Malware Analysis Report

2025-01-02 04:02

Sample ID 231214-egz7hacfg5
Target abc42d7ca736a26313744d7e099279159f448255ca051113a8b23ec4d751e39e
SHA256 abc42d7ca736a26313744d7e099279159f448255ca051113a8b23ec4d751e39e
Tags
lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

abc42d7ca736a26313744d7e099279159f448255ca051113a8b23ec4d751e39e

Threat Level: Known bad

The file abc42d7ca736a26313744d7e099279159f448255ca051113a8b23ec4d751e39e was found to be: Known bad.

Malicious Activity Summary

lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer

Detect Lumma Stealer payload V4

Lumma Stealer

PrivateLoader

RisePro

Reads user/profile data of web browsers

Reads user/profile data of local email clients

Drops startup file

Executes dropped EXE

Checks installed software on the system

Adds Run key to start application

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Detected potential entity reuse from brand paypal.

Drops file in System32 directory

Enumerates physical storage devices

Unsigned PE

Program crash

Creates scheduled task(s)

outlook_win_path

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

outlook_office_path

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-14 03:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-14 03:55

Reported

2023-12-14 03:58

Platform

win10v2004-20231127-en

Max time kernel

148s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\abc42d7ca736a26313744d7e099279159f448255ca051113a8b23ec4d751e39e.exe"

Signatures

Detect Lumma Stealer payload V4

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

PrivateLoader

loader privateloader

RisePro

stealer risepro

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\abc42d7ca736a26313744d7e099279159f448255ca051113a8b23ec4d751e39e.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gq2vB35.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe N/A

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe N/A
File opened for modification C:\Windows\SysWOW64\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 460 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\abc42d7ca736a26313744d7e099279159f448255ca051113a8b23ec4d751e39e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gq2vB35.exe
PID 460 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\abc42d7ca736a26313744d7e099279159f448255ca051113a8b23ec4d751e39e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gq2vB35.exe
PID 460 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\abc42d7ca736a26313744d7e099279159f448255ca051113a8b23ec4d751e39e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gq2vB35.exe
PID 3620 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gq2vB35.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe
PID 3620 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gq2vB35.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe
PID 3620 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gq2vB35.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe
PID 4032 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4032 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4032 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4032 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 3584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3892 wrote to memory of 3584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4032 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4032 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4032 wrote to memory of 4144 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4032 wrote to memory of 4144 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4032 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4032 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1504 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4032 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4032 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1744 wrote to memory of 1576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1744 wrote to memory of 1576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4728 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\abc42d7ca736a26313744d7e099279159f448255ca051113a8b23ec4d751e39e.exe

"C:\Users\Admin\AppData\Local\Temp\abc42d7ca736a26313744d7e099279159f448255ca051113a8b23ec4d751e39e.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gq2vB35.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gq2vB35.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb2f9c46f8,0x7ffb2f9c4708,0x7ffb2f9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb2f9c46f8,0x7ffb2f9c4708,0x7ffb2f9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x184,0x188,0x18c,0x160,0x190,0x7ffb2f9c46f8,0x7ffb2f9c4708,0x7ffb2f9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffb2f9c46f8,0x7ffb2f9c4708,0x7ffb2f9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb2f9c46f8,0x7ffb2f9c4708,0x7ffb2f9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,708660551142909593,15385373000613615833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,708660551142909593,15385373000613615833,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb2f9c46f8,0x7ffb2f9c4708,0x7ffb2f9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12727202382882174195,145551117706759867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12727202382882174195,145551117706759867,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x8c,0x170,0x7ffb2f9c46f8,0x7ffb2f9c4708,0x7ffb2f9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7108953444422475401,11530548283568962187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb2f9c46f8,0x7ffb2f9c4708,0x7ffb2f9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,14971568911988853508,17303473342692455133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb2f9c46f8,0x7ffb2f9c4708,0x7ffb2f9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb2f9c46f8,0x7ffb2f9c4708,0x7ffb2f9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 7164 -ip 7164

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 1752

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dy9DY52.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dy9DY52.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8196 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 7940 -ip 7940

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7000 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,2875473306172271390,5766674587806087947,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3140 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 82.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
BE 64.233.166.84:443 accounts.google.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.103.202.103:443 steamcommunity.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 92.123.241.50:443 store.steampowered.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 44.196.235.223:443 www.epicgames.com tcp
US 8.8.8.8:53 84.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 103.202.103.104.in-addr.arpa udp
US 8.8.8.8:53 50.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 223.235.196.44.in-addr.arpa udp
BE 64.233.166.84:443 accounts.google.com udp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 71.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 193.233.132.51:50500 tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 ipinfo.io udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 51.132.233.193.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
GB 142.250.200.4:443 www.google.com tcp
US 3.221.38.39:443 tracking.epicgames.com tcp
GB 13.224.81.102:443 static-assets-prod.unrealengine.com tcp
GB 13.224.81.102:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
GB 172.217.169.78:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 102.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 39.38.221.3.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.x.com udp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 172.64.150.242:443 api.x.com tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 pbs.twimg.com udp
GB 199.232.56.158:443 video.twimg.com tcp
US 104.244.42.69:443 t.co tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 220.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 158.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 242.150.64.172.in-addr.arpa udp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 facebook.com udp
IE 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 221.160.77.104.in-addr.arpa udp
IE 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 soupinterestoe.fun udp
US 8.8.8.8:53 www.recaptcha.net udp
US 104.21.24.252:80 soupinterestoe.fun tcp
GB 172.217.16.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 dayfarrichjwclik.fun udp
US 172.67.174.181:80 dayfarrichjwclik.fun tcp
US 8.8.8.8:53 neighborhoodfeelsa.fun udp
US 172.67.143.130:80 neighborhoodfeelsa.fun tcp
US 8.8.8.8:53 252.24.21.104.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 181.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 diagramfiremonkeyowwa.fun udp
US 172.67.183.217:80 diagramfiremonkeyowwa.fun tcp
US 8.8.8.8:53 ratefacilityframw.fun udp
US 172.67.161.55:80 ratefacilityframw.fun tcp
US 8.8.8.8:53 play.google.com udp
FR 216.58.204.78:443 play.google.com tcp
US 8.8.8.8:53 reviveincapablewew.pw udp
US 8.8.8.8:53 cakecoldsplurgrewe.pw udp
FR 216.58.204.78:443 play.google.com udp
US 8.8.8.8:53 opposesicknessopw.pw udp
US 8.8.8.8:53 politefrightenpowoa.pw udp
GB 172.217.16.227:443 www.recaptcha.net udp
US 8.8.8.8:53 130.143.67.172.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 55.161.67.172.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 217.183.67.172.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 8.8.8.8:53 c6.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 login.steampowered.com udp
GB 104.103.202.103:443 login.steampowered.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.103.202.103:443 api.steampowered.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
GB 13.224.81.102:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-q4flrnel.googlevideo.com udp
US 209.85.165.233:443 rr4---sn-q4flrnel.googlevideo.com tcp
US 209.85.165.233:443 rr4---sn-q4flrnel.googlevideo.com tcp
US 8.8.8.8:53 233.165.85.209.in-addr.arpa udp
US 209.85.165.233:443 rr4---sn-q4flrnel.googlevideo.com tcp
US 209.85.165.233:443 rr4---sn-q4flrnel.googlevideo.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 209.85.165.233:443 rr4---sn-q4flrnel.googlevideo.com tcp
US 209.85.165.233:443 rr4---sn-q4flrnel.googlevideo.com tcp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.178.14:443 youtube.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com udp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gq2vB35.exe

MD5 319ab7dae7320d92096841e9fe136a37
SHA1 91594a605a23fcc0263ba846fe4734396dd2d0a7
SHA256 33bd1ca44039337d8725c73a5b00d3bf421a7dec764ae8a23b35f1a9405f7c39
SHA512 f061d0b608794c716ccb5e42aa160a231df9fa56ee01b295e1df4db1a069c90e3050a2a047dfac5444ac1c8800b27d7eb2bc3b60dbfa5d59936bb2891936fc8a

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1kV46Pa9.exe

MD5 6ee7d1fc15964d73a04f583086ef5e3d
SHA1 7681a4cdc6ad47d88d65ad97ddc278dffbe296d2
SHA256 a8e78ddaefd86420bdd03cbeb0271390b03cb4bed7eee657f4bd98096039f17c
SHA512 367c5752c3187490a1a3883ee6065884453b3857b1aa7ad5b843db1ad62223a7ea0d0c475b239ce8dfa5cfb98b63a8cd44f963b07687548c1de8bd2c8874f6c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fcd8bb32c04fa99657007efde87bbbc2
SHA1 ce575cef42840e731c9834e27efa02efa0c57a6b
SHA256 2e3fecfa2023e8f7b14c40277a60b0c781659ae240a32ae2521f7fa0f000744f
SHA512 b87bece2e0850f523206684c555cf80b348f794d51e8e0f7cf9c0ef054fc103885145acde9698dc363e8162aeaa4495a180825836e3fb92d4a3220f3359f57c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e5c27b4a4d5a3c9c60ba18cb867266e3
SHA1 dea55f1d4cdc831f943f4e56f4f8e9a926777600
SHA256 860ed0acc83eb0096cc8911725e2c631ff879ad8c35854577651af502c4b69c9
SHA512 56eda28e9c61e8081dadc220d23e7bb3320a9ba557eb7511d17a3d2836aa61f301d1d714a3d611eedd7c4b91886c790af7366b01acdb3b637f3dc4fb024f3f6b

\??\pipe\LOCAL\crashpad_4728_BMPCSQSHSCETWTFQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 077c9d62acc18685f7000b41bfe471c2
SHA1 f2d4f99ae29679278790d99dec8bed7775c7610a
SHA256 bda495e681b6f0bd3ee75fd6e1e8dc4eb0565cfcb12e795c251d2505be08324b
SHA512 8a589ecdb5d71054a4b5de88d9cfc9675ea61abf83074b4942f17d6114f0aeb5436b935e79ba4d452b8ac7ae06079c532014aeb431af5cb0d1e269704c4ad26d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fe89d58520294bd84074a848ab6eb163
SHA1 37cd51a6c088c4ad641383f7b7148846e61aa122
SHA256 485d278ed22aa58e7c0eb892ecd0e9652f2b9f618cff9fe42b68974b8921de54
SHA512 145ddef262aa252e654a1f36a31c8877bb18f68d602b4114e97a4ebf28b6c500d21e20ba933076e1dc7b0cfb98c093ed3272a060f9e44a73b519cc45f7c7977f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b851b3b35af9af1e2094fce999e6d773
SHA1 a6ad9f7c2a88ae295b634406fd5bb1cfdfae06d6
SHA256 5d32257fcc9de930783e813b2c28a70bd155212c27d77b03b5829fa1bdd0b106
SHA512 674d72a3e434df743cbcc0c7552e291e1e7f96eb27fa663c5c77d249711504d8c97cd8563ea8f1c7d80ec4c21f26ad2e131ed7cf4eb1d582c5ee4537568d11e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 50f5ea3c3a60d355d493cbe6011af540
SHA1 8392c0c295591e60553099a3688280a42bb264b2
SHA256 d76199013e7563a394c403091166224e96a25a9423518b88e7ec13006f125210
SHA512 61f1cebf788fbb06384ca78a8e43e06d12b372ffb3fed97ce7a2294b9de8541fb6d23fb0fa783f8030a003bef6fca501c0e93969b1405ecd21960a16ede2e088

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8e15c26b17df518c20b6b3f3fef50740
SHA1 4b08c3ebf1ab419b37e136977dbca5cfe52d8c13
SHA256 84f951b83b3427ddac82fabad040f9bcf1db4a5b5a044a434b69cab578647120
SHA512 3a5f4fe0fd78d899767d2458442993f3a51387a98cd81c66c2aeebee4b44663e7071ccd7ae0139f53ee531542e73b422a1ba9a0ad5ff8b9ed090bd0c15c6f2a8

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe

MD5 6dc2046c635361d66169972e75862ffe
SHA1 bede2c584b096c33641b29ed0cf1cb8cf7553e8a
SHA256 4b736dad0397bdf75a9985f2304a4d560097fca7e74319baeea31a76a8cf6f22
SHA512 c048d094296b2c8a34767d04214b33b59a32bd7854f0206fd60b2817875abc2ac20a8f64610271b34cccb8a9145ad5e2611cf582e6a705ccd5eeb9e0d63cf1fa

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Xl0990.exe

MD5 c546beb9abc8880988e3f5d6f369aed1
SHA1 9a7014244dda455ca00a3b5b2d8af2053baebc56
SHA256 9c2f06597d376cf244652a6665d6613fe30eb457f61f7405db27bd860dc3a6e0
SHA512 b705f336ec02bed292a11f9614cf4a9acbdd144ad171a49c140db56374c9d4e52684f182d89b61ea82d9bbee671f269d8cd2c13621f39d0e09b618f701dd3dbf

C:\Users\Admin\AppData\Local\Temp\FANBooster131\FANBooster131.exe

MD5 ef5c1ec128ac1822358d9281dcf3b710
SHA1 e0c8a7594d258b02e691f0bf85a289490ee4c110
SHA256 183181709acea935fa0e22bcae4c80d05d090283ada960a0a386aa930c588ed9
SHA512 82b5bb583c02c55aa425a939307bc17bd89644d2f6271a3cd7fe640423bee61f1e1ece424e12633b8e82ea78012da838aefbee5321b0d4013f2ff2707ebcc05e

C:\Users\Admin\AppData\Local\Temp\posterBoxxbDkc_SGLImKc\ZunTSaNJLBVfWeb Data

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Temp\posterBoxxbDkc_SGLImKc\QdX9ITDLyCRBWeb Data

MD5 21363921c6943b0ba12e8c3cbd47a7fd
SHA1 03bb94c70b12783c4d1962cc7cb9f752ff8a9a54
SHA256 2f023e72c5bc9804a60441c14980fa8de30d3118e3d7ce67d8951989b1d90c4a
SHA512 3749d95295a281e18f7eca6bdecc45d0d08bc98a4da5d5b8ab21cd5022eed125b1b7a4b96c70ed486750be4eabd4da325ab9a7a1fb497dda4c4f30f9adf8da43

C:\Users\Admin\AppData\Local\Temp\grandUIAxbDkc_SGLImKc\information.txt

MD5 0c9ac215eb9caff82017f1ebfb27d99f
SHA1 9c403a9961e0449b2c9bf1512c06ca80945e587b
SHA256 45b57dc7a5116542095574346c4f738402245b4ba2ebecf30952ceeda98d6757
SHA512 1de55e2cd75e034d1bcf74869235926321b03582653a1bde258c1b4b7a31a9e591ca3adee208a2758c5cabfa3a8630afcb3aa9469478bba02fc8cd6945f9070b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 99f44fbd8b87db70be0b771b35de03af
SHA1 c7ab6a8a8090809fd2d3063893bf0a4f92328b87
SHA256 33abf5710f22dd7af6069bfd3cc4a4206db0f6728f2264a0938e1f6ae5c4e95e
SHA512 8399707e2124ff0636cf2eed14611ff8c8e40f292708a0cc0ce76c65113dba0fc1fa60551a4567574e1a8c9ec69cefbafa3ec19d7eb3edc78efeac5fa78e3bc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9d47abd98441e27b0199470a5387501b
SHA1 e1931706a238ee1f836b874b18210cc1babecae3
SHA256 5cfab7aee668956438e8e641cdb0580873b6f484c14354fb10121339cf6ff7d7
SHA512 32bba4035c590664f47c7b77f3d78a3d61a4b461299ce185f188fe950784043834e6d336da1895900c2230ccf1f2ea05dcb71eaea6c5b8075043e58acb86ac9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e30738d93d6789672ce8e1c4bfe275a8
SHA1 ce2195ec1f2e3830b9a106a9dc8d7fa5397d10fc
SHA256 7d60046d1238ff11bdf616d83c212ad6866a7cc630ee9be8580050dee7f74832
SHA512 e39c9590f558477a1b823de555bf27542a725566d8bd839a1c493459444d49d755445d8ff34f59681ede12a8e654c5a7fc34b6008c9abcfd65d09f6b1b523a65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dy9DY52.exe

MD5 700a9938d0fcff91df12cbefe7435c88
SHA1 f1f661f00b19007a5355a982677761e5cf14a2c4
SHA256 946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818
SHA512 7fa6b52d10bcfc56ac4a43eda11ae107347ba302cc5a29c446b2d4a3f93425db486ed24a496a8acd87d98d9cfb8cad6505eb0d8d5d509bc323427b6931c8fff8

memory/7940-465-0x00000000009B0000-0x0000000000AB0000-memory.dmp

memory/7940-466-0x0000000002520000-0x000000000259C000-memory.dmp

memory/7940-467-0x0000000000400000-0x0000000000892000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

memory/7940-496-0x0000000000400000-0x0000000000892000-memory.dmp

memory/7940-497-0x0000000002520000-0x000000000259C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 b3ba9decc3bb52ed5cca8158e05928a9
SHA1 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0
SHA256 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4
SHA512 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 db25452aa8c698cd6d5887a799db7848
SHA1 6a4329696763a86470031eae3815c753ca01d250
SHA256 596e0b06fbdb96378ca5579cd6dee64c02aa0ba94868fcd0c270cd83bf34d561
SHA512 20944ecbb0fed54d05bd2da30c2685f12f268e7de94e7f0e50cfe363d73fa10b2a45b30d0dfe83a131f85be29ba57411fe8589cdaa1a7424a5ba702ea6633eba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57de2b.TMP

MD5 744b06754d8e958d9543869745c18ae5
SHA1 81c9e065563e9e3ba97c3a222d1513f04cf1025f
SHA256 44b95cbf479f69e4c2b42c648fcb3ac8fb58a76896b33db02a4b07d4ea6f9b32
SHA512 b25ab7a739ee72d4b4a875adf3316d5c412b325cd89298605cb55c0acb817907993d21b6f6fe65b80a446ab290498430b8af8777d8d28e0c2885632cdb67eb04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7af512a31b4b4660b312158045d3d22d
SHA1 e0fd29184a060574a10dc3a0f92dfa10a1e7a82d
SHA256 02501141f9235e753b5d28ce007d5cc878c80c100f52a76d956ee3057e9021b2
SHA512 85f3db5f78e523b81ad862a7004f03a2c7b01b7efe1f1386bc74bc728b3f6a89984c213a9c2bef738f447cfa616f51a9bb26e4c7345244835e767c74c5ccc39a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 b9b803f8eefefec6af16d2b5d639fdef
SHA1 b50c4f97eb497891826eb2f110f3684ff97e121b
SHA256 b1a44cbcd216a309657e11c26d6b05ca51eee3e07517774d3b88562e2bd55d1d
SHA512 0837cd1dd5573c55d7c277b1e0368dba06b85142dac07d49206440d2f218dfdf9c4f5a7f78d771caeae47885e840d1b8f0cb52c72084ec5c5cf5201dfefc6e7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b766559d0c1977a059b32dc4a5a52c5b
SHA1 d62c47bfad7792f9451ac8da7706e4d9e2cea959
SHA256 3740fd46a4632e90bd296cee7e4fbb92c34a92899522eda2240b86c71de4071f
SHA512 96885447c9429c31431ad2bd143aa0cdadcd8d7c737d93ea8cfa4f482b9a4bdd83a5f469b3e3af1fee347fd7ea60f3bc84e882e6f15940a8ff4a664173751e6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0422bb039b93363606caa8bbce9450c5
SHA1 d9a8b389145b4139108708ecc8bf50102d2a00a7
SHA256 466a61a026679dc326ea1fd72ae99db5576d16d7c8041d0ba7b701b4608b8b09
SHA512 5ed3444f392e6d91aa3428472baef68f7b0d6e0afde8d8760f91c8e6b58c6c2d963964d272383c9672d7011848267392831992a5dd1dc2f13e0457a534fe8b55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 071743d66557c113f4c394cafce879e8
SHA1 2391f00382c9eb9170f0b77f433cd35120700723
SHA256 05b6d9cb0703967a0b3162d2ae04abab333936174c425ee70ccee91dd2bd8e0d
SHA512 29a20dd5a8566172e90764d94e3e8e76bfd10617b1c7c1321796493aac93d2d67c719081563465db2d1761dab01149e06698b14b3c3a80294b0a0a84114908fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 00d64520faaadd5052becba7bbc5e968
SHA1 fc10bd23d8a73c36508b7503c1c2f248e07a6db7
SHA256 b324fd799489794c1427a09f1e06df6a3538a66e5f478be0a2cec39d185a1b98
SHA512 9194749f3c40b161620cb05888c9c83a56997123014f8d98a5dfb130e1ad189947b2ff3427c626114d2c539770f5347a12eae7d12d2a399eb5520d526aebae53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 22fe405299b6bb31a3f15cb89be6437f
SHA1 b0124e8ac24f8f04e9e6a00c28426382b899ebf2
SHA256 f4001adcf6b9c7a0fa89289d158e18efc66022a00dea225b5091cc9fee0915e5
SHA512 79cdf080acc61060f1fd9a7aeddcdbfd1b246a5a9d1b9e239022e9fb23f9cd929f8d1b84f676a7029825b02f96354cf6227c87878cdf53bcbaeb4585ec444bfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8347482e5f5040efff25271ffe80458b
SHA1 f9727326f78720731c4c2d8f30e77c93fcfc91d8
SHA256 6605b6f429e8371f4a70d497812ab810d5d40de4e5aec3d87f5b53fcb2c2b276
SHA512 fcc2460152d6b8778716da8676153ec937e654b9d457159250caa4211ebc3356de577fd2f6b0eddacff39ce0c887b802a3a436fa183e5bf8c20d8663fb07aede

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d0dd032f3700ebcb3c9391e21b65c8d1
SHA1 8d148ccdcad056f224916a9f9701e33e86efb740
SHA256 488943e7970784450e26645ea5648c8abf6578712e7b1a9f6ef381bb991f5976
SHA512 57ec3671fd6477a83e87a75dc2c8ca4c89dca4cc79106bdd9202a3a2d993626a16ceaa51f32d14a36f659deb33543df1be800002a3340ed30716a68aa02d5191

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 876f82a2ef7fde09c8633bdc84407167
SHA1 e654f98f12c3a567a64033b36437e7bbb4eb6fcd
SHA256 9bc6d5e27d3597c48942f568ca606b8364b2b847a0ff7403ce5bc1d51d0370a2
SHA512 32c0f01939e26632293e41c64839212434e8e5afed2ec194540faf812afc95283db7279083750d2cbf45c5babdcddf92d9534ca82ff1297a011bc559d02ec2fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 786b2114b944533a5acd430359076bdb
SHA1 6c70d82dad41343c2ddd25d7c9e0584f9cc1af33
SHA256 15eae46244a542de8940538caf93f0c8c24a1b4e5c299aaa1834699eb7a95ea6
SHA512 db99b083f7e288b351d0ae8e4f69b4bf51c56ae99f8bc9f4e7ad80768aac7cd6bc40d84a2f762d78751e244562c2a24e59a785e7ffefdf3e282a18bfe7da3b38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5856c6.TMP

MD5 9365873c89b1c91f450afabda2be0815
SHA1 bf3607f2d0b238112d63d2ad24b9f4a778cea8d4
SHA256 c161a236176b22b53bfd3075fa0d9889f5f3211bfd0ac9e72bcc91af2b3c874c
SHA512 320915959f7bd0d17a4a41c98967534335056078f547fef032909ae207d6b5c03ea4421b4715cc406c4628d49612427c9a3e03a3eb9a721ee44293f69632972e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f9e35c8021a1087b6be17fbae5d18b6a
SHA1 6799168a15f2654442184a70c669fd59bf39a7a2
SHA256 1a89f6b336fb949c4e7256668bd1273718a9030c2bb0993c5cfd09a4f4eeae43
SHA512 7ee6de8716b7c28aacb5142476464377010af963cb61bff7356dfe23a9d83f28076f689d9542b8ef3efb45af2db66b67d538a087517a4503cb08279b445f13f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 87bbaa530c83eb9e1c79733f632e96ef
SHA1 7f4861da9ac306d671a877839d94f64e91623be2
SHA256 2564e2608adac420b19a2f652b8d0b799221b225bd9c8d27895d0842d4137606
SHA512 f6d56f5af53c652bd9fb4f888db8fbaa287659c7fc0920d69f2ee899a24121ae959cac8460125ce6023e1ba83756f362aeb961432a055f7b7182c58acbd18dc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\acc9f030-dd8f-4d5e-bb95-44139a474ce3\index-dir\the-real-index~RFe589da2.TMP

MD5 df50067db5df45dbe204f1c00ebfcfef
SHA1 bb1f2d48ee02712e0435f53984e95f793103e4b5
SHA256 54eed10557745cf4f8db3b9f28db7a76c0b8685b4989c2e0002311013fc2fcd5
SHA512 f81c84928d73c01c961848f72ade337645981346c30e6afe435c2775be10448acc1556fa02e392e4c8e4e85757448e11edc0089efdd8ab36e1cdff593bdfb779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\acc9f030-dd8f-4d5e-bb95-44139a474ce3\index-dir\the-real-index

MD5 4885ad00f252a5a0883ed2ce51fbcd49
SHA1 44b3bb7eaae599f1128ab6da595717af865e3019
SHA256 4b4227e0838cd44701a6bbdc8d9a11136716f538fdcae2269428670c52b4bcd8
SHA512 789690419686774ec8b4b6f48590303d924f4fb87e85449ddb71071933a14b5cb47181304c5b75d29abee5b1171075402875c3495dbd2130b33b04df77bce168

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 f24b343acee0754d0a6aeff1fbbc97ac
SHA1 31772f1aa91f901f028e5c9d00a2cb3b0411e729
SHA256 f1ea9dc54ee41f6bfa5310a1fe0acc963d7f68a3471c1343b7553033b3ba1231
SHA512 428ef1e310c01dca27427a92153435b3b294ee9bd0ee9102b9cbde75d4f80ceb9cb6538bf7030e3fc9c3fb0b0cc0fd32ac12aa46ed42d4d61a50b39b1908f085

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f2015e0e0bf3cb09f678f86baba30866
SHA1 cba2c4dc9fa8582d02391b3105ed0ba4a0d3705d
SHA256 82cb2a15fa07e88ee71a4a21e80151578e4cf87ae5438ece23632d78ca88280b
SHA512 477c33f6ed230d78a406c2a06913d4e5903a4c64da946cbdc95dc7dd8970398f1759dd3d8be238887ddc8a7bb20d1c07df4ae88363e29c473ec5611274b77911

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 4bb03ce853eb187059090c55ebd51962
SHA1 f36bae518e56d7d6848cc18db5ffdbbdf6563db9
SHA256 925fbb5c76aae2386de8858f9714a1ada5fcf1b17e3920b91710ec34dc2833ef
SHA512 8dd4157fe77fe3d49aa81c8078903943c2a4b465b097e3bf49c109a37a2babbd9fbf9bff224db7f698dd96288596ed3d6f5ed11a6afaf9ae4ee0993b42dab9ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 afb33b1e91238f353483dcc65332f551
SHA1 9740c4fb36f1af12e71e40913648e92bb03ca692
SHA256 90f007bd596207bce93f1741c35867f8360cd81621ff1553d0fed29ed31243d2
SHA512 d1c51e9ca77b45b486c901c432b5cfd999dd08c380f51edc8636416254af7b98a736d862b554f2bfdd65ff20c047a72b462e27a6f44fd0a9a05852e8892b02b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fcb6211f0cebc346d523e83cbc718c55
SHA1 42bd03fe623749f1c58b208314a3401ec2f11e2f
SHA256 2518bdb043f2a5641743c1fc910fb465e13a7bfe39bba10b2736f6c38c8299c0
SHA512 6a9323b21e59f946cd0291ffcc90d92b80fffacb0643588fe73335efdff48b6187614206d9eaa1c2ca51c09d5330ea864bf55f96a3c2d0b8f2d12f23de761c83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2ee6f5cce669e8eb616a0e4e928795bd
SHA1 b88e945d16ee45b4a09512bd3e2aefee92ae192d
SHA256 3c4917d4b7b800b384990797d8a9d08f27961103168eec4303a8503b88203ca4
SHA512 6c4fd524feb6379299d8140f7edf544856f9b8dbdda3a65296cf48aa13938c503e440796ed9063ef7227b815b4c3596de51f45fcf8814ef96f73aa1042cefba9