127cb68186f481aeaeae572adf1917bde48e0c1911154ec088e5
SHA512 005da771f1c1d8e7a834ed10cfa7167f60cbde2f63e3a4a9cbcdd404f739ed6f72afd8928e3865c39780f8372f32d5324f9ecdda4051114d7f40d9249682a53b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f8485ddb9f570ea5a7aa408c170c6c2f
SHA1 0f20f9973504bfa36117fcd89c966a475bcf6a75
SHA256 9eb521a2cced48175aaa4e3cac05cb8c0d35961671c9585fb7661897f6d4a1c2
SHA512 258612b62204bbb0beb629bba96ea5e6db7b7ad8f96d8b844c6e9a7934ab0422f6b68e11d6fcf894cc30952acd35d5e682796aad30a8993aaf0d48d43c3bccbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/7496-529-0x0000000000BE0000-0x0000000000CE0000-memory.dmp

memory/7496-530-0x0000000000DE0000-0x0000000000E5C000-memory.dmp

memory/7496-535-0x0000000000400000-0x0000000000892000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1c695bd2982e440a2ec7330fd1c02301
SHA1 8321b54f2ded7513dc01527f8e9f4bbf9be6bffc
SHA256 18b56add648e784c7776c87fc98798b646baadcedfcfb124e7636bc7b7c94658
SHA512 e42e5e7a615a36c3cc589edc3319183a3dde3c6d3d453108cae5db176148f37dfa50c564042c15e03ed42d747ca824452aaf45d8eee6664af4e0d7c3d87ef2a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 d7b2b29ef1d9a33e61e1167984c8ca3e
SHA1 9a0da1a3cf9003ecf6aba220a8a00ca34a7ebd34
SHA256 7d4bbec0e8bf4e62f352750240a0bc0f7844d58fea590bc6a9fc972c3b752dc2
SHA512 3cc40b7e35c0749e419b035a73768c8f76bace77ed44be6a59469a032b643da15162733e5aaa94064494b055858a24e4f79326a863f31f1c28eab44cec35cbec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/7496-621-0x0000000000400000-0x0000000000892000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 909324d9c20060e3e73a7b5ff1f19dd8
SHA1 feea7790740db1e87419c8f5920859ea0234b76b
SHA256 dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278
SHA512 b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 d55250dc737ef207ba326220fff903d1
SHA1 cbdc4af13a2ca8219d5c0b13d2c091a4234347c6
SHA256 d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd
SHA512 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 b3ba9decc3bb52ed5cca8158e05928a9
SHA1 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0
SHA256 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4
SHA512 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c66b98d78d9c2d68cb78ed0ee5265ef1
SHA1 fb0aa70336ba1813fa5283fc694a3ed4554a0025
SHA256 15734e590b910c82df338742ece5381f0624b993551e50e076c4a7f2b418713c
SHA512 72f11fdb772f658986fcbc563b5c1c2c8bae5fa8f05394df7ccc622b3509ae627a1079c2b11b7db36436d153ce13c5613e866cc1cb79dc677071c1f9642e43d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d707.TMP

MD5 ef6bbd5c141fbfbb228b32d18963c05f
SHA1 0b3032cc77df2e18626cb4ec8b06837e8256bfe6
SHA256 8f7cca3b31db2a5a261e7256cf174216c5011bcb720274408b6b41215a92eebe
SHA512 ad8ef9592bc8be6fb127b5d5bcdc5518e5e21d72bd045cf67bf1dc92d738d4c8d327551f6d97f8415398b719319decc9f34f788e299a4a8fc2057767023452f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c0231217-9e88-481f-8bba-dd6fc682dfed.tmp

MD5 81ed5136731f945937dde52b17a61f58
SHA1 728e279993d92eab215dd9fda5aa185ce46bda24
SHA256 9c62f2bc81ad6ee7bf382ba56f43c2f05982084208c8aed749dd9ee6dc51be4d
SHA512 ada5c24ca6f72b8270bb86dfc160c85c0fc50c517d5c9912394a927b1d20bb75d71b6e17cc890be3740bf1b33a1035bc27093b8d4c90d06e82abe6d54e882082

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 7ce4f4ea4c17e31b92282b9844efaaed
SHA1 60663865a3d3c402b6ea7a9ae80f4c0e8b3a2664
SHA256 415ca0c2ebb927edbd1d0526f1a783a0f2e3e6cc3cc86600e83f38711b3f3354
SHA512 f4a590336f150e894e285fa05e372f549260fc6d567fc7b346282c9e08cee4fc8a71bdd9a9b508ad9f196a33e9a48548b45992c1f4c487dbec86bb8c2aea2537

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 60fe4103a4df47b10d4b7bd990405f79
SHA1 5335308f69b7ed8f7c8f03ce4fc81059ab299dc8
SHA256 63fd9ee9361a5bbe591f3504f1054de12c0bf63650c86a9c7df11acd171e54c2
SHA512 3aff040d3e5366be43e6a0db402aff9a6c2c07dc6ed67c4c01f547ebdf38e76ea0489f1a0c8d83d01e95598f582e02c0573fd3ba5c66aa5e354ea810572842a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 597515ad7d008626f7203cf0c4fb6abf
SHA1 b0fc8889c6fcda9e8dd45680167651574352cbfd
SHA256 2ae35a01649469e5ddae980a5dd3fd80bd79e2e2fab4e66904396bc02000d2a8
SHA512 404aefd8ff609b6d0855bd27dbbab32f903cfeaa925c8e454ee58eabfec101f145b6c2c58876797fef238fe710f56d7081c8985b4c42517a82728e7912249a17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d7150041b67328162927184e31e4501f
SHA1 f8bda26afd439d9804652ccdf9103f6d5e505ab8
SHA256 71a5e1d88af05dce556c964c865b9ce05d57ed885889de9a432ecb2947d8b272
SHA512 4e3d901ad7abc777e226b73548d69f37e41312903293a831486777e6e6db2714d932ab0941568654510fcbfff457adb1b74b71484f247b963f2d478e10dbef02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4fe2f79ef55596dcafc0b910db7292a1
SHA1 209908b3840aa95e59bf88efc13490666a037bea
SHA256 071d9a7b4f7bba6433e307ecab00388be9244b159d8246649308b2beb30992ba
SHA512 40a837f5c10c2785901d25c6c7e64cf7b318c1a15e07b1c3144c8f19d19f66db3718e86b546f33a7f308c3f30f681fdb758e71a0ae7be81da908cdf6276b4561

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3646e799f03e9be65e86d76e49c182ea
SHA1 d2a7d8419c379be532b59b0c0ea924cf34d545af
SHA256 a539d7515b21ca1d0150071ac5fa340d49aea53e078370bd8414e4470535fd48
SHA512 0f23ff0e28a36c2fbee1e50cd0dd1b93d497b71e2e05b416b89870e4c67ef30f927d5b8d631ebdb36b1cca0461b436946ece3bcda3a9f0b77ed695e8ca4a2d4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5a8b99d7eb3fa085fe68d511051e1418
SHA1 fed96a8e59f90defd1b057bf136dc15ddf271c4c
SHA256 21443b8446c6e9224139e4826f6d584e9088387ca9dd0c13a45dd7994dffa64c
SHA512 d9022a9a9c629628bf750239528a457a21e8ea9258a9b0938cba950151c034e6fe4112fb334ca42850d1a9b6a3664fc16e0969cccdecaa6c9ca973b1e7c57349

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 0a7061d1686e24ad6cec6dada49538fd
SHA1 4d290357fead98fd8c26e7e56a4f25eadb5e5f2c
SHA256 ac552379ede4fdc036b7b023710004155f057572a8bee65c72fe2e7a3da29846
SHA512 373c91caea3ae9184423b46ce89aa61cb24b51d00212c82eea3674bb40cd9bd83a233ac1af12bf163c9fb6cb0959f6da7e1711092e920d0e6475f82f3aec6801

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584ee6.TMP

MD5 2d22f861ed2bdd75106754992fd47e1c
SHA1 4d1252daeecf452e97bccac106c5a427d60850c4
SHA256 4c406998b0cb8d0eb2c2bf74fce6cd5b4e0e029c0099c1f3459cc1ed5ae58705
SHA512 80f406bedc3698b55e7474c9b695606dcb1e3dd31e069d0a65d3f1bb734dc7dda82e9101a290467708e44341ed5df9c68d17f44c8c4a3e712aa1263047327ec5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2cc297eafbb5e353e009e105d6140e7c
SHA1 ead8bb9fb2cf99ef4d2e565e46d6a916f0a0830a
SHA256 7475052124737b19ebd7916982797b43249faab5e0a48fac04ed18924ad6b674
SHA512 80223745a849e5f2f8b2abaa100946ecc3c768cd42cc64ada8634d6a5eed46a03116c664a68cf6e1cc7aa6498081ef12694178563a9c55064281dcc92b88bfb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7906919010d56ac150a7c17eb2cee63f
SHA1 2b107ff24884c6b21ad340d7d997c1ee8c6a3a8d
SHA256 00cf876929b57de4d4ef42021b5b4e52d3c2de841d9528d8f5dee74061109bf6
SHA512 005a2f99d3df550a1244aecc339bba33cb3845b1c4627753989fa30cd908e40c47888b2a460604d6d9682a49d2ae3a48a90e2836b65c0ff6628553ddf24a3ba7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\718dde39-f45c-4e05-900f-6960db4bb5a9\index-dir\the-real-index~RFe587172.TMP

MD5 53e233c0f6e3a87f3990900ee43aa4ca
SHA1 bc185928d05aa2880e3c012af229037c513a8014
SHA256 4c619270a0eece89606ad5fa7aa426e7c6d78e960d9cb7da31440f58dc2479f6
SHA512 791f9d2ae2eac2276d74bb587ba4797c48c99a1a94613bd69820e0f87d0a1050bba1e10d9eddc0154fc224cb883cef2fd33201f847df19fb3b3196c0d64f612c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\718dde39-f45c-4e05-900f-6960db4bb5a9\index-dir\the-real-index

MD5 a0ed336bd28feebc4c533d320557b571
SHA1 fcaae9c6f58a492e85b551c63dc0f21be000f243
SHA256 856c262fdf85a0506b64e1f85444886ebf511925ec55f2c4c5be0df7d45e0f8d
SHA512 c7c70a7f08fb93dd9335a54aad9e9196e11b4139456cbbd1daefee4bd5a4819b56cc9227fb5e43095b484f26067c9c24323edb29f561edffbf26f94ec27b8843

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 3a70a31ec7fa1d30a77ff66ac44016ae
SHA1 46eb28368ca71d9b85bd33116516f9f2211b4fef
SHA256 d6e1df696b30148af824efaea19752f04bded0381eaeb0121e9452c532840c1d
SHA512 ef9348aa91956bb8199f6455ae6ece4579971143dfbc20fd9a76c2f9cabc5ca10d80c52e4ea5f2a2dcbe9b3620697f4be6317b107adb11553d55c38f73ab8220

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f1d799b758ab3f365d2ff03436e1183c
SHA1 d654da875cb95b3f6e5e53336346da27397faad1
SHA256 b0c3e8dbefa4f97fde3ee5c62cb33367e339eef7bfbd1c4806c41bca5315dd71
SHA512 65e574cffea060328bce3b45f2c3f1b2d0e2cd39844540c75282ecabf72d75b9cc6f786b7a36638395c59723edd5bc556092befaac108906b245029b88d65362

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e97edf0fb9099de2e0858de0e4753375
SHA1 7f5fc3c9ef0bd0a139cefee9b3bd00b4ab39cf9a
SHA256 1feed1565f77d44cb9147011f03e13177ba8c17c3db2f71c6811bd835b00fc28
SHA512 f2388122560ea90cc7d7b19d2c55d8a0da3a20d15c4ba22750f5b0630f8b574265269ccd48eee983600679b81f2bc80a1de568e5a756ec0f55841671471bc495

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0c736345824d6091a926b300833350b7
SHA1 e3e13fead5b5a6a67e0e375e9a9fff7223dfe79e
SHA256 7beae1acbb01f415ba1f5c642b1a27daae35bcd8dad70a31cae169eb3cabfc9f
SHA512 48748254da00b70bbd1b694b5c1d85f32a8864e3fd8da95c600476558486b04f2d841665ede362cc2e6ed4c191b2b1fd8725af572085812e64bb716781ac4888

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2cd325bc0d0d50f3083c1b21472aa245
SHA1 0b4123e3066d95e2920507f061aad968a21de2c0
SHA256 35c530b8442f1f8d7a9712c9c99f0d2666695571a1618f4e0804cdce671e38e1
SHA512 9526a3740e74707fd4487ff5a7774144087ba3b16ed3b8145d7c042857d4aa6c390b0630fc4a8d816523ef0db9895b0e6c6133ee9ab5bb421540ad9fe761460c