Analysis Overview
SHA256
b13c0fe9d2e32139012acd2be7aa374d5b7199fff0a8862399c5d52ee16db388
Threat Level: Known bad
The file b13c0fe9d2e32139012acd2be7aa374d5b7199fff0a8862399c5d52ee16db388 was found to be: Known bad.
Malicious Activity Summary
RisePro
PrivateLoader
Detect Lumma Stealer payload V4
Lumma Stealer
Reads user/profile data of web browsers
Reads user/profile data of local email clients
Executes dropped EXE
Drops startup file
Accesses Microsoft Outlook profiles
Adds Run key to start application
Checks installed software on the system
Looks up external IP address via web service
AutoIT Executable
Drops file in System32 directory
Detected potential entity reuse from brand paypal.
Program crash
Unsigned PE
Enumerates physical storage devices
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
outlook_office_path
Checks processor information in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
outlook_win_path
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-14 03:03
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-14 03:03
Reported
2023-12-14 03:05
Platform
win10v2004-20231130-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Detect Lumma Stealer payload V4
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
PrivateLoader
RisePro
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Qh5EB73.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1GV37mn6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7CG7BL23.exe | N/A |
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\b13c0fe9d2e32139012acd2be7aa374d5b7199fff0a8862399c5d52ee16db388.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Qh5EB73.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe | N/A |
Checks installed software on the system
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7CG7BL23.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\b13c0fe9d2e32139012acd2be7aa374d5b7199fff0a8862399c5d52ee16db388.exe
"C:\Users\Admin\AppData\Local\Temp\b13c0fe9d2e32139012acd2be7aa374d5b7199fff0a8862399c5d52ee16db388.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Qh5EB73.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Qh5EB73.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1GV37mn6.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1GV37mn6.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd609746f8,0x7ffd60974708,0x7ffd60974718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd609746f8,0x7ffd60974708,0x7ffd60974718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd609746f8,0x7ffd60974708,0x7ffd60974718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd609746f8,0x7ffd60974708,0x7ffd60974718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd609746f8,0x7ffd60974708,0x7ffd60974718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd609746f8,0x7ffd60974708,0x7ffd60974718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1688,17449558689950608557,951405726199487486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,307813903906436477,11347078351197096482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10803365603851952455,16989927211479728166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd609746f8,0x7ffd60974708,0x7ffd60974718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd609746f8,0x7ffd60974708,0x7ffd60974718
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1464,14787530012718950389,8175837042211770341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1688,17449558689950608557,951405726199487486,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4420074064638523399,15745075720439266118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd609746f8,0x7ffd60974708,0x7ffd60974718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffd609746f8,0x7ffd60974708,0x7ffd60974718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6768 -ip 6768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 1720
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7CG7BL23.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7CG7BL23.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5052 -ip 5052
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 1008
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15905706258556643178,13908509231433280620,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6764 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| IE | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 3.230.179.48:443 | www.epicgames.com | tcp |
| US | 92.123.241.50:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.103.202.103:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.179.230.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.42.244.104.in-addr.arpa | udp |
| BE | 64.233.166.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.202.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 193.233.132.51:50500 | tcp | |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 51.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| GB | 172.217.16.246:443 | i.ytimg.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 104.18.37.14:443 | api.x.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| GB | 199.232.56.158:443 | video.twimg.com | tcp |
| US | 104.244.42.69:443 | t.co | tcp |
| US | 192.229.233.50:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | 221.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.37.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 3.231.98.65:443 | tracking.epicgames.com | tcp |
| GB | 13.224.81.67:443 | static-assets-prod.unrealengine.com | tcp |
| GB | 13.224.81.67:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.231.3.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| IE | 163.70.147.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 142.250.200.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | soupinterestoe.fun | udp |
| US | 104.21.24.252:80 | soupinterestoe.fun | tcp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | dayfarrichjwclik.fun | udp |
| US | 172.67.174.181:80 | dayfarrichjwclik.fun | tcp |
| FR | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | neighborhoodfeelsa.fun | udp |
| US | 172.67.143.130:80 | neighborhoodfeelsa.fun | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 252.24.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.143.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | diagramfiremonkeyowwa.fun | udp |
| US | 104.21.18.224:80 | diagramfiremonkeyowwa.fun | tcp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| GB | 104.103.202.103:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | ratefacilityframw.fun | udp |
| US | 104.21.74.182:80 | ratefacilityframw.fun | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | reviveincapablewew.pw | udp |
| US | 8.8.8.8:53 | cakecoldsplurgrewe.pw | udp |
| US | 8.8.8.8:53 | opposesicknessopw.pw | udp |
| US | 8.8.8.8:53 | politefrightenpowoa.pw | udp |
| US | 8.8.8.8:53 | 224.18.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.74.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.103.202.103:443 | api.steampowered.com | tcp |
| GB | 13.224.81.67:443 | static-assets-prod.unrealengine.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 120.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.219.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.219.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 35.186.247.156:443 | sentry.io | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api2.hcaptcha.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.178.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Qh5EB73.exe
| MD5 | a2519662b92e890111107dbc1ae56eeb |
| SHA1 | b41e76a2f49d3b658d287a3901081ec2bdc1ab89 |
| SHA256 | 3ae0bd1bbd31dd1ea4d3cfbf5f0c6f0bed7ff728b6a5162ef87ee6077ea2e7b4 |
| SHA512 | 48695bc3faad329a01abd1af85daa781872570160a03e9679dba1557f58dc29b33236d90d0d8d11a2d3b12ba7c1e46ecc15147e89769a73f4c543f533154217e |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1GV37mn6.exe
| MD5 | 0d0982e18ab741a56bb7a52fc5a310cc |
| SHA1 | e451d563e7963656a69dd2b246fa1bcaafa668cb |
| SHA256 | b95a5fbac0dfdac228e69d1fb257e1b2527f25d6b057be2f7acdfaf7823e7e04 |
| SHA512 | 750cb9bb3a76597cf9fad338cccea2762d205003c2117dedcfa98150817fbb11e41a258619f23f046a44e2043071e5026191ee42aac9b19d74198f23a151135e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b1d2202f74b448801d3f092bd89c1ced |
| SHA1 | 7dea3fdc9b375de768c508da42e468c0f974dd33 |
| SHA256 | 6f15e3e1d666d9d7534198b2c0b03a5c710b0ffd6049b4d121e2ace2c476d32e |
| SHA512 | adfe22f0ff9bf03ef14013194e2497f7d8c7631f741320611c0c77ea02887844edfab338c9b66f5afce1994f2364066641c9991eb2cfb1eb6d9a0143a50cd410 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f0cdba3e639a70bf26cf85d538ce1a8 |
| SHA1 | b457faa0d6c55d56d61167674f734f54c978639b |
| SHA256 | c1e48c2dfaeb607efc713e1b5c01d1ee8a9491d8f3a2a5f4f3887e6c1f8c2f63 |
| SHA512 | 3c270fc58170c37f51427aac2d3092ddbbc17832556718612cebb0c32c04e7e3b7e157969d458a4b9c3e8bf781c23489319338960cefb5cf530673f2b8f81609 |
\??\pipe\LOCAL\crashpad_3588_ESJDGRQWQMMLJDYS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ab744cad94377a02db886a28b925283e |
| SHA1 | aa5aaf603169a29f11d616c954af681f581b686f |
| SHA256 | c9411f278fe5ea8b36c0a381a553d1ca971e831374d2dca831c2a3f7f347adcf |
| SHA512 | 1223cd65f00c974117b9ac6fe36ba4f75ab9b86d4c05faacf6d658ec8887bb7065365757ff821e0d8776e4cdb04ba2fdfce4fcb4cb6a31601c4129fff178f224 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c64c6ff736ee97f4bc8518d7cf3fcc3f |
| SHA1 | cdecca4818a71f32bd66a7f739fc5d64ade1f20a |
| SHA256 | 70a091b262ada3cc3786930c09e9c5aeaa4c7f49361ba56065b034a1d08a1f61 |
| SHA512 | 927461eaf198cc9d443a9cc64f44f56f1e4bc3cecdf2b5e24717c73d50ac61cc89c405934d8498331e7737c47295fdefd9539c128fd5df4238d53e7c447a4d79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 486510677590076b29f04fa9ddc07598 |
| SHA1 | e2f4c15964d838d35145f70e547ad808fe31ac90 |
| SHA256 | 9bb148b1ba5e4b071e19521a58181af3d1ac718772f999dcce0ba121f0da54ef |
| SHA512 | a971366ebf4acd1a5731a048370e8371a3ad33dc908f102d292b425cebfe77b0ef621a23f166cf1269e2c1fb907b422eedf4d95aeedd64924cb8396bfaf26abc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3edcfd54-9d0f-45f8-8b97-ed27c70b8827.tmp
| MD5 | d647ab0423bbf1d3a5d50808bfbdbdb0 |
| SHA1 | 830a086682e6517260dcf361f9aad7d5db1a96bf |
| SHA256 | 2a259ba1989376bd0d77a2f09efc596f52ee710fd3c28f4ee61ab7dbd448a6d1 |
| SHA512 | 9c1d9a4f20c1b81e611862cfb374cc6b369c18afccbd7c9d9df5ef8f513cb98c007023d7f7f57d1336d14a525e945d3045d3852f8b0212f719a75072e0b1efa6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0ab79f14299ebd7d5c0c7f89020a3694 |
| SHA1 | bd8ed181dae340f7fc5dbc23c3858ec7a604af7f |
| SHA256 | e7aa654791854c1ca0a648b39b13387cd06e1a8cb2f254029aec4e005a8981d1 |
| SHA512 | 501e08579fac8470c1d5d5ed87874c5a035b34e967fb466fb7ecc7a15411a7cb2eaf76af9a4bd370aa33524171812d02490d15b42c18da4221cfab2d247a695f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 55d4e84ed4ee032ed68705f1cfd39cdb |
| SHA1 | 3951e595965e563f6d0dbac7a703e05908757147 |
| SHA256 | 001121d780ed625321d085b103a3991dbfed785ace46d3a3cb01eb7435ea3029 |
| SHA512 | a13ced49c2a2f0c570062af6c78259b02d834701f07339f9ad52e2a3be46021abec2c1a1335800298186bc4eb07ce7047dfbb579d0ca89d7ad41a5258b94a018 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe
| MD5 | 5fd278ba1845f766e7efb04a014b3976 |
| SHA1 | 2e496576b3a3b39f8cf6afc99ed4b94420e4604a |
| SHA256 | 013fc34b54770dd40dd601f6337d443fd84c98aea6ff73f2a1ac4a581fb8d57a |
| SHA512 | b834e7f639122f3dee63a20389c1da89bc756e799200afc6ca4ce8b3ce0b2b5aea963f044994b24bfe19faf2be1e1412375cef738a3bb8284addf0676bfa4271 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2SJ1732.exe
| MD5 | bf2cdaa9c874ea3e99bbcb156b36b05e |
| SHA1 | d25f332f219673dd38cd5a3b93cea6aeace4c2a7 |
| SHA256 | d839ce555fb6546f2f50488cbf8a6f5f4e9e8852337027e932552267e2ab5743 |
| SHA512 | 49bc3cd3c8746769d05040c5f8538770d57641ef628fa24484b2ab1251e002261deffecc17c145904410a7dcc9e11ec8d676dbc04199a12c63c3e89ea1a11634 |
C:\Users\Admin\AppData\Local\Temp\FANBooster131\FANBooster131.exe
| MD5 | 9bd804a79fe2bc3494ad2be1d535318c |
| SHA1 | 918a9b964d49cb889599bf7d8f34c71ba7c488c7 |
| SHA256 | 750077466311c4bc392cf61e1ca3f82dd74e507803f53e4cd63862edd62d53ba |
| SHA512 | 1332bf060e5b093cd8d3ef31e22f8aab7bd6e10fa61c87a3b04bced2f8c79f14844f7d53e02d6b4d5d88e02129f69972bb14a32f3f4fb6c11aa39002308bd0c8 |
C:\Users\Admin\AppData\Local\Temp\posterBoxmYfYBCgOXSUul\QdX9ITDLyCRBWeb Data
| MD5 | 64e37b091c8b6c589857ba1adfcfd3c6 |
| SHA1 | fe3b230fea7286918504d9f57b2d6acb9d01e6ca |
| SHA256 | 563d8b77316228d681f2e490b1e99d267f4d22aa8c6711ba2ed7f66e6bfbd974 |
| SHA512 | 06668ffebf5f0b9662c8f8814075331933b3225a0eaddea010831cbbb4a7f72cb53274308c0cfe2cb0505ef3997f8e4b5424260a37ba6f069456932dc670fc86 |
C:\Users\Admin\AppData\Local\Temp\posterBoxmYfYBCgOXSUul\ZunTSaNJLBVfWeb Data
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Temp\grandUIAmYfYBCgOXSUul\information.txt
| MD5 | 7a0c4b2ac7368946da0585456df73725 |
| SHA1 | c6fcaf5249752e0aa04b28b408080ddd9638b80e |
| SHA256 | bbbeee4e5743b38ed9be4e787756bd9c6fb73c1dddcbc98cdea76af0fe788cc4 |
| SHA512 | 39fea5b9901375d50089dff7ef1668309bdfb7fe1486242750736437d1f35eb62185395ede080f83067b0699302a9a8f982961b0590a7a3bde9d9f6a1055ded7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 8bbd91621e4ef3435b185ae880036002 |
| SHA1 | 5c715702697e659dc77737efd3638716835bb5f1 |
| SHA256 | 222ae1f1e1989e4165e479649fd883b6c1f3586d6ad0e0183fcd72dabf4ba75a |
| SHA512 | 06cc7ab00f3c659a4b6379b501e38f86a22d78c101b7de7e84e1f7dce7c42ad1e5825dae18c9e004230d2c4ed3fbca0984dbac0aee5ed1255fc1ae5571f45794 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | ffa8124745af888c412bdab5e41ca3d4 |
| SHA1 | 3c523d56b6cb1b61746e30e079b8fc9de7d109b1 |
| SHA256 | cec3a4ff9fb3d777e23b46f43b8c87152ebad4875bb5cd4c86eaa0ce73a89766 |
| SHA512 | 40374fbaaa43a2d5fc1e5e8a91d5b0ada09b82a2e463ecf6303dc011c2e0b82be9c44a5728027d89c93af66a1e090e4c2652059c0de2205478468760bcf6e9bd |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7CG7BL23.exe
| MD5 | 700a9938d0fcff91df12cbefe7435c88 |
| SHA1 | f1f661f00b19007a5355a982677761e5cf14a2c4 |
| SHA256 | 946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818 |
| SHA512 | 7fa6b52d10bcfc56ac4a43eda11ae107347ba302cc5a29c446b2d4a3f93425db486ed24a496a8acd87d98d9cfb8cad6505eb0d8d5d509bc323427b6931c8fff8 |
memory/5052-539-0x0000000000B30000-0x0000000000C30000-memory.dmp
memory/5052-540-0x0000000000A60000-0x0000000000ADC000-memory.dmp
memory/5052-545-0x0000000000400000-0x0000000000892000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f27951b41db543ed4bff5a0b2780fa98 |
| SHA1 | c0f1747bb4f7dd455a5a2c485c90aae11578156e |
| SHA256 | 92b8762bdfcc231c4ff5665efaa47c0f9da303992915fbe8f7635456f4c41031 |
| SHA512 | aecd3994b3657f432727194be75c1205aae1e7967fe95cb67a36919c8eb456e0f2947fb137bf3de0c8a80a56f8a5605670ab056541e0386c5efa8423afffada6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042
| MD5 | b3ba9decc3bb52ed5cca8158e05928a9 |
| SHA1 | 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0 |
| SHA256 | 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4 |
| SHA512 | 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e96f058db525622459679d0528146cac |
| SHA1 | 57146940d50af10b5f8a56947a52c254a10f0551 |
| SHA256 | 50383f599482773dd22f11c52477f92cb339a64cf88ab4dfa7d157a32c6b6206 |
| SHA512 | 959b8ad92708d8560816ca2b7b5bc7a3761e8c075a5714d81136ff0e16c69cd7fe6c55891973672ff0a41c84738206e5d54bebb2cb3c77e595af1f1180a37355 |
memory/5052-684-0x0000000000400000-0x0000000000892000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 8f472f5706f7f7e9508673402592ad03 |
| SHA1 | 18e3a5699bbba3203e3876d0d28c560a5e6a9c03 |
| SHA256 | a98515127ff6537a7c2249265c6f4385320472a03127dc3d47c0d19eb2510d09 |
| SHA512 | 7f1cfd39e3e078b180c6636822265565d07ee13929043095db13cfbadfcda476893244184aae3b204eee4f46a481e317455a8a96301982faac30ae3a82898234 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 91bb8644a14fce587ae00cbd3935efea |
| SHA1 | a37bacc17b7ad87f58b10e7a4929daab064cb6f0 |
| SHA256 | 62b851bf13e848dccebbe94b25f04e8679e3242ff01c87ea99d222ea7e795963 |
| SHA512 | 0c519edc8a7502eb9beb396b3fd052301283d0340e5200fbcdbff34a6a04944ebd662d99f481e828bab86fa419ea5570243ebd4c61af4a4e3d29a9aa00ba9492 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 15902a4076a85759f221b5a66728131d |
| SHA1 | 1c17d94ca33462c40e5ea717e3bb56758804d0e9 |
| SHA256 | 3f3a082c4c45804871663959255aee974af7ad6e31bec21c3124af014b0be7c8 |
| SHA512 | ee0d839d89e3053c185884ceeb75b1e4b8e6feb00cdb78dc1b9bd5c321d7cdd331a2224406a0cd7e5ca0c11cf1b11f112b4d4e6b064d3e04d84fe50883543d41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ca26289020d36eb5eee22c36edf383be |
| SHA1 | c0e9d8ed4b1b93c95cccd993dd80c0e407734766 |
| SHA256 | 985ab69ab0baf23a67cd36d38f1cdf1d1b1c7b19bea828cc430e9005c706cc62 |
| SHA512 | a1e1bd9a23bf2a07b17b026d54c437be20072eca1cb4a27318ad929d278252607601376196cc3f304383115b31407d9bb5ef4e34e7ddbdecde14f043869f02d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 13979ab5e5eff835d1b866d065d3edc9 |
| SHA1 | 71ef5b10cf247204e6c71cffe79d8687c7925026 |
| SHA256 | 771e15b15480dc90b1d1602caa2730f54f72669e9635cec7ada85bf57ec41840 |
| SHA512 | 24603143a999b2ab679e246fe4ab14b1ea92262f215a4079a2fecccfc7ad500d94ce4eb0f419b0b2f41e10b41d02b25bb75453e80a84c4005e8742aae2a06d79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e50a2f42291ffdcca571b9dd48c5a5a4 |
| SHA1 | cbfa46e3a32ae80b68946ba78f3429c85ee1f6a4 |
| SHA256 | 4a30307aca317bda23157c2ba75e0239e78149718b446b6b034ea062e232e92b |
| SHA512 | a84dfa1f8eb460521bb3d4e1939d0f297e210d01be8db0942720fbebf6267aef60be661722f878ad4e1717c92e02833696135acb2e7a56a859d195e2e9134cc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57955a.TMP
| MD5 | cb577a0163ad514af32623a4210e8994 |
| SHA1 | b3dde91d8ef1c704b9284c5dbddd50e830555f54 |
| SHA256 | 0936df929d0d258058813ec9b9c3ef0bf4c1fcb6a511dd0739cdf14e9cdb5792 |
| SHA512 | f67e1483c1377aafcb14bed6effecf3f66468b6b2619055bf2c0809adbe55dfc6845b1e0b5aba5dedc79532869cdcc40b569d53703a9c623d6014b6289b41cb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 12eb04086e060749dfee8fd1826bccb2 |
| SHA1 | 3b83f3491bb2ab963516bf48765241ca9bdb9786 |
| SHA256 | d6b533281f537301ba5833d3725ecfa8818ad60151d72b64494b66bc0290da78 |
| SHA512 | b136ecab031acb9343836a52da8a55df1303047fa28672040304e032ec56d114ee084f0fcf38203213c302c5f49ef8ce72121da3412db23207a27650e6149f7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 15368b02ff20cef8bd9e3afc2a3884e0 |
| SHA1 | e9d67985e2fc84897dd665e1584368983c948b1b |
| SHA256 | 0424c949c3cb06a60a61a2831139a30f058d7183d333ebd6d1ea6712f1fb9ba8 |
| SHA512 | fbc5bc1ff47eceebd907e3d441775e1ed19c62e78e64cc85d8a0e02c9da8add640a46ec371955e24290c5ec12caee82c70f8ede44db034c6e1a554970194da7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57beac.TMP
| MD5 | dc1a43eaab9c0ed2b52e6191febb589c |
| SHA1 | 47ed410f4d7263f6159a91acdf008d8cb396139e |
| SHA256 | 15067c9c203cfb68840a0584fa862d0ff073e66ac2b63aa038a0683f767f3da6 |
| SHA512 | 1708a0278c384ad0e66362d4178d74c8ab792b5923fa3554a75554f135e5b9b072d9d928198ac00e8f2784fafcfa6f03b7a002f9f2d6fbf5c87082318b307901 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 08de50191547e3ce37f53ac227a0d408 |
| SHA1 | b5738f4f0c5d4ee45e0298549defcc208f95e853 |
| SHA256 | 0d84eb83ef8c4f9509423bac9f20888fe092a83e91a34c13ba00e95ba0edbc00 |
| SHA512 | fffc6a408263a3aa77a1896f6f2bf4ceb62782e9de5cc4e3e77753789c036d90d076ed1a39352eeebca6750280d301dd95af487c48c1c75829d702c16267ef96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a5fc58a74d043f2ab09b201b205d75b2 |
| SHA1 | 94775a96c596938fa51e9844ed2870b268a53579 |
| SHA256 | 0aa9661e9331c2d737e95871ffb22fd93f15c3bcd4f00cb703d3339c37986f60 |
| SHA512 | a037787a4a8a67e4fdbdda8bcdd15c848b245957f3a57327d91ea374dec7a53e68b2c956c3e4e8d03108827e6aad115a75f618fc015c60e3179239e123f37f3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\51e4dc4f-5e95-4e69-9d00-2a7fe00d9b5a\index-dir\temp-index
| MD5 | 90c93726122bc6191fd1fcfc56c77b36 |
| SHA1 | 2b55fca26888acb173b49779efe44a42bb07b5c5 |
| SHA256 | 067cc3e63d63be8e024a91fc5a438992542a4b697648aa8667adce9583d58a36 |
| SHA512 | 761f2c2d13537f1949462c4e3bd3cd0037eaec50eedacbfae42e18c1a1ec8cbb943664b043287c4b59ce39a9b7ad71183c09d3247319c8466e99616446e516ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\51e4dc4f-5e95-4e69-9d00-2a7fe00d9b5a\index-dir\the-real-index~RFe57fdd8.TMP
| MD5 | bfa5719f4c26c879a14061380e89f944 |
| SHA1 | 76c469bb7bf45e496f78d1b43f3735510850e9dd |
| SHA256 | a032da8e27709d603af8965f54c501fef64fa02a3f4d6516909f090567b9bc93 |
| SHA512 | 2da728704dd8db6858d4b08a2b6d15865e2ff3f5bbad60cd97970f5cb99adbe6aa1158ce592b5373d7c20f2084ae6d385f833041bcf72b87e7fefad70243e747 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | c6cc244e9a6ae1a5621443087bf1e48f |
| SHA1 | 127faa60eedc11e1f3eaf34c69bcb7379ef451a7 |
| SHA256 | 3ee8dac0e1f7fa001bb9e28709099e7ca4be36525da5afb6a496ddf8f8785b2b |
| SHA512 | 0f0986ec31475bb572b87e4c898ce1b4d7da1878b90b851eea84026e432d256fab86b165b5d5d1f6b4f8149f507eaed2dc2d3bb8a00ef9071fa599d577fde8d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 31200d78d0cd53186dad7a9e43605599 |
| SHA1 | eddcb1b5d39160905131c7a471b0b73fda443cde |
| SHA256 | 3d90105a9d2d3c0146f2cc49799cd11450ae6eebc3384e0092868e7bb942ed63 |
| SHA512 | a2a78799852363153ec4388c7f362a568167fdf9e05cf2b6bf790a6917e6145f9cb74b7f45958fec140992335d045f419d0416fd671036d9b8332da0b14ab179 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 07d00c3319a6c250e804b9842c2298c2 |
| SHA1 | d41a70f76b1012e10af870cc2619e45be5e4b5f8 |
| SHA256 | 824510421e8e7778b27f64872d447677a04c965447b7755dedcc8deda9dcc18a |
| SHA512 | bc112db73a9e5d5483425ec220b69bff8c83fad703fe955077e2852a2e062e96884e29d1907823c7d7629e7d3030cc257f5506d1a7872aadeed48a1b10f61c09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a9d296e664aa9a69a23bde0562e3d339 |
| SHA1 | cf9d1818de79cc0665c97dd7382e111025a8336e |
| SHA256 | 51cd20ba2266a0b9d3116ce5e369c7de115cddc01a40505899347ae8b15abaa9 |
| SHA512 | 5076f821f07e7b76e15deb69d859c58622776c4f03a05b359c0b700d8428282b8527b6a214fb53f658e2184843fc7e5a02b5a4da1af8b2d9cf71105a6c885f96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | ed281b3c5758dc74a460d261cd38de7d |
| SHA1 | 042f7c12f5a50f55d0692b7f1eb0d2624f4dcf03 |
| SHA256 | 571f1c92b133d4b7e954146d4d085bb2279dad4e7f4a0511bb7ca16b3a98078d |
| SHA512 | 97d4bc74bf7bc6158dca36bbc76c0cf654d09b135bb5258e5a15eea72c85d764e03ddb8614acf9c5dc198a6f739e3113ada00249cb5732589efbc9390ee520b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | dd7716b422be6db25ee4efbb70fd2fc3 |
| SHA1 | ef27d206c36e7e50baea0598321f939ec08ea890 |
| SHA256 | 8d7954a53e0508c4ddae066a0bf0cb6c45a1f5d9ebf715dbe01ad4a8150ee904 |
| SHA512 | 1a5e0df61080a1bc9320f7ba28e5566bbe8aa4985d8df03565efcf0aa170b2616edabd683479896594b43f39326223a88c5aa29492b147b404f2f9582249f222 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 00476478af9d475af6a2ebd784017cb5 |
| SHA1 | eb440212182718a4f11dad5c31e8aa608d0b5627 |
| SHA256 | f155e70e4a4bf9f2afe1f69375f4a2fccf428c877277d326b4a6c942108423f7 |
| SHA512 | d2b888b880b1737c1599779e7df8de94664b0cce9bd3cec6e323bee8a9eaff59b4e4b62da9bf272fb172572585f7e69ae6a614905df00ae8424bdc5d9ce5ea26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 774f593b6a20e3521c86134a89104d0d |
| SHA1 | f6f204ffd87cbac7d7a3ac93ec4117b1fd48862f |
| SHA256 | e1643ff3328eb88f3b4386191195871bd47f5731266ca505aace711f668220a8 |
| SHA512 | 16000e1a9d24f53fd4cfa0787978690205bb1baa0516288189f493ca54ea6d643b67b77318c163e53e17fce7a0075a8bf974b6abbe1bd806dea594eb8d883363 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4760199f15e1fa497e78b31b2bdecdec |
| SHA1 | 1bdaa4e706cdea3ea17ab0be0b6cf30173a7b9b3 |
| SHA256 | e84473b33e5183d7745f434ee8f2d1013740584f0a19fda975108e7147c7ad74 |
| SHA512 | 275f57798aa9b7f979c0b917ac88b14e92fc3f75e1dfab233f0d8030e58dfed3e35391db3b5c4031b585da4eeaebcab92648343943019f4b4f8106ddfee2f3f9 |