Malware Analysis Report

2025-01-02 04:14

Sample ID 231214-a3m2vabhe2
Target df95e2c623a01730399b50ba79ccae2d7454e79f2866d822fdfc15280184b0cc
SHA256 df95e2c623a01730399b50ba79ccae2d7454e79f2866d822fdfc15280184b0cc
Tags
paypal persistence phishing
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

df95e2c623a01730399b50ba79ccae2d7454e79f2866d822fdfc15280184b0cc

Threat Level: Shows suspicious behavior

The file df95e2c623a01730399b50ba79ccae2d7454e79f2866d822fdfc15280184b0cc was found to be: Shows suspicious behavior.

Malicious Activity Summary

paypal persistence phishing

Executes dropped EXE

Adds Run key to start application

Detected potential entity reuse from brand paypal.

AutoIT Executable

Enumerates physical storage devices

Unsigned PE

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-14 00:44

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-14 00:44

Reported

2023-12-14 00:47

Platform

win10v2004-20231127-en

Max time kernel

151s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\df95e2c623a01730399b50ba79ccae2d7454e79f2866d822fdfc15280184b0cc.exe"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\df95e2c623a01730399b50ba79ccae2d7454e79f2866d822fdfc15280184b0cc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Kq7hG08.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ff2555.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4484 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\df95e2c623a01730399b50ba79ccae2d7454e79f2866d822fdfc15280184b0cc.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Kq7hG08.exe
PID 4484 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\df95e2c623a01730399b50ba79ccae2d7454e79f2866d822fdfc15280184b0cc.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Kq7hG08.exe
PID 4484 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\df95e2c623a01730399b50ba79ccae2d7454e79f2866d822fdfc15280184b0cc.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Kq7hG08.exe
PID 4672 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Kq7hG08.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe
PID 4672 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Kq7hG08.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe
PID 4672 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Kq7hG08.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe
PID 1972 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 5044 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 5044 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5044 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5044 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 772 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 772 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 3820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 3820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 3420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 3420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1972 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5000 wrote to memory of 2096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5000 wrote to memory of 2096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4672 wrote to memory of 5288 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Kq7hG08.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ff2555.exe
PID 4672 wrote to memory of 5288 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Kq7hG08.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ff2555.exe
PID 4672 wrote to memory of 5288 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Kq7hG08.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ff2555.exe
PID 4880 wrote to memory of 4292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\df95e2c623a01730399b50ba79ccae2d7454e79f2866d822fdfc15280184b0cc.exe

"C:\Users\Admin\AppData\Local\Temp\df95e2c623a01730399b50ba79ccae2d7454e79f2866d822fdfc15280184b0cc.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Kq7hG08.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Kq7hG08.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff9c7f46f8,0x7fff9c7f4708,0x7fff9c7f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff9c7f46f8,0x7fff9c7f4708,0x7fff9c7f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fff9c7f46f8,0x7fff9c7f4708,0x7fff9c7f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff9c7f46f8,0x7fff9c7f4708,0x7fff9c7f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff9c7f46f8,0x7fff9c7f4708,0x7fff9c7f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x170,0x174,0x178,0x14c,0x17c,0x7fff9c7f46f8,0x7fff9c7f4708,0x7fff9c7f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff9c7f46f8,0x7fff9c7f4708,0x7fff9c7f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x13c,0x170,0x7fff9c7f46f8,0x7fff9c7f4708,0x7fff9c7f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7fff9c7f46f8,0x7fff9c7f4708,0x7fff9c7f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff9c7f46f8,0x7fff9c7f4708,0x7fff9c7f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ff2555.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ff2555.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,5890378881028861210,2561428878839065703,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4526725119825335068,16193039525499105629,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15606248337034834024,144827278606230592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,15115496211772794553,3208263028036436751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14485417015887648402,12653146577146537654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,5890378881028861210,2561428878839065703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4526725119825335068,16193039525499105629,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15606248337034834024,144827278606230592,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,4625154290909791411,11461796974244719236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4625154290909791411,11461796974244719236,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14485417015887648402,12653146577146537654,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,15012449038961620706,17327564951602222969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15012449038961620706,17327564951602222969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,15115496211772794553,3208263028036436751,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,12848313318429837365,9591283200804146717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,12848313318429837365,9591283200804146717,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,6154918791280311958,12998219527544824968,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,6154918791280311958,12998219527544824968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8032 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6939870164399402637,10884968091938859718,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 21.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.paypal.com udp
BE 74.125.71.84:443 accounts.google.com tcp
US 104.244.42.65:443 twitter.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 3.228.109.215:443 www.epicgames.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 84.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 104.103.202.103:443 steamcommunity.com tcp
US 8.8.8.8:53 store.steampowered.com udp
GB 172.217.169.78:443 www.youtube.com tcp
US 92.123.241.50:443 store.steampowered.com tcp
US 8.8.8.8:53 www.facebook.com udp
IE 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 215.109.228.3.in-addr.arpa udp
US 8.8.8.8:53 103.202.103.104.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
BE 74.125.71.84:443 accounts.google.com udp
US 8.8.8.8:53 50.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 36.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.google.com udp
FR 216.58.204.68:443 www.google.com tcp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
GB 172.217.169.78:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 54.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 3.231.98.65:443 tracking.epicgames.com tcp
GB 13.224.81.88:443 static-assets-prod.unrealengine.com tcp
GB 13.224.81.88:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 88.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 65.98.231.3.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 api.x.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 t.co udp
US 104.18.37.14:443 api.x.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 192.229.233.50:443 pbs.twimg.com tcp
US 104.244.42.197:443 t.co tcp
US 68.232.34.217:443 video.twimg.com tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 14.37.18.104.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 facebook.com udp
IE 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 221.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 220.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
IE 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
GB 142.250.200.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
GB 142.250.200.3:443 www.recaptcha.net udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
FR 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 13.224.81.88:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 login.steampowered.com udp
GB 104.103.202.103:443 login.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.103.202.103:443 api.steampowered.com tcp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.178.14:443 youtube.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
BE 74.125.71.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Kq7hG08.exe

MD5 e7f6494bc7d950f7aab04e955d223aeb
SHA1 05f2246a3be375383f1ceebd170d1f11acc6b656
SHA256 221a7f215eaa69a1a45b57348e9134a177de0259cccdd8e7206c2126661bd9a9
SHA512 2a57ecfc2023af1e5012c08ea75a3f694fd0c54a7bf3379fe65bd64597d4cb155680af3b43ee87c5c93fe0c39722854c659910081c7557f4ee5d3280b8226cfd

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1MT60GF5.exe

MD5 8fa3c49aae7acb04d1d6fd631457ba9c
SHA1 ee409a09bcfff6d13b2527993cf1000634faede1
SHA256 ba68b3f55e27d8fb495156dcd73037efbd3b2d3bf91ecbf5be051b8ebf62ef53
SHA512 fbdfd5252540c6e362a9bf9eb3d509d5018b078e6fe3cb6ea3b67aff46c20f59b5e81ed613f59441ccd4f24867da3cc7feb430a35d9840fcaf715fb00166abcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5990c020b2d5158c9e2f12f42d296465
SHA1 dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4
SHA256 2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643
SHA512 9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 208a234643c411e1b919e904ee20115e
SHA1 400b6e6860953f981bfe4716c345b797ed5b2b5b
SHA256 af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458
SHA512 2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ff2555.exe

MD5 1a02cb5a4b9e6721deae917c9eafe523
SHA1 d62940137a23f5cc5a1ee15cdeaa32246c9000cd
SHA256 f9baf8fffc152dde87aff59a9d03cdbf7f27623ff4e65028bd4fff56be5fb75a
SHA512 6d328d3203ef1f6fde27780ea7e45bd4e77755c8807b52c83932e7be4b2b2786e3c7dc56fe34f5d542d6469b29434ba9047fd2da5e8ea835b7b82fd36cbed669

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ff2555.exe

MD5 aa2131628bd54774e138f2111d515763
SHA1 cdc6a7e8474f8340a00c95d01ee977f1c6922360
SHA256 228c190e40c57206707f187c611a68c1bca210043149f487c739b84fbcc31250
SHA512 57e39080be78d1dab02044d217b17622894a95164ef7527bc516a9f4ad3584de37f63b1129b7acec5dda8703c48f9766c4b83237bf03b3d61405a6d4b9c9ef70

memory/5288-73-0x0000000000480000-0x00000000009C1000-memory.dmp

\??\pipe\LOCAL\crashpad_2536_AROYRQXDRLVGBFJI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/5288-85-0x0000000002F50000-0x0000000002F51000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d869fd15e59cdb2be18e00fb211a76a3
SHA1 0851577e8b17755559e7db163b6bc987e96027d5
SHA256 8333afcab8390e7fe25d1e72f3f02f5ec7ee922c7ab7a43ab4bce77a479d115c
SHA512 78cf7a71b35a7e21885ec295057d421f6b9e9477babe9920a21984ff622d27ac9c2362f7009cdbc1e502ca164e2eb4b53a8fa81f3f862f7d8574cd9b1aebe5bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 63cb387ebfbf91a46e471c1784ca281e
SHA1 0209af0ee439f06043ff76e3b0027e12f26bcf24
SHA256 5a9e3198ffe7d172b14bbbc6bd6b7563ea26b7097bdff5b0e5e2f6b3ab5bdbd8
SHA512 4037fe6048773cc7d6e67ae66f1fd88f62e224a4db8dbeac8f0a11cf122180d8c48b559ec6dc7b4c8d0ad62fe3bc16746ce88d8595bf349b6bd7702103528379

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 628dc0647a488ba92d222afed291086e
SHA1 47514062dbbc82b089d27560c3c8af8c061c6c5a
SHA256 f7e408c11e3a36c903cfccd220b2c733f0fd4fad484905ce64d8f64a13baedcb
SHA512 3cb3e24d1def7852c673752f59ba5e41b784d9a2afb504bd33b7c11d9147bb9b9a8d9bbcd724ffd20b456f354b981fda798877627485a167f7df6b97cfe47847

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dacec4b88b1d7bd62fcc384b32d69d56
SHA1 211b59f8110c891bd7c124c27a910dd83c658773
SHA256 b14298256f8c405e380768741bb810f422189994b62ceb3f935c3fb7637e9892
SHA512 91bfcbde109b4c22345e55ee40b2fa141308b05027507e5d05b6de587287fb6fe28ea2b45464ad4804471087310e808bd9de7af228e41f64432af818579a3850

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c77a36891d5b52661ce71def53260767
SHA1 0ee35e4122c6e1c6f5f2333679ceeffef2613379
SHA256 2bd4210baf4c2ec03aa4a29d2dc5fa30bca25429ec5e0f5c25aff167c2b9504c
SHA512 8715a6aae5b3db23114b2fec3fcd27fee6e0690150eda8117c2de87c44b525270944d2eef7e94ed27a102dec69620b6173dbf63fc8dbe5c02335874a2df022a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ae84befa8b7e2ae216764c37bf00368e
SHA1 88501250885758ae11b8adad24a61fc90ac2720f
SHA256 004d6b2b4ce93c1a615b2a6755539ba34d443171c0a09796653b619489c7236c
SHA512 fc1075fb8406bda1da34368450defcdd9dc5b0eadc49249f491d2d6c8bf3e101963720180445c1002306a3f4a5e905a9fd44e345cc6983d4a845591f8b93356b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\02366bcd-dfc3-4d39-98b0-7d90a118055f.tmp

MD5 7fd90d660cbc0268f21363b2dc279272
SHA1 b73ef752e9bb77ab50820132ec1e3964a192abe5
SHA256 429f86db038c10a04df1c749b4552bc6e9d31a96054a226b1f641127942fa630
SHA512 5f33b1b7128f5f0b9992266b3e87c531831a85fb75fce5cae2a4228b612d98305a57ebc8092b6ff2aab77d9c746e62d985a06fbe1f43efb755fe1b83a4aed89a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ce37c86d9ea00475ecbf0ed70cabcdc7
SHA1 2224223aa0b91ae16753600036507b0bd4b608e7
SHA256 e3f865856e62212e760cb540e4099f723acaa0ec27848d94361b10000c80a0b1
SHA512 2a7f112c309c6960b5dbe5ded8c0674597eee3fdfefbfbab1ae430b4a0a766f1b6c18081e7c2c19519f765a682052c508885a31219b673a2e44fa92242269e3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b09a4d9d757f3d6bd4a4205b199ef7a0
SHA1 f879265ac1bfee8d81aeceb01f2ec94e65e90552
SHA256 ce0241f846660deccf5753f65bff573ec89b9eeb5000bf10f3075811c0fa45f1
SHA512 ea049ed57bda1d8a782df134e4401972e75f143ec76d2e26aaf9ffbfa6cfabff52d176b2afb8c6f08e17b9531582821fe43fa484dc51827ee305124138d17026

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 19ed7124109b0567f5ac4eb3e13f2d05
SHA1 b7f158a12c1ae82b9be568a8d1c8086e023236d8
SHA256 f16f1dbb1bfc4812ffb7d3418e024fb35119ef84a9178016f9d8b0155d3f7f89
SHA512 ac72a52755e925f215a0fed878ab28f0b85024d91dbf180def225c8fc6485fd965b299fb8c4c325438c0b449f9d91204aa633d95d404142e19925b9051cef90d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8b0768518eb712330132d699762b99af
SHA1 8513ef6c6a79ef212809f07fd398dc9ecb27916c
SHA256 f6957e4bab37465847df25bba4f390525dedc754eb988179a9a5d9b7db9334ff
SHA512 7df1ae70098aebcfea791ec8afbd5f5c8e0f1c9f95119fc41296fa24a8f7fd0ddae248cb4de8863f6180008771a1c842e0f51bd7fe16c5f5c4b4305d44e41a48

memory/5288-315-0x0000000000480000-0x00000000009C1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0a362274d084a1aca22f2a645da50ebd
SHA1 b063d786a2175fcb565950fa7d77cf60fd8761d2
SHA256 e9f3ddf9700190e1dc1200dd41f8fb0739087b194026609c44ad44bfb94b6d64
SHA512 e850fe9db27aa87178c83caef078867dafd43db6f1b80d5e3e0d108509e8f22627af967a66a242d856b6953f1b354ca69d10e47db32a0f909f71f51c89c92393

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 5a6206a3489650bf4a9c3ce44a428126
SHA1 3137a909ef8b098687ec536c57caa1bacc77224b
SHA256 0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28
SHA512 980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 f035cb410e0d0db605ade433d006833f
SHA1 725f34845c9d1a1f903fc0097f01fbf1d5fb01e7
SHA256 6c412194112335e60d063ca8d084e27a3081295a70e9bc8e499956b2a7620483
SHA512 ae466c7ff3c2748076e828ec5176303cd6e4104b767c3ec70f17fa0318a66cda248699b252571856d6f69a5ead27badf37c940c92e988c6d5e8426130640bece

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 14fd84f2b756a62ce14ca81c1b1ef755
SHA1 896a72c6e99b9d3305f380ba53b5c1f5505f1a1d
SHA256 de17237adc53bc5bc2371bbad33badaf1e09630736f983b86c24fd6a183b89fc
SHA512 9a1eb630e9998b6dab8782126e89f73152f13216ba7a6d0ab51736dd4ae699c473f3578248a7d45f4f4c950b23dd34d56b7f9266ed67f12285c277c33ea36d6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 909324d9c20060e3e73a7b5ff1f19dd8
SHA1 feea7790740db1e87419c8f5920859ea0234b76b
SHA256 dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278
SHA512 b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2f7bc2f560f51deafe448ca275d93700
SHA1 8b043a7343447e11400320dd972b4aa8685519e9
SHA256 68a1e196626364537917e9e94d1b25324195fbcdb373d193e2a07d41109166ea
SHA512 e514584ea1e5965fc37a7e604f5877f13c3babe3a6fc0dbe6dba1428d818fe4ca88d2503beea635ac81ddf899a7d90c580312dbcace2eea199196d819efb6cc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585714.TMP

MD5 7d99c1df4078fed4a5fec4bb4f9c84f6
SHA1 14dfccf7cb79a466b98043fb16728725482898bd
SHA256 f2983e123734c553d4e186f012fc79d540408d8063f0648759400b4ed9d13285
SHA512 fbc41020a23168ec168ad7f17511f1386419e45d96883b722805177d2c319a625f2fcd1db4afe3358449db39030905ccbac38a3c683be492653b8bdc79a61ca6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 d55250dc737ef207ba326220fff903d1
SHA1 cbdc4af13a2ca8219d5c0b13d2c091a4234347c6
SHA256 d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd
SHA512 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8f50280be8347c3b09493de8b0a2d7b
SHA1 6de9caed7eaf07d566a7b083cae2b07f43479430
SHA256 df57fd497e8cbd6179ad3e83dbd7ce36b823d8214951d7e8001f0343f49fb47a
SHA512 3869e52c5e3d2348ddb392dc18bee3c5d88716f5ee8c40d25b756f48b78ec62c33e04d64392c98d9d8d1ea6a2566a3b58b8c9a5e7e7770c09b60718bc7525e24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 b3ba9decc3bb52ed5cca8158e05928a9
SHA1 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0
SHA256 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4
SHA512 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8d445942fd27e257c65b78095fff2955
SHA1 ca2011ba158be1fa184ab49d0ebe05a1f7ecd849
SHA256 0f12971ddfcab860b2a1bbe5359f8acfe4bf2939a1cc96b4bfc1eac93d82f154
SHA512 ef92f1e7a58b69e2785be3456ce4c74a6559c5b073ed2e7393b212a76fde567ea6691bcf50cd8ba9c553e3b508a1523ec9bf727480e019bd39d21a085f0b01c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bd7c3effce65cf107fb6aaafa8a2cfb0
SHA1 a45854ee3bbcf1df8c67a8acdd9b7e6c11104003
SHA256 3c4c24d87279fa0d102019965af90c272d48c9d5e5bf7387b1c1bed75b6e4f39
SHA512 f545d082a0cb90711aa0008f64848a0a12a9ce7c4c5b5ab8e0162be591076f4fa30b22e8138b418b02f24790c40af7f4cf1f626695166465faf3f401ae90781e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 de7878cb6ec31742fdcdb7201f6ab4fe
SHA1 57db37c7addab1d7d4b178eed619c90e47941e57
SHA256 b19b16ff3ac4c78da5b95b45b17145c2cf8a4f154526b8f4b150f5428d7a0348
SHA512 78c9ceecf472ea128752b6f9c84b8395b8a199136ac087242bbdf4661436d9dc88ed373d632440fe6c9bbb93c4599f4fe1df2cd28760e854653455e9f1cfdf5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f39ec9068ab92b6b63fd94b9685f1139
SHA1 beb55a85d810426933fa7efbfed2a716666bee4d
SHA256 092ae6db0024c81f57b9a884520452ed281d526b0118be9e15bbd7e6fb91e8a7
SHA512 b55b6896b22433bf63613679f51427199ed23a8718f62444e7c28d1b6a5e7eb37034ae21f2a64cff5961e14678b1f27a7600691d5c1b99170aa1b4cc46410f98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a936f1c15219d91fbeddc7e897532d90
SHA1 e9397c0659cab609b23d6ae56e87e8d30915e56c
SHA256 c54cef8d48a52feff8ad517bce823f1f879520184a96de80a03db9f969a973bb
SHA512 a1f608d08e2b8833b0c05bfc698e395b583e6f151c80b986ac01d7d211f05359ca7b841a3d7fe8c6d54c635fea73481008b22972facf7470dc5c83d4f247b96d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 833454ed1a1743ba164804f0ba2a763c
SHA1 6f2919a0690f13baa53dc1fffebc08984fe2c27a
SHA256 b3e2a61f33234f2580b3279739c3aa36d02e3601e4ee0d763c6ff4f4d82662f2
SHA512 439bb80afc1181c745a8b7aba2b9c3ce95533976373840981c27df1b904d5afb4fa804252545424c237c87b98a72a873016ed332b113fee8a7ba6ab2f7c939d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 071da47bb464789c06ca82aa1311ff89
SHA1 33b1bdb6b365ad83173c7b981c77cd91cd013a70
SHA256 e8bc357dcbdad016274ca8d8d913f778edb3f3b565d3097bd6b4147b3e8b9a64
SHA512 3faa28e6c253f67022787bc91131e4a49bb8265bb831b0b557bbfc4613002b89fdc2236fd06c7553bbafc710ab40286686426da4ef45e8a665622c8d8f6e7ffc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b48e4a9a5ddaeb5e3a7f15b5c005c836
SHA1 27ed83ca6a8ced3f2f00c1fe1118f7d43c714c89
SHA256 9c9a332560375a690d467f07d96448d630cfab12e109842c5a38952ff4e33a60
SHA512 86098eec6aae502804869565074348baf96e3f8c71169e9a830030be8e5cc645f65ee188609019bd8d4f6703e230b9e5879356987e59358ab4352da03528c562

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 189002f8f3ef55665c15f92d57609bea
SHA1 39c238ee43572416af4e6fa8b044450053bf4dba
SHA256 14063584787aeefe19ee6f2337b26a9096c94e47f7ad2f24f3991f3fdbb08b6a
SHA512 7932edaecdd8611485406f4143f2c42d7eba3a0228757def85511704ce1131a28bb31b65b61794e0d4308683c6767dc98f6cf878a3649a24701fdae47daa06c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1b95f5038ea02d5cdc756c93f25cafb6
SHA1 0176d90521b714d53fe8a6e36e544c5327dd1eab
SHA256 e1b8d6590c2bf53e5f2e0500b4b00cbdf5cca6a131961836d38705b17e1b2e72
SHA512 4706c63e7482f58311a88c8aeafafc2fe33cee82b1ec89aa82b1785942287485d99cd0629f4853d6fa1e159c43b23119efd46118ee15189fd1c3b092765fc847

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe591795.TMP

MD5 10402b3da664d30e5998fb17784ff5a2
SHA1 e8398d6452ab1ba637872d9857376497cc5ece22
SHA256 cdb462af83d4db9f55fc7ee1e00ccd4309b286f5fd4b5006ec754b8203e76aad
SHA512 d59e7406fd7e671499fd2f7586597b4dfc3208171ea4932db95f4c2680e391013ac32869b21281449e81c82d40f55d47211a142c5d3a5dd03756796d6a0daed0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ddbd330c3e08d3acdbc2ca9f41a20ed5
SHA1 bc6bd167577ff6ce9ed6e40be124cbe35781cc46
SHA256 b4905136538be307633f68398502cfcf37d04bc5737b70bb2744b1307880e59c
SHA512 db4981d0fa3bca7ebb5b3e196b65c3985487dcfd0417e00468e63c6ada63ff39cea67f9c3926b07d507231267a746d64c8ed7097d428a338daa61f9b236f728a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5b875e26a594fed0d9f73eefb390f85d
SHA1 475eaaaabd55f0aa7f9bd2087ee89ac610b86037
SHA256 455256ec84f41d79155ad0c0d88bfdea32bf13240291232c4054887ec1b1224b
SHA512 ae8854a28c2c83cf9d8123eda8245c188911f13641dd44f71d05ad7604ff82f1eed2c702e1303ed7ce80b51620b1be5ffeef40345ea3e9ba2fae9832b65dfeab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 65de527771b7caa1808efff90e48c074
SHA1 530e00bd86e6fc3b21e992531f8b04d31a7ce600
SHA256 73e1aab09eda3c1e6179154f41763643fc7750ed3ccfc3e1b79c964813222da1
SHA512 125f7d32eee9b5dcab28359c9b79eb2a24fc3b1e5bcd2434e857ad024df0eb6cc8619fd7d8ec353b772cfc3c2da3d76d1533d3a5afac42dacec448a3afa8e102

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\f3455a79-9187-4456-a442-5c7e5172b43b\index-dir\the-real-index

MD5 dcd335e23364ee6de393b309af14788e
SHA1 3903232f82f2a3c31d16c624dd2f35f516add94d
SHA256 48754c1ea69940485197e86563bbaf5c4df9c60a157b16cc384c777df093298e
SHA512 cc6ed5dba2c1be9912dd94f4dab47658820c688e5c5a8d03c14220651fa8ae7b968d3dd6431d43a4325a8fe86f0261f496f0a48e03ac3c6e5cb84d228078eba2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\f3455a79-9187-4456-a442-5c7e5172b43b\index-dir\the-real-index

MD5 77c01e2c77fee31a41218361c38dbbc4
SHA1 6239497f32def0ba7783907b397fa8691ec180be
SHA256 26eca07aaaa3a43b14752fa5822fd6fc25f3dca35eb6280d79ea4c5465c46a63
SHA512 03af36e13741a4cf56d0ea1ffc24d8f5fa4a9366a86247d4cb8caf3e1aaa8758b6d6695cc1f9fee1137c3553d23691066c87294f2a8d8e329a32defd1a177b25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 fe36cecba207ae9173a1adba51ab1045
SHA1 2d16f98ff77aa9736e97544c9e05aa9ca4441142
SHA256 7161032724c807f5e948d06b8e628336ce8a316601abbbfbcab05aedf77460c1
SHA512 a05330170e3f5a5e5a272eca864ad3b71570c77007e53a123b75c02cf94a7d033c14b771203dfe77d1690c4af0b91305099cd3a8a8f75f04e5b52b56ca28f7cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dcd1440598585cc9dfeb399d87588bf3
SHA1 961af434bb00f7f0b128ee51a979ec21b2fd4374
SHA256 b6fb6bb3d9abb6b67f3d9ed195ae8affc8ba694e3853cf90a00bd9a3ebbfeec5
SHA512 a0965ec67f0e1d88700101df9997b6880996ce8584b69f89a443f36a5e78d4b52e7a4d3293ed43d666f19bb59b2f7b97cdbffb511e2c1c2143a822a363becaba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f03df7a119587fabf311efc999f69a8d
SHA1 27c76b4542079f821bb6149b681b043d2db4521a
SHA256 c7b9799aab2eb18ae14ca2ff574179f8d833f28332c65bebf902be4b63191693
SHA512 e4bf2551348b77453a6c23ebca64cab7da693a69a89c1db35f5c295517e2b3c5471a394d261e3dbb0d638d4cd4b6b281dc897b5409f82ab95e7fa7981110986e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 859afc999dcc8bde3bc5fa8bb218bf5a
SHA1 386e6dc288ec568fd4354246290ca61adeabd917
SHA256 0045c48f472287d00a888e8635a0775135966eaf0b104893e00f6de907efa629
SHA512 b34f2d135c00d0e656c420e12dbe99049b9a528314bb4a1d356a7caaa87ae15149837675566cf6fbe9942c29ec81badd30e81e0f7d859eabc88b7efa71efd9f8