Malware Analysis Report

2025-01-02 04:05

Sample ID 231213-tbsmssehar
Target b4d534630be481bfacd7661909edc509008fcaf3611d162a3e0f18520992f9e4
SHA256 b4d534630be481bfacd7661909edc509008fcaf3611d162a3e0f18520992f9e4
Tags
lumma paypal persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b4d534630be481bfacd7661909edc509008fcaf3611d162a3e0f18520992f9e4

Threat Level: Known bad

The file b4d534630be481bfacd7661909edc509008fcaf3611d162a3e0f18520992f9e4 was found to be: Known bad.

Malicious Activity Summary

lumma paypal persistence phishing stealer

Detect Lumma Stealer payload V4

Lumma Stealer

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Detected potential entity reuse from brand paypal.

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-13 15:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-13 15:53

Reported

2023-12-13 15:55

Platform

win10v2004-20231127-en

Max time kernel

151s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b4d534630be481bfacd7661909edc509008fcaf3611d162a3e0f18520992f9e4.exe"

Signatures

Detect Lumma Stealer payload V4

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\b4d534630be481bfacd7661909edc509008fcaf3611d162a3e0f18520992f9e4.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zY0jZ07.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 408 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\b4d534630be481bfacd7661909edc509008fcaf3611d162a3e0f18520992f9e4.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zY0jZ07.exe
PID 408 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\b4d534630be481bfacd7661909edc509008fcaf3611d162a3e0f18520992f9e4.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zY0jZ07.exe
PID 408 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\b4d534630be481bfacd7661909edc509008fcaf3611d162a3e0f18520992f9e4.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zY0jZ07.exe
PID 4424 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zY0jZ07.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe
PID 4424 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zY0jZ07.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe
PID 4424 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zY0jZ07.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe
PID 4820 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1544 wrote to memory of 224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 264 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 264 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2148 wrote to memory of 640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1276 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1276 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1352 wrote to memory of 3632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1352 wrote to memory of 3632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 684 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 684 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3284 wrote to memory of 3616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3284 wrote to memory of 3616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4820 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4648 wrote to memory of 5740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b4d534630be481bfacd7661909edc509008fcaf3611d162a3e0f18520992f9e4.exe

"C:\Users\Admin\AppData\Local\Temp\b4d534630be481bfacd7661909edc509008fcaf3611d162a3e0f18520992f9e4.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zY0jZ07.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zY0jZ07.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ffdac3146f8,0x7ffdac314708,0x7ffdac314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x80,0x16c,0x7ffdac3146f8,0x7ffdac314708,0x7ffdac314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdac3146f8,0x7ffdac314708,0x7ffdac314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffdac3146f8,0x7ffdac314708,0x7ffdac314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdac3146f8,0x7ffdac314708,0x7ffdac314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdac3146f8,0x7ffdac314708,0x7ffdac314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffdac3146f8,0x7ffdac314708,0x7ffdac314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdac3146f8,0x7ffdac314708,0x7ffdac314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdac3146f8,0x7ffdac314708,0x7ffdac314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdac3146f8,0x7ffdac314708,0x7ffdac314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10593413917649889399,12941644804194326902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14664518148909496444,8932031784854805861,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10593413917649889399,12941644804194326902,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,10923251188026744472,2857558332189053479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,13548476058939859523,16162004957233182797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10923251188026744472,2857558332189053479,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,14664518148909496444,8932031784854805861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,908690186399411520,13041132560033466676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13548476058939859523,16162004957233182797,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,908690186399411520,13041132560033466676,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,12359414464056167272,480614574511714894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,12359414464056167272,480614574511714894,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,1810946226328861851,10141355037032981283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,1810946226328861851,10141355037032981283,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,549476400294223303,15835644635986352753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,549476400294223303,15835644635986352753,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5705031193423749761,15460881339394888319,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,5705031193423749761,15460881339394888319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ox3820.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ox3820.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 8376 -ip 8376

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 608

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7XU7wz52.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7XU7wz52.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 8592 -ip 8592

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 1068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,15542602797844270475,4770007808407225488,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8104 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 18.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 twitter.com udp
BE 64.233.166.84:443 accounts.google.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 2.17.5.46:443 store.steampowered.com tcp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 84.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
IE 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.epicgames.com udp
GB 104.103.202.103:443 steamcommunity.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 3.88.245.197:443 www.epicgames.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 46.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 103.202.103.104.in-addr.arpa udp
GB 142.250.187.238:443 www.youtube.com tcp
BE 64.233.166.84:443 accounts.google.com udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 197.245.88.3.in-addr.arpa udp
US 8.8.8.8:53 26.4.157.108.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.google.com udp
FR 216.58.204.68:443 www.google.com tcp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 soupinterestoe.fun udp
US 104.21.24.252:80 soupinterestoe.fun tcp
US 8.8.8.8:53 dayfarrichjwclik.fun udp
US 172.67.174.181:80 dayfarrichjwclik.fun tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 neighborhoodfeelsa.fun udp
US 8.8.8.8:53 apps.identrust.com udp
US 104.21.87.137:80 neighborhoodfeelsa.fun tcp
GB 96.17.179.184:80 apps.identrust.com tcp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 diagramfiremonkeyowwa.fun udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
US 104.21.18.224:80 diagramfiremonkeyowwa.fun tcp
US 8.8.8.8:53 ratefacilityframw.fun udp
US 188.114.97.2:80 ratefacilityframw.fun tcp
US 8.8.8.8:53 252.24.21.104.in-addr.arpa udp
US 8.8.8.8:53 181.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 220.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 137.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 224.18.21.104.in-addr.arpa udp
US 8.8.8.8:53 22.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 reviveincapablewew.pw udp
US 8.8.8.8:53 cakecoldsplurgrewe.pw udp
US 8.8.8.8:53 opposesicknessopw.pw udp
US 8.8.8.8:53 politefrightenpowoa.pw udp
US 8.8.8.8:53 2.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.x.com udp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 172.64.150.242:443 api.x.com tcp
US 8.8.8.8:53 t.co udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 192.229.220.133:443 video.twimg.com tcp
US 104.244.42.133:443 t.co tcp
US 93.184.220.70:443 pbs.twimg.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 242.150.64.172.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 200.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 52.203.233.59:443 tracking.epicgames.com tcp
DE 18.66.248.115:443 static-assets-prod.unrealengine.com tcp
DE 18.66.248.115:443 static-assets-prod.unrealengine.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 115.248.66.18.in-addr.arpa udp
US 8.8.8.8:53 59.233.203.52.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 fbcdn.net udp
IE 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.200.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
GB 142.250.200.3:443 www.recaptcha.net udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
FR 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 login.steampowered.com udp
GB 104.103.202.103:443 login.steampowered.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.103.202.103:443 api.steampowered.com tcp
DE 18.66.248.115:443 static-assets-prod.unrealengine.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 rr1---sn-5hnekn7s.googlevideo.com udp
NL 74.125.100.38:443 rr1---sn-5hnekn7s.googlevideo.com tcp
NL 74.125.100.38:443 rr1---sn-5hnekn7s.googlevideo.com tcp
NL 74.125.100.38:443 rr1---sn-5hnekn7s.googlevideo.com tcp
NL 74.125.100.38:443 rr1---sn-5hnekn7s.googlevideo.com tcp
NL 74.125.100.38:443 rr1---sn-5hnekn7s.googlevideo.com tcp
NL 74.125.100.38:443 rr1---sn-5hnekn7s.googlevideo.com tcp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 8.8.8.8:53 38.100.125.74.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
FR 216.58.201.110:443 youtube.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zY0jZ07.exe

MD5 ceee55a58af473adfeb2e7681efaff92
SHA1 11eb026650bdb6e253ede46f4e28f4e1bc66f2e0
SHA256 ee694950c46a8df7a483a869bf54d27fd837928ea330561cdf7d3764f17b86bb
SHA512 8b406d5493199605e20121c9b4579d9bb7e2987da8f6bfad4c4829d18bed0f5553b67f82c4622030b58d577fc650eff41717ca94cacf121fc6175460644685c3

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1TS28ec6.exe

MD5 f811fbd9677910f7e06a687a1b4e07dc
SHA1 df064547851731fc9cad516c8cab23bfad16ed53
SHA256 cd7a07d6f2d1eb1a888c0c7ec80d822dc189aa9c3b118ea135d6215b41b9b39a
SHA512 eb643ae5c13f0d37bf011af73d9d857c6ed9128ea4202f9e640eef6a4459dfa9dcf76449b0c4f6f674ed4fd0d125e8466152d358a39e3490245fc581a381ea10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5990c020b2d5158c9e2f12f42d296465
SHA1 dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4
SHA256 2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643
SHA512 9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 208a234643c411e1b919e904ee20115e
SHA1 400b6e6860953f981bfe4716c345b797ed5b2b5b
SHA256 af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458
SHA512 2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

\??\pipe\LOCAL\crashpad_4648_SBEKDKFDFUTSTMXH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\47b606bf-8093-484f-9471-3b7311c31478.tmp

MD5 6c4a1820cf06d98ca087ab6b4743089d
SHA1 e36eb92d705b5df8aa5435d82eb0871d7cc45c99
SHA256 c5e8c351600a036451ea5adb60457c446135faebf9410744d2d6ed0d679340f1
SHA512 824d9601189190d5a4929620ea068f9be282dad17bad005618f703e3af7466e1dffff45b7d480fffbd285a85b6386edca463d9b874e010d0c6d3740eed49f8ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 916e69a5aa1ecb16547e8910f2ff27eb
SHA1 2e8386c86492305790c1573a3aa6f709b1e9b019
SHA256 c813954e4e7c082418f9365efef2c2b0f731ff7a674cc614292197be445f93c9
SHA512 694a55449adec34d70a98381226d38d5bbf13220e56f8a0e9140e6a1f2d91dbc7bf6aac0368927382a1cc1b90d6ea67c2a35c3e280e62b1baadeb0179119a621

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 465c58aad7198b8974612b24f867e2be
SHA1 ec1cd655e5f636a37204a2f002219f59c25a9285
SHA256 2c510a213d392dd7af215594fc4a7d4cd2884787d0e852b226b976fe2da6b78e
SHA512 1f5647bf0efa1210b29a754234e114e2345bb3fc2c50534eec117fadbc47146e12e6df020a1e04be206192c9da0936705f91e6965ddef0538d19251a5bc3ee40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\443ec0ca-c28e-409b-95d8-5d9d0299d38f.tmp

MD5 5494afcf974fdfcc6f03173141bec613
SHA1 5769c8243b66121d205995425ce5f8f714dab86c
SHA256 673e725b03e014420f5dda79df01bcd67b87512510802a1643c8a53d36471bf1
SHA512 b86c1834c6e11dd8517f041ef7743e6f99ad13c4c5b5243056e625ad59935c22401bc6a5ce49df2e0398d9c52c5c16f78aae0d29d4fa46162b502fa15ca2446e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f729e296-40cf-48a7-9f2f-940527ce569e.tmp

MD5 56d756920c58de7de1c9fee65424d7ec
SHA1 6c0a19990fd8cb299917a809e5c1c7fc0c642f15
SHA256 96ac03fb0ddbc879005f006a1cbf2cc0eb839ff4ef468325b44a231214f94a2b
SHA512 ab51289ae9782d7b2da76230c17f5b08f14b4f7cb58c114b15fee5a82e0d8b9727d3ee147a870f9051636c8f279993ed2cd66998cebdbba0fc7790c06e185021

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7b1f12bbe647c0c9bd45c28833a3ffb3
SHA1 b6601c4010c94413cbc5035c2d4994b36cb787e0
SHA256 4e30ca87fadd728cb943ebb193f8912075c201f80602488a89c6a5c8dcf77f52
SHA512 f715354494571f347fb939415acad830734c47e84836daf78f25faa56970d9339657c8a406ef3c78ed40992e0b2bccd646872806c52b08f98519da3782951670

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d35560f864793831b5ffff933c5b720
SHA1 a7e689acf6e96df228600a3dc8adac8015b34711
SHA256 36f4f7b75654d7ff48766d503d41742e47a27b84d3fc4795b94248045cf42892
SHA512 9f1b0de73229709de3e22d8714464337cb60a5547983958b846108b68c4f4065c05424963df6d70d2263cd3802a91285992293bd581b9c23dad09193165480f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e98e2cb1cf5ead28507676a6348b9439
SHA1 0d78797191c3460caf4bc7f65005981f802b9eac
SHA256 ad745a08e332bdd17b3cfcf6f76cc24b1afb079408b8c5bbb6192f71ef377683
SHA512 e5fb1e9b7b0366c367af49c31e8cc33f0465a4660a50c6ab5cc9adde4ddb551b9a7bce8db1e21b48b27578b255a24ddd9d8a4919faf21d5496083d9c46c252ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 97120bd5af1f59ef81531ef01caffb1b
SHA1 15ab7fc66fd7311365f43bdc08fc9ea9238b770e
SHA256 4b87487788b71673ac52fea3ae8f7b380959cfb362aa50b1debbda7828fb66b8
SHA512 8f12903f0fa6fbb8d0032474644b84c2b304268b53013b9729ece1d07356ed2cb0d6adcb81bba969b80fc7e0de361f22d937ef0289f74489eb021475266a764e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1e717f91acdd827305fb7756aa95f772
SHA1 03be8dce4c5b12647917edf6c44492f34ed099e1
SHA256 ab7c17e267627c40d0e3049609893468776502c4329e7037827ec0aa185e0e7c
SHA512 74c30adf3d8363dd333af62c09417032bd10de1baab424de93fa8ae891651e0ad8567204dc73878e3e46cf3c9195d7973a6b624feaaab10759e6d1c6befbdf5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5aee1b8094d82ed374881c5ff8888d87
SHA1 0a0ffde811a796b10b819d67587df7c3db07295a
SHA256 b046eae4093d1a15dbb12d4c717e4bdd2b145422dcd62da38dcf0bb7cab04a16
SHA512 d519b911cac78ff36172adbeb6429cce2f4e891fbd429a261b66131fd2f3e9a202f5d7ed0eed09624d3e0a6ffc32addffd34179b76203892f176ec163d661e32

memory/8592-341-0x00000000008F0000-0x00000000009F0000-memory.dmp

memory/8592-342-0x0000000002660000-0x00000000026DC000-memory.dmp

memory/8592-343-0x0000000000400000-0x0000000000892000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e0f27660dad2f828ccf7cc340a755c24
SHA1 b6047477ee1a9769413ef849b034411617578547
SHA256 698113f29789e4952b8a426da14bec497a63a60d7f5e5e11c808c59f4c0c5b82
SHA512 2a1b80e3a711c1c0d12336249c35ef8d24a85f393c90cc42cc75e294959e74a2da80063291b5ab52bbfd49c408e55e265d6d5b6a47a92afcd1d52b113fb9122f

memory/8592-398-0x0000000000400000-0x0000000000892000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 5a6206a3489650bf4a9c3ce44a428126
SHA1 3137a909ef8b098687ec536c57caa1bacc77224b
SHA256 0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28
SHA512 980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78

memory/8592-404-0x0000000002660000-0x00000000026DC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0e7c6920f1650975d93c7afd0b818f12
SHA1 361bf6fc8edf6fe1169d3a54478543dc4158c090
SHA256 1fda8b59a8b0a4656b2905363c916979e26a1acf5f0d22c54fdd954cc3805ce2
SHA512 e7ae4ac8b553d5ade504d3eda985e90ca335bff6a048c75205a7a2564ee7df454e4363d1bf671939707164f67288f83d56542b63d3987be8ebc58ed75ca1b459

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5d4b0476a0b1f962448e009d41c52a75
SHA1 3a0a59e2fcc1f96cefc5344e0f285579305a933e
SHA256 4dda5356ff27deec7a3cbe3a1a85ca9eb2d57152407410d19a49847a29ecdbb4
SHA512 9f6015da567ed2bd877f3e993b7b1ad4c94b23e0f86c9f87b561511f50fac3719d221b6edc911bcea8aa7f00cd9ef4e6f18b04acc12135185cb33435b73ecf8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589a86.TMP

MD5 2f59426260f984e694fd39fbee073f9e
SHA1 756809ee3e86a9de2914827cc4feeeeaf0b01fcd
SHA256 afb309bb0b89a1b3778a55d8e2acfdad522ad22a5d90ed11e1fe1919ace3c601
SHA512 b1cfaf804b8c6761717ab98ef07530f30f9ac576575e6511398284f6951f6be8233b6d63f78eaa45f637f1b940ffa25e7c5bf4fdd072f91a2875e7e10fd69fd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 909324d9c20060e3e73a7b5ff1f19dd8
SHA1 feea7790740db1e87419c8f5920859ea0234b76b
SHA256 dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278
SHA512 b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 d55250dc737ef207ba326220fff903d1
SHA1 cbdc4af13a2ca8219d5c0b13d2c091a4234347c6
SHA256 d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd
SHA512 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2741eb19d52e0cf85adb9968611029ed
SHA1 f2a8655040616e7c059897de6796ec62a3c6f90e
SHA256 ef2404ab405554651d30c88cad4c59f19f5bfbb96b32d2405ef40dfc8087bb7d
SHA512 1ff17d803c7db39991de68d9579fc3a32840f0a9e0b773c8b1cbab6e253f26fdf944bc5a314220928943bf9dabf9b7ee76af7ec7cc8b95862df0fbc6e031a270

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

MD5 b3ba9decc3bb52ed5cca8158e05928a9
SHA1 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0
SHA256 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4
SHA512 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d7e4d8d24af2fa53cdbe5bdea3680a8f
SHA1 f4f7ed97e2726282b5fcd4e07a98240a840b9021
SHA256 c0563d8c57d9815a2be4b8a8e00181c67666e6a4bc24e469b552b99d07b03d4c
SHA512 70c2bec2a374c7e4bf8d87018591f25b8b2731fc5bd8b2079ad3384d06d45aa5324e80586b7b7de33529f05b5778bfe8c8ba296bda4c952636bb46c98cee509d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 65b2d71e933721ff63b10237ea187c0e
SHA1 288472cffed98a875a1382a258ac6e4e4f17f065
SHA256 362b2eb73de10e9bd1d5a6a869401ad73306a1d0b3cab1dcefd507698a717a98
SHA512 246562ed9769239b1db82720bfdb935a7749cedcf4d95b612144e97471fd672c9fcf8db2623fad964fea67fdd4d554a7d7a8252b31afb556d1f02230eeb2e95e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6074db45b470d59c478aaba75fbaa5b3
SHA1 e0b3e01d8a7dfd975831f4099684e5c63ff863e5
SHA256 c5a326ed1386ec4e1a0f2e898e5dfb60ffbebe86085523981e8af1cfe8bb8819
SHA512 8ec072f6c033f9427dbd5683c90462249a1ae8b049e25d7f0e6fcd3ff2cb752b5a2f8dae0fb3229c6b019aaf586be1fd1e20fa0a75a51200ca822f2e683b2831

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 54108001421cbb3f7bdc8c7072a312da
SHA1 913cdc3fa5fcaaaecade3fae3a3aaf41eb9f75b8
SHA256 836b5648a3a513854ceddf5e60465614bf0287589dfdfc7471a6ec6e6c6ae135
SHA512 a0cb92a7ebf4c69afebe4fff31bdab4468b3888016a92b07b7d311f4ba27fadca1c3e842df218916926096046aebf7b4848c9fab277d360c2b0c1799c181df0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cf0e796482956803146ede12ecf048a4
SHA1 3d5d02963a10665ec3621c671cf17031be32caa9
SHA256 c2c5b3ceaaccd413014928762b2338a6b2d1e053cc9fb4ffbdbc09895366afba
SHA512 0cfd5071952630eba39c81571d0e7a14274d7e6ec80389e1d52b7b68f54dec95aa65bebcafbd03ee63f56cf10ff887ff1fe289da2ffc19fecf84a6b134b5eb45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8a155f820506a5774310216908312a82
SHA1 609a162a6e0d2581363065bb96b6f8a0aac8cad2
SHA256 3ab93928d8bbc7347c08d61b4c6091925492b9154735f2d2c76c6716de87bbef
SHA512 0aaf4d9e1c65f11fa1de027e6b16cb96fc5c5d9827590c4918caaaa2d5b54b4a6cca1a864d22419f00b3087f8b09524f13079518e2cc3e59d7e175d4a9ae0329

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 49e882ed1b68f17ddc229a2cd32b827c
SHA1 0e729ad1a723287bda7a3189dc7c2c364e55ff87
SHA256 aa0fd8458399b3640dca91ae2cd2ca03286f0295c25814bd57947b4148aacb58
SHA512 b9f9ff026c57277228983ec976330be1fe9665a673f143c04defbf51e81d412ddafab4bdee107a4440cdf6d577bc43079dd4dbe3b6212b527dfa65fde10a5274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 75cb803d43fd0948bb81465b0a886277
SHA1 a5e577d124334b76531174f04f3406909dd9b82c
SHA256 8b9f161aa00ccfac7082f94b12b701af2e8bbad172676475513c02b627837d9e
SHA512 fb34a8344f4dc544ac829eecef420334b2344e161e761c3735f2903eb8fb1ff7f126cfc1f4bbb4030eb0d0d8f2aa950da175539e62e2ae72b9a8b489f7120de3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9548c2dfd12aa3ed0cbfd62e43694c0a
SHA1 3608fad8c78cc7dfd8c910f71a3ad8e5d6e82017
SHA256 7d622271267d5a4bfb0d703353dfea50270dc4f1864db0231d3c423036591536
SHA512 fc19c4153915dadf6326554ed3ffa3528508f275e7104741dbb05e89990a9fefa924a1004ecb356d5aa784d7df39a522d33e0a7bb27fb4bd839646b14b24f68f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 38831bd155fbe7fd5f1cc9d02c9f53ad
SHA1 21ce97e75da758ec70a79415426ca62b49ac43e4
SHA256 d6d1c789b3172f53370eac4160b965b4e1c921490103e2bfcd362b69a39ffd6c
SHA512 12a1c62771cd391eb1dc491f622ae030357bc22b4389c263a755cf577618d4e1f8f9ac25e0ea9f62e5f3a712c646d51146e387df0abe84b40b7ccde96b7c1e62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 10baa38b681e1597edb96856523f4e0c
SHA1 26beec171f18c02a326255a372e4078698ad2034
SHA256 6bee5680ec7d547729ddc2209ccfea41c88c293d6628d8f839bd5f63b69d4626
SHA512 0686f46d4c1d10db876528206fe6d3a2d7b9550fada18a85506855dcfde0985cb5c6b9c0dfc0165825e9110a064e464f8803a407ba4c85c7bac7ec0a17b479ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe596596.TMP

MD5 6c0aba87c81a98c176cdaa2f76eb2e20
SHA1 8ba49a1dc006d0371940fd1bdb2669d4a32714b0
SHA256 edbf1164f9edfb0d97847091fa82e2d0f6bab7e6812d2d7d8eca8619071f5b6f
SHA512 b91af4a03c283a7d54ab04bf3b0d785a9674ff2c0baa61a2eac03e4b2b7806e41699e9471ee080271f6c3ed36699d5e4c778c1b22923a74152920c67db0eb5d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 727ecee4a7e07625a2553c431838d2e6
SHA1 c9eb9b9d3821f8ef6ae5974b7de73aeb40cd6bf1
SHA256 f65a4b32ff0359ad2bd19b966502cf6f63e4552e8e0dea707495dae74dc125ea
SHA512 1b25fa35ca3589a5eff7e90a0f53e2c8f5e5d8ea33ea41dea4930980b65ba1ba0d1ad99386cbef261b707c31cf5a9d521c51537f337c4d59c3be8320c0ad05ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d7762c3bb7328333d68b1c2560e5e76d
SHA1 052d1d23a0f09ec891f567cfe736c4c826ba6f94
SHA256 2d9678b86eab9592eba9685ad480d7826b17b4d65528760e88bc9db8cdd1b4fe
SHA512 6d6c8ed2db4848c4ccadfb235a88f3f0b36ffd9750750d45c94c4a92999f0e04cd0494ae7797b51559d084b4e46d64c6eade86aa802142140e3c4d904e3da4f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5d8f4dd8ced8bcce1e3ff6de2595235b
SHA1 3067aabdc75a5287c7312bcc7d62e8e78deeaa5d
SHA256 ff66193e6edba07a657f3609aef324c0eb6ae0e2e22c02698c7d641b0709ca57
SHA512 3e81032f0fc829de074a2238de579040d30012f15e965856a791838d4c83eac1c9b59d042fe964930d323d975ebdf495a47516a66d1af714deb45510cff9ff60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 73e06714ffc29166163f64b95a1e08c9
SHA1 ffebbbe381864398b5489ca55e9af7c9d769d00e
SHA256 85a13bbc0f4e8b871a2dec9957823c0338e16938116da9dc6ab7521c8d58218b
SHA512 a21c714c86205730ad6bcdd295b9bb2ca39f306bd2b3fc1208d4642814350518f791dbeb68afc52ca08a22e3130af0edbbbafc778716824757f041aa87c962b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 8ccfab4fbe91fdc9c733ad7bb64f27df
SHA1 8a02e89b9ef4b0b5ab09bb413775c6cfdd231640
SHA256 7d794b95c0e54759ae25a33fc798cab10b1c8b23c4ab8b5e224b445f9a106077
SHA512 6a36ae2baaf0a8d8f9c3ba865e00f458253a47c9dc9ac62fed70e1955dcacd80fa26d8e2cc63aacc0c0e5aad29439fdbd2a84807b40c032b80ca1b584feb7f35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\d0156b99-01eb-41c8-a19e-fab92b3078a7\index-dir\the-real-index~RFe59e286.TMP

MD5 55dee548040fa315851b76293ffd0a68
SHA1 62cb0e2bb92a8f6beab8579aab27739844244c04
SHA256 64a45fe508af3865bc0080ead3bc6e8b37a9750862e418e3d76959e4cb8bfc3b
SHA512 12af4ad20bd5370bb699f7a21a34059f9463a82971db846a1f9432832897ce0e3847e5f95cd0a9aa038a03afbf571b1e28036cd37529d21495b943c22efac189

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\d0156b99-01eb-41c8-a19e-fab92b3078a7\index-dir\the-real-index

MD5 0e77349784431ca6bddb4ba8b87545be
SHA1 1347b1bae79680028da697f30768483fc62e8a6a
SHA256 fcdfa05a9ef75fdaa479f8f5b8742b18a307a2177eac67ffa7298db5abe0f8d8
SHA512 e4d990c0f0ffa8e0b1063b30dd9d6719b22a781a7681822454213764d202a6b0670c48e43d6cfb45412f6064da4b3767dc71cd27d9d6dcb004fa5aba8b2030ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 cbd32420a4d9ef9b12a184295b8f3c4a
SHA1 751c37c7b0435312180a2da09b28db5c2afa75d2
SHA256 62f939933613ef9fe1a5314ee0011aa8c91d4ea6c4eeeeb18613b0a5e47aeec9
SHA512 7b6efa6f9d14109b586368937b332172370ee585410e0e81ed26ec21835fba339137d75e9f4b465fecd5d0dda94e68b54f7a45224ef053a033a6eb07b86c7062

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0987ccda86d944af6be20f3f6a19a3a0
SHA1 72bca7cee3fe00d68575e60fc2c1f1f6e9a1490a
SHA256 b72396a211a46801b1708e28602ac41954ddab5803e916701eb3ad44797120fb
SHA512 9cb1cfce2772ccf966060226542817089d4581cbc4c92e80504f553a7809a66ae7b2848806b534b9b6f63d8bf77195affed9811e495e16a8e4d5c740f58e0148

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 cdfd048418da66cf70c1d4047a21307a
SHA1 adaeae5584647af88e36e68f6886d2d70242bd9c
SHA256 6981aac22fcebe724ed4b3965209d9874066abe373afeb8c026524290ecc747c
SHA512 0bb5fe69b75cdf0e92cd030a799438e42da33eb1b6dec3f812581fbf9ccb2ef4d9a60f829d067391553459ebcee9c9a801ffb9fc3fcf62956237cecb70aadf88