Analysis Overview
SHA256
1e77d4bacf57b3dd13454fb60957eb737e7faf03db338e7a1d3f826f3b43d90a
Threat Level: Known bad
The file 1e77d4bacf57b3dd13454fb60957eb737e7faf03db338e7a1d3f826f3b43d90a was found to be: Known bad.
Malicious Activity Summary
PrivateLoader
RisePro
Lumma Stealer
Detect Lumma Stealer payload V4
Drops startup file
Reads user/profile data of web browsers
Reads user/profile data of local email clients
Executes dropped EXE
Adds Run key to start application
Looks up external IP address via web service
Checks installed software on the system
Accesses Microsoft Outlook profiles
Detected potential entity reuse from brand paypal.
AutoIT Executable
Unsigned PE
Enumerates physical storage devices
Program crash
Enumerates system info in registry
outlook_win_path
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
Checks processor information in registry
outlook_office_path
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-13 18:21
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-13 18:21
Reported
2023-12-13 18:23
Platform
win10v2004-20231127-en
Max time kernel
150s
Max time network
156s
Command Line
Signatures
Detect Lumma Stealer payload V4
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
PrivateLoader
RisePro
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZS8979.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kx3lr37.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ci32bJ4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZS8979.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7rh8Yy35.exe | N/A |
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZS8979.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZS8979.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZS8979.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\1e77d4bacf57b3dd13454fb60957eb737e7faf03db338e7a1d3f826f3b43d90a.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kx3lr37.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZS8979.exe | N/A |
Checks installed software on the system
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZS8979.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7rh8Yy35.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZS8979.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZS8979.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZS8979.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZS8979.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\1e77d4bacf57b3dd13454fb60957eb737e7faf03db338e7a1d3f826f3b43d90a.exe
"C:\Users\Admin\AppData\Local\Temp\1e77d4bacf57b3dd13454fb60957eb737e7faf03db338e7a1d3f826f3b43d90a.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kx3lr37.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kx3lr37.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ci32bJ4.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ci32bJ4.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffa98d746f8,0x7ffa98d74708,0x7ffa98d74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x140,0x16c,0x7ffa98d746f8,0x7ffa98d74708,0x7ffa98d74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa98d746f8,0x7ffa98d74708,0x7ffa98d74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa98d746f8,0x7ffa98d74708,0x7ffa98d74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x104,0x7ffa98d746f8,0x7ffa98d74708,0x7ffa98d74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa98d746f8,0x7ffa98d74708,0x7ffa98d74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa98d746f8,0x7ffa98d74708,0x7ffa98d74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa98d746f8,0x7ffa98d74708,0x7ffa98d74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x140,0x16c,0x7ffa98d746f8,0x7ffa98d74708,0x7ffa98d74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,1694441844273056527,5172337635805715761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7669463887090416854,13219825747138759936,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,7420020774832259867,8886131226915896378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,7420020774832259867,8886131226915896378,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,1694441844273056527,5172337635805715761,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,7669463887090416854,13219825747138759936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa98d746f8,0x7ffa98d74708,0x7ffa98d74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,354367450367577026,17050008058443120736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,354367450367577026,17050008058443120736,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3223025208675655739,2074159642515790532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3223025208675655739,2074159642515790532,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZS8979.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZS8979.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,13181025286639134633,1628636119637842314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,8816284244903399312,15613875197641059247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 6640 -ip 6640
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 1708
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7rh8Yy35.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7rh8Yy35.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5904 -ip 5904
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 1100
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8100 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16783510675984702336,3634224301486634631,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 193.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 2.17.5.46:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| GB | 23.214.154.77:443 | steamcommunity.com | tcp |
| US | 184.73.65.24:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| US | 193.233.132.51:50500 | tcp | |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.154.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.65.73.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 3.231.98.65:443 | tracking.epicgames.com | tcp |
| GB | 13.224.81.67:443 | static-assets-prod.unrealengine.com | tcp |
| GB | 13.224.81.67:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 216.58.204.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.231.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 104.18.37.14:443 | api.x.com | tcp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 93.184.220.70:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | facebook.com | udp |
| IE | 163.70.147.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | 2.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.37.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | soupinterestoe.fun | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 104.244.42.133:443 | t.co | tcp |
| US | 68.232.34.217:443 | video.twimg.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 172.67.221.65:80 | soupinterestoe.fun | tcp |
| IE | 163.70.147.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | 133.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.221.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dayfarrichjwclik.fun | udp |
| US | 104.21.80.57:80 | dayfarrichjwclik.fun | tcp |
| US | 8.8.8.8:53 | neighborhoodfeelsa.fun | udp |
| US | 172.67.143.130:80 | neighborhoodfeelsa.fun | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | diagramfiremonkeyowwa.fun | udp |
| US | 172.67.183.217:80 | diagramfiremonkeyowwa.fun | tcp |
| US | 8.8.8.8:53 | ratefacilityframw.fun | udp |
| US | 172.67.161.55:80 | ratefacilityframw.fun | tcp |
| US | 8.8.8.8:53 | reviveincapablewew.pw | udp |
| US | 8.8.8.8:53 | cakecoldsplurgrewe.pw | udp |
| US | 8.8.8.8:53 | opposesicknessopw.pw | udp |
| US | 8.8.8.8:53 | politefrightenpowoa.pw | udp |
| US | 8.8.8.8:53 | 57.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.143.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.161.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| FR | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| GB | 23.214.154.77:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 23.214.154.77:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| GB | 13.224.81.67:443 | static-assets-prod.unrealengine.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 120.146.64.172.in-addr.arpa | udp |
| US | 35.186.247.156:443 | sentry.io | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.218.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 90.218.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.178.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 188.178.17.96.in-addr.arpa | udp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kx3lr37.exe
| MD5 | 25ddc4e8058393c7c22cf2827da56730 |
| SHA1 | f88e1ce1d1379b77960dc654b8c79290beda5297 |
| SHA256 | bdf757f9bd6d3d1b066ffb180bc457a34c919485e123725506b3ff2105b844db |
| SHA512 | 0eabb0623608aad8aa2d5c56038d070a2c9a67fde26e403a5a2d2b94bdb9b46e7753ab79b77738c4fe06d62648f23dac3d4a997770ab400982588bb87888179a |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ci32bJ4.exe
| MD5 | bf0668251a3d8f7d95f7e16f07580779 |
| SHA1 | 4de7bcb1da3db0868821094cb8d2f4cd69675071 |
| SHA256 | 19a36442d209af7ce745e7ccb825a549344611d7e1d3b6e0a92a9079879bba25 |
| SHA512 | d8bdd0caf8de736dbf8f11a61785f3bb9cf1322e54aa6b2647e122e431669f969a2ece0f84acfcf0967c67c4093a51dbd1e2ec0bdc67b7c9984133dab16c08c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 38c73375cadbfed84fc3b8973f3bb346 |
| SHA1 | 0bc038a4cb1075be034fa7a7e3221b228cea9df1 |
| SHA256 | dbb92682ded8ca0718490b2cae6caf28ce3c4799bee40c4df40f06a7fa02b158 |
| SHA512 | 236713a89124755326876489f3c2163d74e9270f3a5b69a7303450ddc929ae35eae22754967968e3cd45c7436c57e8d4ba9ea10124333cf24725e122f361752d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a556bb6f129e6bd2dcfb5e29b7483f3c |
| SHA1 | 54f04d95d772d4837334739544f6871c10f24110 |
| SHA256 | c88e30f34c1dd579de34700a10a25c92e55f09b47be34ef7742a01aea47f222c |
| SHA512 | 405908519a2b51c42c380ebb160557fb551bbec0c015c7a6fa61acc01eaa32a6ae20895aeaa1879a4aea3b0cc6ec1754d30610a3e343105a0ea4350156a6fb2d |
\??\pipe\LOCAL\crashpad_2536_ANGVWAVZBXKNOCXT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0db604f1654e5b3f67322896987b5d0e |
| SHA1 | 4d95d3fa55c636f3622ef5af4a5d2651a3427fea |
| SHA256 | 54bd07b88834b5a60002914dfd75a372a07c1bd2535802aa758fceca2c007415 |
| SHA512 | 309dc5d6557d36ed885b8da36623135acfc019a38fae882a4b831e3ecb14d35b530b6a7557b68a09403254d787d8cc0c88352dc04d2c74702a5d6a2310a89090 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dfe115287d739693356994ccd3f85636 |
| SHA1 | 98fe6998f94e11d8dd0038cd85a09f02cce71663 |
| SHA256 | a2572b9bf2a1b8712cbc1655d6e4dcf1d65173fd0cf91dfe602d38af4151accd |
| SHA512 | 5d21bcd50152e46e6a1ec7455fd5843929b2af8c620bb0570960b88dc80499ee47a2f43ed8af5435993cd2bc3b800cdc13adc8c0f38810cbb6c83d4b4d813cdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f108c9a5b40b97e5c2f73303229a657b |
| SHA1 | f9dd9111c6e1b700f55c596e1cbd06fc8cc0ede8 |
| SHA256 | cc709db05b2d8daf7f7b35b04cce0114d587e85590c7feca24da52d85550cbee |
| SHA512 | 64d509dd0ad7ebe40c9bfcf0cae2552272cf11c31c654fdb1451d3aa36c398fc8c952e95afef7c2ef563137ed5c9a67d9158cb6d08d4f54e3659f1f6f8888cc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5e8e5146162cacc046cc61a0ac14e27f |
| SHA1 | 5fd253885c0c723bff0b8f719f76ac92da76467f |
| SHA256 | 8aafb159e2de1f61ce545731f463afab953bb6dd558d662ccc9d1307c1b3e736 |
| SHA512 | d326464b916235113a0ceb5493589adb311592d47c6e79e894bdfb96cdcb69a5fca2be4502c42d18fb43afa1c4180dd7f95a8b68663700f5c521e4a5c7518f0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7d0188bc73cce83fc91e7aa6295c3c3d |
| SHA1 | 9f9bee426027b38ca9bcc1ac04c045152783c7e8 |
| SHA256 | 08f6990acd86f00a509b16aeca95ce78ae3faa201b30931e429910d811ad7a44 |
| SHA512 | ed7701c9f84e68240218190ae8c09ae5a09e7f67335f37c017e869238ef2acdfd05af79ebb769e3ec2f28709d13014ce8d7596b65b29f7efebdd4cafc9db6fe1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fad4e9c8cd213aa730ff5c1b67075c0c |
| SHA1 | 99e761f3dcb82908ded675d4d0bec04b69a6005a |
| SHA256 | 66039d4fcc45351cdff76047eef33ddce31f61f5cafd7db610873da362dad21d |
| SHA512 | 68dfc44e066fcf276256afc667ab94977320676d5047ebff39c0ea14b9e81090307bc93fc8dcea15dec6ff49f1e994ce5a1d04a020b9fd8bdd079c35f8969764 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2ZS8979.exe
| MD5 | 263b4ab4871353d249b4283395ce496a |
| SHA1 | bb657977d679429afda682f18fc49b6c462f7d58 |
| SHA256 | e33e4baae052dc5e4860e3114d287417b6152de9417ab885c6ce2baad9e6f5b7 |
| SHA512 | 472f32e9dd13e67fcd68ff04fcb0f8fe68ab52a5c6484571a7f10c6b75266b4611d041c1bfd827822463879e40986c597ee3544ee124504d49cfb16ac871b264 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a6a52f6bb77a863f57c5cf3e4d1fec3f |
| SHA1 | 49f5230396e3d40237b8c3cdc08135da28184ee0 |
| SHA256 | e1a50e95758e8d49b671063d0343d1a087df840dc54f531429170af670a1304f |
| SHA512 | a89942d280dbed2ea5a6c5678fe26d4a500e5195e8cc96feea33309a39c6ff726dc30afc8df6449fab0fc5bc38afce930074dc77b6dd79af71c1c97620afeb9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | db508611a71b90a2f3143a8bece814ad |
| SHA1 | a64f395eab31550afc4a539a0a912c8f0b3cabc6 |
| SHA256 | 870d36712f270f8f159b04eb30f1c1c13eb3cbea17bc5828385bb9051e64466b |
| SHA512 | 9e81b108dc40a4976776e2d76707f3357cae23fdb653e6a94c06ed2372f2848257b4d034e311f6e61a6a449de0cfd7be730ab1dc110fec233ced623bf5fda045 |
C:\Users\Admin\AppData\Local\Temp\posterBox8DdXeZmIdgIMT\QdX9ITDLyCRBWeb Data
| MD5 | f95c760025244cab62eaa0107d13cda0 |
| SHA1 | cb6c7db612bb41ed7c393b93c83a8509ae70ddbc |
| SHA256 | 5ba2aa1a173c7e7ebcc7f4b1f65469db5a9ce1121c29057344019016cd5fc636 |
| SHA512 | ea4b89f4d1c8ea76e253a8ac8fd0f7cd1956ef68f75b63c0cd6c451e96b95aa14e0dab29f9dc38c3da4940e36f81865b6911fd0ac2bbbc7bc798827ca031a7dd |
C:\Users\Admin\AppData\Local\Temp\posterBox8DdXeZmIdgIMT\ZunTSaNJLBVfWeb Data
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Temp\grandUIA8DdXeZmIdgIMT\information.txt
| MD5 | 6cbd110baac64ca81334ffe52a46427e |
| SHA1 | 875a2633b2fa2325c34e19136b496d9c023e1b8a |
| SHA256 | 260bd5226dbe0e240f82a6e070faf3f8b214238e36b85b616f0fbc757f594c33 |
| SHA512 | 0dbcec5552f70400c5557f97249fe6bd70b131415f08ad72a7cbd7ddeb882fdce5b51a78cf30f56d038b4c9fb118a1901d8e75f70da70f00276e64bef89032b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 837cdecb99510dfba3e4fe081f5198a5 |
| SHA1 | f69a8ebe68c4e730ebcb60988d0a3b68454914aa |
| SHA256 | 118c92cd90a78d66589b7214549e629ba706f60965aeac436095e9ee436cee7c |
| SHA512 | 8e3a48f1d05be62f0b0f88a7fea0a53a82460b3476b757678eb94204e173ac93416f6e8662402cb163dd9f085853cd2fa36d6b4f1bdcafe342ee778c375b72f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 6dfb28a6390f63171f06e77ea2e7465a |
| SHA1 | 415dbb91566f810a83c3c6efa2e4dd2c4084c276 |
| SHA256 | 3cfe4ed506d1ee431d75dfab4e2f1ada2fd30e8d7664061d9fd706b3ed9c4b98 |
| SHA512 | 333b19faaa15c61ee44793bb4c2222663070ebf6463fb85115f561bba0abff09ab8a88f5dcad8f31ccc496b42930d137c865515c78ecb0a0adf994d64354ba56 |
memory/5904-485-0x0000000000B60000-0x0000000000C60000-memory.dmp
memory/5904-486-0x0000000002650000-0x00000000026CC000-memory.dmp
memory/5904-487-0x0000000000400000-0x0000000000892000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2f1a5b6744833db3f6b3111865956afc |
| SHA1 | b48d083805d76166457e1048386b4003790525c6 |
| SHA256 | f3842f45647821e88c902e90a80237b65a7d7a44d9883a994eeffd1618816226 |
| SHA512 | 76561052001a0d1d64f019e85dde6f278a6de769cd5e41795b6899a724cd0a966fd92112f85503a5f6e26db78fb6fe27c3ba4c8944893a0d170bfec779eaad8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | aa3db81e5ed16930c40f0a83dd947008 |
| SHA1 | 594657b7812f4eb6b515b885f6004c366f38d1cf |
| SHA256 | becaf8dcc2fd6c3fade9787edc3848cc901fd0690a4b9e1dd29ca24e1449bd71 |
| SHA512 | faef7417672e0919285c95e480226b82d7272a5057ed8342557bd995631d5332f497b82ffd1f5577d37e8972ef4b30c6441974b2197df1dc19bb1a4cf907e4c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 909324d9c20060e3e73a7b5ff1f19dd8 |
| SHA1 | feea7790740db1e87419c8f5920859ea0234b76b |
| SHA256 | dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278 |
| SHA512 | b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | d55250dc737ef207ba326220fff903d1 |
| SHA1 | cbdc4af13a2ca8219d5c0b13d2c091a4234347c6 |
| SHA256 | d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd |
| SHA512 | 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39 |
memory/5904-583-0x0000000000400000-0x0000000000892000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | b3ba9decc3bb52ed5cca8158e05928a9 |
| SHA1 | 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0 |
| SHA256 | 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4 |
| SHA512 | 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 991afe34c3e284675d85591316753962 |
| SHA1 | 2c8fb828985cf6f4f40f948c048e38e1b9a20738 |
| SHA256 | 9f326af485f12370574de20af3529f86e946b066ab691f8ce640437cc922ad24 |
| SHA512 | 8fd99da66a7f8509410c1b2322ae29472469189829c962cbdd535f5402b842615fd4b67813583ee5dadeccb071405db7cff1a600c4fd33d045983b23a6fb6cb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e5dc.TMP
| MD5 | ec660fc437f9099fb271a9d4e32cdbba |
| SHA1 | 9c7ceee927682af4c5d9ce9c75c1aa91546bfb98 |
| SHA256 | bf1e15a8cde8148baec85dd3ffe5f70240e57c3b3ddc31f09086270ac01eb191 |
| SHA512 | 8176b3ba188c65d0c0186306f6e688dc1d3fb37671e11c8aa863bf7a62bc1a2ce5d277ab3967b905f0a0921270ef9e4a1a635637967fc7a6732794ad99a52aa7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 33d3a0417791438b19f7814d823394ca |
| SHA1 | 469ee2438d4b59eae58ab2f08bf29b48bbf65be8 |
| SHA256 | 966fa089d36b81cfb03d7d9b657dd735d1c2b6b3321ce539f96cd1cda4fd2de0 |
| SHA512 | e0fd93b5b3a330b0c10701c4621229445617f56739876db64e5e5418a49e9d2e312b95158ac25c9d796c4308febefa9a8c5ce4cc739ebb11abc3c367c627b1b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 93ef3347b56092387ef31ccb88fa855c |
| SHA1 | 6e6982fba310dd9b5ab64607037d0342a94eeae7 |
| SHA256 | ba814719d6d5fbf7c907eb964146805ef73c0409a7173766724fb40e2870b348 |
| SHA512 | c2dbf9d94624c3ac935837445116f4e242830cabcbf634689e4838916619a8be53adedc33d7e9da5ca72ef3c20807999224620660a18bea94772c660b3124461 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b72cae1fa232167bf3a4bf0cc87a9749 |
| SHA1 | 1a24d57dc4ffc8e40ee1976752338ed9ed083062 |
| SHA256 | 52be36b666058c691462834758f2f207a45878043c8d83bf1a4e45bf9e6883a6 |
| SHA512 | 3205364e4991bdbbc0120e66e093e80fa517ee87a21c35efe68de3aa389973ec9b3922b47f65ae006e27cc66597820ab6cf4bb25816511748cad75d1faae4575 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 39a06760145e28a2013fb466bb3ca2e7 |
| SHA1 | 99258e7cbffaaf75aa19af73fe66642649f13914 |
| SHA256 | de9badce462907156d9b96b9e97d8e1c0d6363e7a112aa595edd701877cb2d28 |
| SHA512 | 2004f293db375f9e27789ea6bf12f69d2a91f205d313d6fd30c263978e780fa4b698eebf0858b20edeea8af865a7cc8b388dabbf945720b580966e874f40a47a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 4ef51f346cdd7050747df3a33c61d344 |
| SHA1 | 4142eaccd9e8e376642deeee12146f8e5a257e77 |
| SHA256 | 4a19595dadbb9016c3584f47e1a6187d7a132deec3f467a8590079f044298075 |
| SHA512 | 1bba8555cc50a1840e753db328b9e72bc65e5a574f2bb099a4859f4a31fc69be44a2c25f79c9745c9096d901a720090ff80ab091e4d807c6387d0f79566c6556 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 524cd8025c27282e31b5d21894131f46 |
| SHA1 | ff198518179610d4fa989765b421e4fd11238aed |
| SHA256 | 1385075a9079e0aa9b7750a994e84d562c9629aea8ce0a7267056ea32af1246f |
| SHA512 | 53655b87f10f0378e2a248963f6d705211ee00ab9ba6d2a401f0c35b4770e9e08eadd8018e2db65f281294fa083bec4e82fc5aa6a3cb3195aeffb2baa4c60979 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 16086097a65f156b8fed53250ca3dfe4 |
| SHA1 | 28cdab046acb13e6f54680e819a4e912998818bd |
| SHA256 | 18a3b56a9b1a7e9e11a75e0541243a6b1e42fbeb35036fd3c39f2fbc74d4112e |
| SHA512 | 3d350649e64a415b0d7a376e61f8c441147b1fb54a73e097f2f002bf80c818755290f1024570af053331eca1cf6a91be4e1fd3d30b5250b794d0d96a6fa9f0c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fdefb268de92f938efe1cb97ab309c9e |
| SHA1 | 3cbd7c5bad1ab85b87a9bc3c4d9fb4736119740f |
| SHA256 | d60474fccfc3c820a2834f71981392bf870bad86855c825ea0333ec267f605bc |
| SHA512 | 68aa27efe30dc104abe452bc257dc8009e039754a84ba4b20af5dc4bd29cc875bea6610c4740f8f9c7f0a03735ed9caabed33567e8dc5b956f220ee82e5c62fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4ed1837f9297fcc6aea857dae8afd4f7 |
| SHA1 | 2ef00e3ca0a39d39aa98167c2a224b78b3895e50 |
| SHA256 | e344c381e4f0645ac4059e6c261afad75a9eaa41938b761669b7e3c5d928a403 |
| SHA512 | de656c7817e49df762941ff6033ab66bb14b1b72a7fc37cd157efe668bcc9e422c58f80aaa8fdfa6aebc4261a4e45bbe2f4952986e58e622cf88e20f23079451 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58505d.TMP
| MD5 | 6124bafe51386a1037b48351ced378e4 |
| SHA1 | 283be1b23e0ef10df145a04a12c3850275dd16c1 |
| SHA256 | 7884d55646d874790a6b3509a8358dab5abdc2cbefe07b4b1360abc1d3a6cf4a |
| SHA512 | 6895e86b9b2cff71961d40e540d33ef712969431d9729f52f7c4a23196e57f5989b93d330d9d1cc7d62a87b32b5a4bde7eae13b154448fb3ff318bd17cc8935a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 806e34ad062c9e9b77cbdab5a905f82a |
| SHA1 | 096f147b74d89ad55c7904edc9dac50ccf20a91d |
| SHA256 | 147b8ee7c596e72990fcde5b0d998c4d63536874fc7b7a0f94b1ea2397309d98 |
| SHA512 | 8650cb6d455a8096bec7159faca0be858727facdb9050c3fcc7cdd1abe6caf6d1d8e3f0040cf883976f616b551dd134b1b84e85a949dc1fa58d604bca2ce8cdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eedd3cd0c7e2145afc7a6e6ea8f83b92 |
| SHA1 | e4b48c8620e4910ca6d3d91b3e58bca262869086 |
| SHA256 | 6ce355d212ea2eb5fdaa69a9755ac1e267219c05808287def29cee0e247d1dce |
| SHA512 | 538316cc7e4e9734e78eb3601c0897391e7f8f668da8ae438aa7b26d47ba5f3e30f6cc133edd150ce98842da72c6f0b031e654dc8226005d2175d5f84473041e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\48e45b2f-60c2-4d1e-b651-2a32f5ea39fb\index-dir\the-real-index~RFe5881cd.TMP
| MD5 | a7eb95cb5b92746f4c5c0a894a0e2bd0 |
| SHA1 | 0e5a1bc0e9f789fc1a8a8ec000015646d7d992fb |
| SHA256 | 7cffd2f32fe082bcad39923ab81586dd812aa7ed9fa03ff5862ac1c69c388b8a |
| SHA512 | 906aa1e63f0c545e0a064c7c0fbda8d359abaf33ecead2dace8be701c576c850b74b1965ac3029f1eb2d79b04fc9c09d59c0dfb3253882536a1967f3fc2149eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\48e45b2f-60c2-4d1e-b651-2a32f5ea39fb\index-dir\the-real-index
| MD5 | cf28d0bec646b60b2a4677d51af77683 |
| SHA1 | e08452a430358858efa5e316e06dc26f80ffd98b |
| SHA256 | cf3a3e063895250dc6d6f1e1bc1f5cad38d29ad8d98c252a3abd07f03ff138c4 |
| SHA512 | e712e5f5352eb6bedaf77f6444cf243c094064016fa9f34ff4e52cfa20ff8363bd6ff88455dbeb1c98c6130fa9e1c82d4f85cc533c9d2abe80f62e9d9c028c80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt.tmp
| MD5 | 7088629f3f1aec6c281ea9eab4cabc4c |
| SHA1 | 05ceb8958c2a27e3e73b29e665d496abefff62fe |
| SHA256 | cd7c547dbcad394bf0e5c823a0bad32637c40f4822988310b344ca2963be8f4d |
| SHA512 | 9a412d1cd285cc87a7d5989851915db0e2f9cf0b0091442a8ab24f825a5ea25901528ea1574225e65860f5fb10c95e23bbbaf9c9524f15ad688f63f118532b11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8729e9badf713ef1765f14968a4101d2 |
| SHA1 | ebe53ceba33a6f5592aa70d97dfbbe7011875579 |
| SHA256 | 80d0b9baba45ace5bd8445a90fa6dd2ec4748f555f9754fc8100aed6ef8ea231 |
| SHA512 | 302b9f8626a876c1c653212b747fe442cdd8d19ff6c25b5b9dca6fa3a6b5def16f12320878052004fdd84c0646d5e00818fffec16331e51a13998f586cfc988d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 83788d32400248c2a1f64fcfbef53dbe |
| SHA1 | e79dee66aff2ff06786c25524ad21b755cd1086a |
| SHA256 | f148ce679f1aae1f907bfee5546b8525b45f7f0fe117c552e2638faba74ca8cf |
| SHA512 | 1fcda6fb9a2dcbf4bfbb6e8351ccdd8b15da8b9c6532ee9007b9b2d9f850646dcfe05b9cb04e85c9181dc0983c96854136766627c2899eeef6447caa6b09bfb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 762ce4dd649031185e73b0254034769c |
| SHA1 | 4279976d41bb3eee6d757ec66ec845d9991e3e38 |
| SHA256 | 92e248a16b441685fe307b0ceef6c2c7fd2f4c9d96c42bf265bc1e2d713d24a7 |
| SHA512 | f3b86690f208d38c57d6aafe53693a86792444591eca14a75f1f50e499d100e30d7546a13e86fb2170929acf1d3f578d4a02a72b7ccaf15ebe58a8889875dee1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0106f2ac77e82dc78c654afa91a11145 |
| SHA1 | e130736f8af0a1e8f5333d8d50561b439bf7e539 |
| SHA256 | 936e891af07a47182177f7224fcf74b7634014532608555481227da26f4e8460 |
| SHA512 | dad7f4b7d91d29dc2d1ad00a35dfb37b30dffa460f346ec7000658a220f90da1f00a5e4e4c16d8823391d9a5dd805d4ca2bdbae14fc4b7ea7d28e9ff1c82aa9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 05bc9e9c5ff9ef7ee1596d45c1ff53ff |
| SHA1 | 6d8b47a8017ada67e4c83e9b4490db2312dac37c |
| SHA256 | 54ea8bd866f63ef7f30b2c09bcc661d68cbf27db98fb2ba7fa160bea078feaa3 |
| SHA512 | c28f6ef7c49f9f0cabe5f92d7d75767884ae40d14735fd16048f23c2a95b44e0f5af3bf2c3f433ead1fd4dceaea3c17c5ce9fd4d0bcf12e225133111dac2ee87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 06f53408985bd7c484f89368f94b0eb4 |
| SHA1 | a66d579644939f3a9cfdd269d0bef3b92b76506e |
| SHA256 | ac6e97493da8c451644ccc27a20d5696caa392c9f80c637c838f49e262a64a71 |
| SHA512 | 8a33cfff744cd575e85f777e37de3390b8f8167076008eb00470e8f3f93ef659d8ee57ec947f5d98ca2b6478d620568d2b611520554464ff4575a1dfbe30fc70 |