Malware Analysis Report

2025-01-02 03:59

Sample ID 231214-bqvftscba8
Target 82475e5696c880207bb8dad38b3a3c966ea1ba90c1aa65909c0f82e05ce8318f
SHA256 82475e5696c880207bb8dad38b3a3c966ea1ba90c1aa65909c0f82e05ce8318f
Tags
lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

82475e5696c880207bb8dad38b3a3c966ea1ba90c1aa65909c0f82e05ce8318f

Threat Level: Known bad

The file 82475e5696c880207bb8dad38b3a3c966ea1ba90c1aa65909c0f82e05ce8318f was found to be: Known bad.

Malicious Activity Summary

lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer

Detect Lumma Stealer payload V4

Lumma Stealer

RisePro

PrivateLoader

Executes dropped EXE

Reads user/profile data of local email clients

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Checks installed software on the system

Looks up external IP address via web service

Accesses Microsoft Outlook profiles

Detected potential entity reuse from brand paypal.

AutoIT Executable

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

Enumerates system info in registry

outlook_office_path

outlook_win_path

Suspicious use of WriteProcessMemory

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-14 01:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-14 01:21

Reported

2023-12-14 01:24

Platform

win10v2004-20231127-en

Max time kernel

149s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\82475e5696c880207bb8dad38b3a3c966ea1ba90c1aa65909c0f82e05ce8318f.exe"

Signatures

Detect Lumma Stealer payload V4

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

PrivateLoader

loader privateloader

RisePro

stealer risepro

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wM1286.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wM1286.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wM1286.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wM1286.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\82475e5696c880207bb8dad38b3a3c966ea1ba90c1aa65909c0f82e05ce8318f.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iO5QJ91.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wM1286.exe N/A

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wM1286.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wM1286.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wM1286.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wM1286.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2980 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\82475e5696c880207bb8dad38b3a3c966ea1ba90c1aa65909c0f82e05ce8318f.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iO5QJ91.exe
PID 2980 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\82475e5696c880207bb8dad38b3a3c966ea1ba90c1aa65909c0f82e05ce8318f.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iO5QJ91.exe
PID 2980 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\82475e5696c880207bb8dad38b3a3c966ea1ba90c1aa65909c0f82e05ce8318f.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iO5QJ91.exe
PID 3528 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iO5QJ91.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe
PID 3528 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iO5QJ91.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe
PID 3528 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iO5QJ91.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe
PID 4276 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4276 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4276 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4276 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4276 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4276 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5092 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5092 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4276 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4276 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4276 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4276 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2000 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2000 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4276 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4276 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wM1286.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wM1286.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\82475e5696c880207bb8dad38b3a3c966ea1ba90c1aa65909c0f82e05ce8318f.exe

"C:\Users\Admin\AppData\Local\Temp\82475e5696c880207bb8dad38b3a3c966ea1ba90c1aa65909c0f82e05ce8318f.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iO5QJ91.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iO5QJ91.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ff8c41646f8,0x7ff8c4164708,0x7ff8c4164718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8c41646f8,0x7ff8c4164708,0x7ff8c4164718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8c41646f8,0x7ff8c4164708,0x7ff8c4164718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8c41646f8,0x7ff8c4164708,0x7ff8c4164718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8c41646f8,0x7ff8c4164708,0x7ff8c4164718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8c41646f8,0x7ff8c4164708,0x7ff8c4164718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,3574664183917871513,3844106463990323136,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,3574664183917871513,3844106463990323136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8c41646f8,0x7ff8c4164708,0x7ff8c4164718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8c41646f8,0x7ff8c4164708,0x7ff8c4164718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,9449863540818532941,10945065331229531791,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,9449863540818532941,10945065331229531791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8506056621818994297,18173776336505484854,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,8506056621818994297,18173776336505484854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,1774772354257020878,5896688400034727552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8c41646f8,0x7ff8c4164708,0x7ff8c4164718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8c41646f8,0x7ff8c4164708,0x7ff8c4164718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wM1286.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wM1286.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7440 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7440 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 6492 -ip 6492

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 1736

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7lF9dL26.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7lF9dL26.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5324 -ip 5324

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5296 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7377252396924178971,12094366685910438157,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 16.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
BE 64.233.166.84:443 accounts.google.com tcp
US 8.8.8.8:53 steamcommunity.com udp
IE 163.70.128.35:443 www.facebook.com tcp
GB 104.103.202.103:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 84.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 35.128.70.163.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 44.196.235.223:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 92.123.241.50:443 store.steampowered.com tcp
US 8.8.8.8:53 twitter.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 104.244.42.129:443 twitter.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
US 8.8.8.8:53 103.202.103.104.in-addr.arpa udp
US 8.8.8.8:53 223.235.196.44.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 50.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
BE 64.233.166.84:443 accounts.google.com udp
US 8.8.8.8:53 71.10.230.54.in-addr.arpa udp
US 193.233.132.51:50500 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 51.132.233.193.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 216.58.204.68:443 www.google.com tcp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 172.217.169.78:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 214.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 api.x.com udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 104.18.37.14:443 api.x.com tcp
US 8.8.8.8:53 t.co udp
US 93.184.220.70:443 pbs.twimg.com tcp
GB 199.232.56.158:443 video.twimg.com tcp
US 104.244.42.133:443 t.co tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 14.37.18.104.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 158.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 3.231.98.65:443 tracking.epicgames.com tcp
GB 13.224.81.91:443 static-assets-prod.unrealengine.com tcp
GB 13.224.81.91:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 91.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 65.98.231.3.in-addr.arpa udp
US 8.8.8.8:53 200.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 soupinterestoe.fun udp
US 104.21.24.252:80 soupinterestoe.fun tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 dayfarrichjwclik.fun udp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
US 172.67.174.181:80 dayfarrichjwclik.fun tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 neighborhoodfeelsa.fun udp
US 172.67.143.130:80 neighborhoodfeelsa.fun tcp
US 8.8.8.8:53 diagramfiremonkeyowwa.fun udp
US 104.21.18.224:80 diagramfiremonkeyowwa.fun tcp
US 8.8.8.8:53 ratefacilityframw.fun udp
US 8.8.8.8:53 play.google.com udp
US 172.67.161.55:80 ratefacilityframw.fun tcp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 252.24.21.104.in-addr.arpa udp
US 8.8.8.8:53 221.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 181.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 130.143.67.172.in-addr.arpa udp
US 8.8.8.8:53 224.18.21.104.in-addr.arpa udp
US 8.8.8.8:53 reviveincapablewew.pw udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 cakecoldsplurgrewe.pw udp
US 8.8.8.8:53 opposesicknessopw.pw udp
US 8.8.8.8:53 politefrightenpowoa.pw udp
US 8.8.8.8:53 55.161.67.172.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
IE 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.200.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 fbcdn.net udp
IE 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
GB 142.250.200.3:443 www.recaptcha.net udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 8.8.8.8:53 c6.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
GB 104.103.202.103:443 login.steampowered.com tcp
FR 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
GB 13.224.81.91:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.103.202.103:443 api.steampowered.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.178.14:443 youtube.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
BE 64.233.166.84:443 accounts.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 172.217.169.78:443 www.youtube.com udp
BE 64.233.166.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\iO5QJ91.exe

MD5 756020a9226b9fb11589cff57ce259c4
SHA1 4725e30f92215e8bdbfabb9c08b20dcc2268a97e
SHA256 4b01c78c7f6e8684eef4fbd09b7c4d4001582ae150a04dfd9068acb06b272d92
SHA512 3195efa431b24f7a16529bd0ca6276ad04d40dbeeb47b4fb7834426537e0870bf42d7d74bf0b2e5c0704d56d434b6eb0ed622589046e9023768c56b29dcc08c1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qx83qL5.exe

MD5 af4d3e065dd2a5bebd48c70d0bc028a8
SHA1 7f8ee8587b763c34e280ddb20f871e9de8e030f8
SHA256 29cb87f3d2e12b3af437df5740051055fc0fb3c1c5ff0afd32cadc9f568b63d7
SHA512 9a0fe04681c33a32f5c124da8cd70c85dd72f75b530666758ded76e9b59c1362a1d5b3572d7f0016f1b6f53aaf424a1e5380718dc85675a48d1b62387c7f09ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d94c59e136e2bc795637c1c05e315e35
SHA1 0ec32d5c51c34e9215b5390e7aa4add173310f01
SHA256 ad71bfe2069efebb4ca211ae6ec21473fc1b43dd3269b8523c5b67da6edcb41f
SHA512 57a5c50bd9e87b20200ecbd18ed2bd7712a46fcb9f5ce3d3aecdb768bcfa52d5025f9fd40523015414aeac3e8c94c9ab1caa6ae006dc4e9e7ab58c92607ffd6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 890585f0e978711e84e103f4e737e1b8
SHA1 12b9a7b4a1a016c8a0d4458f389135ed23574e27
SHA256 c83ee823a77974192ee702a6b550e28046fe4f60798e471e7b5b75c1f623c092
SHA512 246b774837bfb5c3f158024986fb040419974c7a8c1e6f6875e713760385084b32cfa294a5195598e7968632d1e2e4f553545f6d084cb4e5204a868aabdc0297

\??\pipe\LOCAL\crashpad_412_XAIUUACNWRVHWWHW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9b1ea59fd42bc52d7185535f7a2c980f
SHA1 b439fcf6d81eca7d8c8f54937a925be660969fc9
SHA256 f1651842a173f066eb9a9ea3a5a01e87aa6a3edfe62f4526b45bbb760ba9db99
SHA512 ba4867fd2a246f5ebfbcd27d351fc55605bb2b9264d4e8cd21aa1eeaa7345505d99c8940cb7972910251bc2a03e3adc5dbf241e08f934804937514f12628e9d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6dea2e3ecc566eda9564bdca074056a4
SHA1 7d2e7e34b5e039753115e47cdaff9dc69850ad3a
SHA256 d45a8d7811527f0c6897bf1a7c938af3cc456224a0298e2bb9fcca1017f86b61
SHA512 56995faaf25a44d4f62a407572931f49adb5dce82404aeb7d3d361488f4ab23b32a3e0d8c6620e38748f7b064eed5c8b2a1b04b50e47a980efb41464dec82ef6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bdaa880e202420a624785b34c0531dae
SHA1 8eafbe5a886d2f2024ff75a5f3a1ab9fb159c001
SHA256 59dd007a5edeb9515c3cce0b8160ea6afefe7d2140714c3e813a41f42a66a27c
SHA512 f4e1a8037f8b98ed2cb7dc9b5ae5df43ae165612bfc7e5664701c99acda848560f9a61cff8d25ece266085cd04596ffb317109682090b07055161ab68c1421e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b370b75b5077fbf08b8203a908cdda64
SHA1 6c6d3bbdf8cfc25c0ab7188722e1e2b1b73f509c
SHA256 dde37549cd731fd00a44fc41598d2df07ba0a19bd2d3f2312837da4090aa44c2
SHA512 3d4281ae762398f5a78d2bf5713a4473280eaf9b9e8a4ee2b219631f51229cc683504a6c70f867ab54f5bebf2189fd8aaa655447cc3a5b9d0372311ae9444524

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wM1286.exe

MD5 4b5a2b8dfb314ba44b8927c176171ddb
SHA1 140989d751dc249666dbf616944896fd944c7ce2
SHA256 9ef4b350fff30d3bce77d8883a10258918886b6b282f15ba30e46b941cc87a65
SHA512 93dd01260a4e221ba74fc466af34195e9105296aca6a72d8e1892e5b9b063025176a0e27bc12b864554fd855e136fc04884ee283f0bcb03c9a2365f5a8e44b37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 383d321d55dcf0ee5fd660bf357f97f9
SHA1 9356a304b7204dc72c7b51f0236a28a0cbf7b691
SHA256 8637e804b8a20ba06ee8702952d333701b67315679fafa599632ccd137c353c2
SHA512 e75be2379241471774444a85d9ab50d8b78bd2a67fd95830b2c78db44d14e9360cd92a2ed1280101fbc4a3333ded53f18fdc63d3454a67191b62f48272ebe422

C:\Users\Admin\AppData\Local\Temp\posterBoxmXxNxAIHYhnv3\ZunTSaNJLBVfWeb Data

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Temp\posterBoxmXxNxAIHYhnv3\QdX9ITDLyCRBWeb Data

MD5 250f6cee6a8be4a85cd0d78b8f9ac854
SHA1 48a5be711abe88c0efb7204f6c792e67a99d390a
SHA256 21e090219937792f360789c94785cf969cf22fb9e2ae145dec419dc4beab1321
SHA512 4685c2cbc34566879e5c494f1433996ce9541e048a87036876d0ec426a02a13af6ed606575306522def4dd19a3fcc34b95335f492b21960b28e8f12be82a35b7

C:\Users\Admin\AppData\Local\Temp\grandUIAmXxNxAIHYhnv3\information.txt

MD5 aab6b4c0c9b801fb09e73a3be12bde9d
SHA1 01eb152a46813cd70d3e5ef05531751c5cfbeeaf
SHA256 62020c9ead99f17dee99e4b5a0f2e9a5ebc120365d358ee05885d665f83816a8
SHA512 d93a8495cce324c5a9786c814970685047c33e6b6e75dcdd53bb1fea01e24d12221bc132c28987526c2e71c20f3afe37bca9b8abb642f839b455f1ba789bac09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c115a87e73cae197d6b00b376ce7ac77
SHA1 02e44542282cae86791562b73531af5bf9010efb
SHA256 21d77a29271748085568a991ed1fe153ecb3c5c3f0ead14d54b45c8f94ea8f09
SHA512 54666780ffd8a529e255d5e1b337c1933057f2309e4ebf24622dcd14d1935666380e8258d2a7c91501b3232a532f9c0524fa9290124f64b70f86e1b471031314

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5915ac367e89a9f5ca57b026538a7c1f
SHA1 ae93f1ca4894bb026f0bf8c48078d5f305e9278a
SHA256 6e04797f26b509448502e797020978eb4897d47a6dd54834a6a2b775a884c9b5
SHA512 bdfe69a4de0a752c28f24336cbeb748f65f373f497de12278e32e54b0fcb412ff0521032b16ddde46cc8f4e79cdd9a8081fe6fca0a52547c57cb68a2d8b86a43

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7lF9dL26.exe

MD5 700a9938d0fcff91df12cbefe7435c88
SHA1 f1f661f00b19007a5355a982677761e5cf14a2c4
SHA256 946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818
SHA512 7fa6b52d10bcfc56ac4a43eda11ae107347ba302cc5a29c446b2d4a3f93425db486ed24a496a8acd87d98d9cfb8cad6505eb0d8d5d509bc323427b6931c8fff8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 a553ed37741112dae933596a86226276
SHA1 74ab5b15036f657a40a159863fa901421e36d4fa
SHA256 ec16b2f20ead3d276f672ae72533fcc24833c7bcfd08e82abf8c582e1bed5e87
SHA512 25d263aeeda0384b709e1c4ec3f6dba5cfcb8577e026d66846c2045b543f6446439b946163b1ea8f7e53cc6ebf38c93172452bd43e2560b42b56c4d13625e107

memory/5324-349-0x0000000000B00000-0x0000000000C00000-memory.dmp

memory/5324-350-0x00000000024E0000-0x000000000255C000-memory.dmp

memory/5324-351-0x0000000000400000-0x0000000000892000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/5324-409-0x0000000000400000-0x0000000000892000-memory.dmp

memory/5324-412-0x00000000024E0000-0x000000000255C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c892f38758098867d501f5d4f229315a
SHA1 a337f1aa49b5d37575db5fb08ac15f6ec1b39989
SHA256 33c6b0254f7a52a00350dc2bd193e6ac36c1f539c28772329bc18d2dea642352
SHA512 1cb3a2fc0bdbbaa22ea51f51e58e055eb1e61c3de0471caae759aa04f117fa31338e0d0723fe240eab3ca77cdb27423d93c604bd13f10adb1cf395244093ef2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5804dd.TMP

MD5 bf6245c3e82e455515bf1b837645fe99
SHA1 d9a308f2ab71877bade31f570c54d7c9dc80312c
SHA256 0d2f41570e4ee7540236272993ac2f3fdf94f15cb79443b0c1860d1af03bd85c
SHA512 9b17749fe15e77a8efabca4a7abfe5a31103f83b224c482bfe39e8e2d465725ce3e79812660fe3c9b2e1ac3b7da694434b42eec536891aed46d2ea08647bafe4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

MD5 b3ba9decc3bb52ed5cca8158e05928a9
SHA1 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0
SHA256 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4
SHA512 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cb920282a8dcf1856d8c15a0f786754d
SHA1 bfb4041dd3735cb1e7d033a0654bb34704b2db80
SHA256 59f8b62a5798f00b8f21b18747ed90b4acfd36f67a54892d04138f6f888f9197
SHA512 09ee8272fd1a359eb38cd335a84612b758a622d717aa95d1545a40253c520d45f3e6c08f28d255081b00d58bd39340033a13f299784121139af9f9dfdd9b1796

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 398fa7c9a7a1b36dea9e8087ca95ca6a
SHA1 1cf2289683c6faf5bf64037b0c54a7e4124810a6
SHA256 1b7a9c9f3f160b70185071be19088d63f72421ed7171bbc4890086db059bd25d
SHA512 e45fa7a94adcc927f200e9909256519d1859cdf4a9208c240789e159ed93a0ee0a7bc394a6665bbbff77b70a09d72847edd548f419d685061e904c0f94828cf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 ceaf4ab95ad5fdf87b43a29b8b43a663
SHA1 d0f086c0b649fe06c50085b636241a352d72d18a
SHA256 9ff315b6f7ed186f58887e27ea5c4b50dbc2e4a71df0004593ab1b24f5f2e3d5
SHA512 facbf517fe93f7f33148c354b488135efb0cadec3df43c54d50ca37b89ac83d1503adc93acdcd9fe6384c1fa8783d1f40a15af3157e27d8428e48096e247cf92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b71aa86d17170f460d3609bae9c90c3d
SHA1 4024a9598d1eb7dbd38e96f5c9d3c4769fec94a5
SHA256 7467e0b7190c888ba275a5d77228c5364b29a83984bc789ac5820599fc316787
SHA512 6e7b6148eada8b24a0e1c0a99c78ca67413ca18fdf2c05dc5158f41d1091c99772dabd657d557ea50dec8697cde12e70941bdf8361d5629493e3b5f5e3243e0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4b34f237f815cd0e65858f10a518c171
SHA1 047621edfda80d5a5180c56f30c69c96b82b25bd
SHA256 8e865e5d334736ba496af3922a5fdc77d75500e727cace2b6cb7afe2e73a9bad
SHA512 8695621b76c7f555f3bc2f440fd4cba68b660ddbcda6ed90b3a6766c9455137165959952fabbfce006a2cc376228c0f69ac5afcc5587af537d620aa1fee5207c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d6559f807d94b201fc515c6299b85fe2
SHA1 1d8174d5a2fd817f3b4be086697fcdddc3bbeec0
SHA256 5aa99329faca5452f95e7f68287d733b76c74affbc0e57a5f4c95498e06e2e84
SHA512 eec49784e308a4c52234e90012e992ed46266d312b1dd3e06c253d324fd648a29d8d5b708f161ccf2feb7365175f091545d7cff6760b0a1f55570121fb70725c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 11dcf3052db9040acfb9b21b0570d718
SHA1 7e171e7355c0632a8616858dbaaade3b3de8ec31
SHA256 ca66cbfa4fb7df77b2e688db8c9ec3f976a6c40c4b04c1432e15ba153e5a6685
SHA512 6fb45fe299335629639b2bf86050a74947207a1999dba3078c314e171e12fa4f7225df03b3803e7bdac0d2589cd071b417d378844d74f32689db8358ed7440a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 45f919e99c3b2b2573172d075a533c41
SHA1 add60fc6272217df72485e5f9f63218cfcaa643a
SHA256 500e7f02f0136bcb5ea6527e8dc344241c4eebd400eefc1f665e472565635df7
SHA512 b82952b1fb1c9ff2c67c097247621d205c12c74d36723ed909f6a4a751ba017159a5af165d6ccb500a009a437b2fab5102c5bdcbdfca154cc18b17e9943bdb11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 eda85ea1a6bf6fdffa70a6fa9e45f21d
SHA1 e72021f0982386edaa45cc6adca711c149680b4b
SHA256 bdb2319ef9de7fd466b896f254a6946a653ab1425a2ae39ecbff996a908e2373
SHA512 aa4f15445b9ff74e3a93f78d84ac108b1c98085e0d4331756281e91a9478ccf35b6d3656a23ee2092548dc5a19d7b83a77fe5e888563dd793f472113d7bdf122

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ca532595ffcbc23aad0ba2aad39db992
SHA1 8b8e842c528b1b391e2f0b575662ae3627c27c67
SHA256 86fb382cceb83010b36fe35ad6bb4a3f93c3bd2a917006948eb37feae15ea257
SHA512 f318a6831306c3e1e0736cc6fd77fa914e79abf910fc97407df58daea13318fc8a1fb7691b9daa802aab2c2b8ffc925b7285e9b6ffa78baccb8e353d8b3c8efc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b541.TMP

MD5 45485407d575bd719958d0382fe941b7
SHA1 5b31db8ef4fd93acb056c7956879b07768a0e413
SHA256 1f5db1301372074ea573944b02918be60663e31c442e7f06e554f048cda26c83
SHA512 b397b600a0b0b289eadf8045dea3b215468d1894e0f71eb07504e5aab890c9fa070b77ca1a8443d99eaa417aa1b87c8ac91f6831d1d2d23270fcd458f060f5e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f0752afa469bf9f96cdc96267e6ebcc1
SHA1 afcbe6f454aa6c31b111c0e06cf08ae826193fbb
SHA256 cae400663c09b1301d3fa7674c400e8e7c7475d1e587db34fe1c40a7a6992f28
SHA512 6775e61b023ad3f350620cd68778c0ac0dcf8db27d79bfcbec4b0c38b1030e30d9843606db42459e014e6a7a7615bbb18e4e764c15caa192940200b32c7bf4cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bb022d9de04f5ab335d999142c30ead1
SHA1 45a9c7e47e1deb3e8e231797f0dfd76bf587f9b3
SHA256 89708860aec90a7ab10bc1e4711fb6c9983471e686e49b5dda9c195605a19c34
SHA512 86b6bf1cd0b84d5c959563ca62ba80902c1929314eaf63b6d96c1ad0795547e9d39f679cdf32c84bc4a364efd52ca906dda5d50a96fe8f3fdcd912af4472e4ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d6dba7630797c965704b00cc435282bc
SHA1 d7b95153d8efd7b155a412ccec44061de338ceec
SHA256 19f313c0481bf1e62a77d1e1a461d0549bdf147b32a596080ecc1801ae263fd3
SHA512 d9080208225e21995963b4627556ee8824cdc67f212dcf69da44b91f00b584c0d1f546fbc8ec04563ed39506094c6029be3770871e102f75518d0081c9af7751

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a8f02bd3a0d32b3edcc2edbc12a802bc
SHA1 545e03886fe964136c32146551273c930fb14f77
SHA256 ab00eccb3633c2beadb06b9adc10ba81af3b29cd7d93703062b63eb5c7a87eab
SHA512 50c9823e319a1339bdea9d29658454d26852309d6cf43d5227f2848ff956293111f608065a9e5f6fc4aefe03107e1110fa5555c56433c9c6e69b19f9647714ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\bae79a47-f3bd-49ea-817f-ece5b4cd17d0\index-dir\the-real-index~RFe5914d6.TMP

MD5 64fd3f254a5b28a16b2b5bb6044849ce
SHA1 eaab38db4095c90e2dc75ca1e3c1e8628472087a
SHA256 8e99d73ae7d046886d962d99d6c017b18a9925c577089ec5f70797bf97e0662c
SHA512 32bdfb022f06e53d1098c9252b03859bcb193c1d9fdf8b18cbac78b33cb30e7e7adcb9d18aa4ec7ad214f254a3c73dd9417d3fd67d2d3dd5f389a287ec66d25c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\bae79a47-f3bd-49ea-817f-ece5b4cd17d0\index-dir\the-real-index

MD5 7b3d7d4bfb34a4ad9c6c21b96741cf47
SHA1 ca4bbaf7205f6bfe8678f93792cd48b210d4a4a2
SHA256 31d33602099bdb84d84b5b6a178b27459ab8621da2b3388be1421c3e7a751bf1
SHA512 cd51a513ffcb8042dadbc0805c508398f3c564dea98537a58e9406c30707e6e291f4f6d9e5e035a8114b8b8beaaf110afdb2c2d63cd703edd0099e024d49b057

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 e761173d8d366a1a08b6f79507d01737
SHA1 d372bae6c4636792811252d8cf9d598c7f2a0e56
SHA256 47294c7033a36fd3c40f47fd3a03ed3308d995eab6c2c3a43284ae1f03db6d14
SHA512 ab25b8304e161479151a1719026fe338e56011ac9ee4eeaf037c669bc636c5e75316b011b22df5af7577af5dadf2c8429c0d54d230f09dad3f942d11c78f35e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9825c3a68dad2a333386ef3f44020e68
SHA1 1949e69983086085810edb8e6c17fb45a084ffdb
SHA256 d1b1852d2060558ee9d9ed7ad47cecc73c85f7f74358f751a70347bf35632464
SHA512 c3e6fc0cbe23b1b92e193f7f6b72079e0da4038277c9dfdf792e958bdb1de9da47505c7a0c56796727f3740637bca4555eac6dd642c038c14badebb75ebdc31a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 68ba0afa48e103b0614a345b03796f5b
SHA1 f2efad844f2e033b3957c8d5576a6dbfddc48bb2
SHA256 988445d68d142d45251d0800b52cf04b2506e258d20460cf66068e38b72fae12
SHA512 f09a8369f2b7654c5cdcc911a1d9f126b134b230541d9c839f6a549026653e5bd1b9ac44f641a7756451375a9a900216aa2918fbdb75f5be1ce08e4a627cdb82