Malware Analysis Report

2025-01-02 03:56

Sample ID 231214-eptdxscgd7
Target 60e3860ff34cb0814583487bcd3448d3bdc82b818e44ec2fff26d6d70477372f
SHA256 60e3860ff34cb0814583487bcd3448d3bdc82b818e44ec2fff26d6d70477372f
Tags
lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

60e3860ff34cb0814583487bcd3448d3bdc82b818e44ec2fff26d6d70477372f

Threat Level: Known bad

The file 60e3860ff34cb0814583487bcd3448d3bdc82b818e44ec2fff26d6d70477372f was found to be: Known bad.

Malicious Activity Summary

lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer

Lumma Stealer

RisePro

PrivateLoader

Detect Lumma Stealer payload V4

Reads user/profile data of web browsers

Drops startup file

Reads user/profile data of local email clients

Executes dropped EXE

Checks installed software on the system

Adds Run key to start application

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Drops file in System32 directory

Detected potential entity reuse from brand paypal.

Enumerates physical storage devices

Program crash

Unsigned PE

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

outlook_win_path

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

outlook_office_path

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Creates scheduled task(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-14 04:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-14 04:07

Reported

2023-12-14 04:10

Platform

win10v2004-20231127-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\60e3860ff34cb0814583487bcd3448d3bdc82b818e44ec2fff26d6d70477372f.exe"

Signatures

Detect Lumma Stealer payload V4

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

PrivateLoader

loader privateloader

RisePro

stealer risepro

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fY3Gi08.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\60e3860ff34cb0814583487bcd3448d3bdc82b818e44ec2fff26d6d70477372f.exe N/A

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe N/A
File opened for modification C:\Windows\SysWOW64\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1492 wrote to memory of 4104 N/A C:\Users\Admin\AppData\Local\Temp\60e3860ff34cb0814583487bcd3448d3bdc82b818e44ec2fff26d6d70477372f.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fY3Gi08.exe
PID 1492 wrote to memory of 4104 N/A C:\Users\Admin\AppData\Local\Temp\60e3860ff34cb0814583487bcd3448d3bdc82b818e44ec2fff26d6d70477372f.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fY3Gi08.exe
PID 1492 wrote to memory of 4104 N/A C:\Users\Admin\AppData\Local\Temp\60e3860ff34cb0814583487bcd3448d3bdc82b818e44ec2fff26d6d70477372f.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fY3Gi08.exe
PID 4104 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fY3Gi08.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe
PID 4104 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fY3Gi08.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe
PID 4104 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fY3Gi08.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe
PID 2140 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2104 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2104 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3816 wrote to memory of 1456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3816 wrote to memory of 1456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4568 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\60e3860ff34cb0814583487bcd3448d3bdc82b818e44ec2fff26d6d70477372f.exe

"C:\Users\Admin\AppData\Local\Temp\60e3860ff34cb0814583487bcd3448d3bdc82b818e44ec2fff26d6d70477372f.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fY3Gi08.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fY3Gi08.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8376e46f8,0x7ff8376e4708,0x7ff8376e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff8376e46f8,0x7ff8376e4708,0x7ff8376e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8376e46f8,0x7ff8376e4708,0x7ff8376e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8376e46f8,0x7ff8376e4708,0x7ff8376e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0xa8,0x16c,0x7ff8376e46f8,0x7ff8376e4708,0x7ff8376e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ff8376e46f8,0x7ff8376e4708,0x7ff8376e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8376e46f8,0x7ff8376e4708,0x7ff8376e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,12455356932532870844,10993248919999755564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,12455356932532870844,10993248919999755564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,2008136519522947143,18408897775492291299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2286493815797829672,16734126400916361012,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,16325151665332552723,5221969136070465195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8376e46f8,0x7ff8376e4708,0x7ff8376e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2286493815797829672,16734126400916361012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2008136519522947143,18408897775492291299,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,11936102491723343403,2769033023471171995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x144,0x170,0x7ff8376e46f8,0x7ff8376e4708,0x7ff8376e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8376e46f8,0x7ff8376e4708,0x7ff8376e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 7076 -ip 7076

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 1356

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7UD8za09.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7UD8za09.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4712 -ip 4712

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 1028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,3597429181263039559,16353965359849510293,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5824 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 6.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.193:443 twitter.com tcp
US 52.203.174.160:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
BE 64.233.166.84:443 accounts.google.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 84.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 160.174.203.52.in-addr.arpa udp
GB 104.103.202.103:443 steamcommunity.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 103.202.103.104.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 46.10.230.54.in-addr.arpa udp
US 92.123.241.50:443 store.steampowered.com tcp
US 193.233.132.51:50500 tcp
US 8.8.8.8:53 50.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 51.132.233.193.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 api.x.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 172.64.150.242:443 api.x.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 t.co udp
US 192.229.220.133:443 video.twimg.com tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 104.244.42.197:443 t.co tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 220.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 242.150.64.172.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 3.231.98.65:443 tracking.epicgames.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
GB 13.224.81.67:443 static-assets-prod.unrealengine.com tcp
GB 13.224.81.67:443 static-assets-prod.unrealengine.com tcp
GB 172.217.169.78:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 65.98.231.3.in-addr.arpa udp
US 8.8.8.8:53 67.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
IE 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
IE 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 soupinterestoe.fun udp
US 104.21.24.252:80 soupinterestoe.fun tcp
US 8.8.8.8:53 dayfarrichjwclik.fun udp
US 172.67.174.181:80 dayfarrichjwclik.fun tcp
US 8.8.8.8:53 neighborhoodfeelsa.fun udp
US 172.67.143.130:80 neighborhoodfeelsa.fun tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 diagramfiremonkeyowwa.fun udp
US 172.67.183.217:80 diagramfiremonkeyowwa.fun tcp
US 8.8.8.8:53 ratefacilityframw.fun udp
US 104.21.74.182:80 ratefacilityframw.fun tcp
US 8.8.8.8:53 252.24.21.104.in-addr.arpa udp
US 8.8.8.8:53 181.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 130.143.67.172.in-addr.arpa udp
US 8.8.8.8:53 217.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 reviveincapablewew.pw udp
US 8.8.8.8:53 cakecoldsplurgrewe.pw udp
US 8.8.8.8:53 opposesicknessopw.pw udp
US 8.8.8.8:53 politefrightenpowoa.pw udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.204.78:443 play.google.com tcp
FR 216.58.204.78:443 play.google.com udp
US 8.8.8.8:53 182.74.21.104.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 c.paypal.com udp
GB 172.217.16.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
GB 172.217.16.227:443 www.recaptcha.net udp
US 192.55.233.1:443 tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
GB 142.250.200.4:443 www.google.com udp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 login.steampowered.com udp
GB 104.103.202.103:443 login.steampowered.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.103.202.103:443 api.steampowered.com tcp
GB 13.224.81.67:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.244.42.130:443 api.twitter.com tcp
US 104.244.42.130:443 api.twitter.com tcp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.178.14:443 youtube.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp
BE 64.233.166.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fY3Gi08.exe

MD5 2ab583d949a824f47efb06d7b2ffcba8
SHA1 6687dfdd9ba35a8fb0511bba8eacc3157afd5d76
SHA256 577cee757cfa28be6a070096a7e5d21575f1f8ed84b4710d7f0ac284ee6186b9
SHA512 363c465c4652aadf2f96c9aecbce4435ade877c42c1cc77e2b0ce0b56858c109777fdacbcb7d0a3b9ae87e014a032d81320bafddb6b80d3f977d9adb7d376012

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Fe96AQ6.exe

MD5 498abe96cdb51b6df6eb9fbcf4157c4c
SHA1 b875168f1e8ccdd5c75d0614d5a6be176c60ef54
SHA256 39fee7f6b9cf1e79e244db964d532a688b8bbb9d5d5fe798c4c74d41efe24268
SHA512 39ac92b32111949f0f3c796cba64a7d6a54e016ca324e3efb00e30c9a2314781e54ba242c154ad0c2f489279bf500841310f33c8fb5d05feeb880f3c768a6eb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 001e6accd2295500f29c5aa029f13b83
SHA1 ab18a2236828927b4c0927fe97991f395f587b9b
SHA256 488b5425924289b246663eb3e7820375e20335c948e1116c5e06a46ab6306df9
SHA512 295630689f1e63fa6d9f32dcbf54df669d87570deb0cb12b7b2f804a02a54fc5c9a8b94da3addbe0398da019816084ffd6639a9430e868500a5361c9c2eaca95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9757335dca53b623d3211674e1e5c0e3
SHA1 d66177f71ab5ed83fefece6042269b5b7cd06e72
SHA256 02f0348e2af36f2955efda1613dc6480f1c68c8e55f19590b7b58e9355c6a940
SHA512 f13351398f5dd5b6cf638b174dc50ddc782b690c6d4736d48941923a3425b5dff4a9aa0da22773e9abc9559d40f020f268018db902e0a7772b7b1f4d21126f21

\??\pipe\LOCAL\crashpad_4056_VKWHRSQWKSTYJLWR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6b05a145ea3208e36f802d12e4dbc510
SHA1 27effe652016a720fe45f613b32fc4284ab1fb40
SHA256 11a79f99ecd777570f3623907820dee9f735f261c4437367f50cc376637c1892
SHA512 57d06060cde3fb890eba81e6835b8e93ef59c46e6aa56f876dba005ac9a3f95598e4a624ec43d320c3be20422a55685ff842637611319fca940d3ddbcb7629c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1c51da0bf294ca8df8429afed2c2240e
SHA1 ca551cfcfd5532b28762acf80bb3f6ff597e26ae
SHA256 9a7746fcee7ca2fff2fa8b48d31df2662fbff6fe4137922d8d0b11da5a8ed63c
SHA512 2a433ac87f3579d0e881ead3e22a16352fbe44d9d75c4432f5a6b205b1bcb8db951a72ddf4c419bba0ecfab0fe6e2111cbb372f018799ce0217b4411d9f99964

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 38e4a65e954f577bdad69881d3fe6f2f
SHA1 a596610180e96701826ed7fafe378ac65843feec
SHA256 c19cdddcf8be81467c981a5bf8c25ddc9e0d87595c7c51920578c6e51edd28e2
SHA512 13884dd9e61e50add514ea8a479f2460c0f1914f2ab47f931d35c99813043a7e7b61240ad46f9322480d1082f6cb0645a61d3900d92332afefdaa44a9fb3cbd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8021e5a23a72a91b5bff513e91874ed7
SHA1 c1393e5cb648863ac4a52ded3d9fc84a1937e8b8
SHA256 ab5d944ff168f091af22e3ee639b3bfa7aea59813d781370796961edfc6cacd6
SHA512 c5f4d08d3aa2a72c8880be9a7339bcac5c845dc8292828b7c691b0c83f67430442d78d69e04bea2b2db762a9e35a6f4ec8afd275d7ea21a3b36fef77a9b4830f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 062eb242d2437db2dc12e49af2a30edb
SHA1 895d2ad9171807ca807ff0cb2bdcbb5937e42ef2
SHA256 b629b7322e944aaf1a95c0c60a4919b2e6f88bf94a27a8781518b07cc8676f41
SHA512 695eab636ab8dff8238781a41d9e40377fddac999407ebe052a84e611efb1957f4d24eac95b73ec4a0296afd9e8744e2fe04e54741c6ab07b217699830498f85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b8aec920b98648538671e8da28d2595e
SHA1 b0e9ae45b0f7c12036879389575635130b92f329
SHA256 02eedc67f7eaa298a9c358df065caad881ddebf040cdcb91bbef770aa1a54921
SHA512 b99903ad3bb91622787d5de29abe28ab254c89bcf3b1fb582a9589fe4255b30f53087d0bab17a47d7233f1fdb066a3dbbe72b798d4298260fef7281febe660c1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2wW7978.exe

MD5 ef5c1ec128ac1822358d9281dcf3b710
SHA1 e0c8a7594d258b02e691f0bf85a289490ee4c110
SHA256 183181709acea935fa0e22bcae4c80d05d090283ada960a0a386aa930c588ed9
SHA512 82b5bb583c02c55aa425a939307bc17bd89644d2f6271a3cd7fe640423bee61f1e1ece424e12633b8e82ea78012da838aefbee5321b0d4013f2ff2707ebcc05e

C:\Users\Admin\AppData\Local\Temp\posterBoxrwR6EeSX4Ga0z\ZunTSaNJLBVfWeb Data

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Temp\posterBoxrwR6EeSX4Ga0z\QdX9ITDLyCRBWeb Data

MD5 ce7f99b32cf0d8473697dfcf8fdcc1d7
SHA1 001451a4f514f593a55bcf2c50a3a22a926a7231
SHA256 8a57ebc2f09a2c28da6e9bfd41e48953d06c99dddc7103df08fefe90d446d350
SHA512 20be27aec29b8666654a8ff2ec43738e2727073611fa085a26c672f36c04e42b0688b1c146b23c3d188a2f9a5483b9a057064ae7a293064caba2dbd55bf81767

C:\Users\Admin\AppData\Local\Temp\grandUIArwR6EeSX4Ga0z\information.txt

MD5 6c7ecd1abc5d7d562887c14a78426041
SHA1 65ac63600fba116e27c2f5eaae56f4761890b494
SHA256 387831d214e5660c1ff3de018d02e020e819d2000d6062302d3f091f25c4b250
SHA512 8f6009dbe60ce299c8782850d061807a337966047ca949dabfba391d24e061854652a8d7e65007258a7bd6ba95d57080c7a71ba99df1fd2644a483f6013a4320

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 da45d70ac777083adea21b0167cf1d6b
SHA1 27c3846bedadb477fd3f7dddd4fa94a05bed1dce
SHA256 844ab55fb732d5f93181a19d58296ec17c8c08bb1a154395649aff8d72082e7c
SHA512 f982979efb7577e594ee3e73a9e8a5ad2c762ba47f121d2579c21fcfdf4020c4ee9182ab80678261c87b609cb8ed65748b15c25d5a8787a6b739287bc7b3d65a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6862fb9f6cfcab2643ec67653093a052
SHA1 5998c549192a358cb116366ced134ce2dcea27cf
SHA256 dc7e405420651a0afbb87529bd74449ba0c2fae0850c8a84c98038ea69f7d7ec
SHA512 727dee5f56b7c81211a3737c81ae3191938da2c064bc600ed3bb5f85972cfc520b4fc33c26edec6f215ba475944da6205cc1a067b8e4243b69cda7cd71d69f06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 c0499655f74785ff5fb5b5abf5b2f488
SHA1 334f08bdb5d7564d1b11e543a2d431bd05b8bdd1
SHA256 6aa332a4d21802b2dbcd08e153764da60f538ceb0daaaaf7504ba8f67c08ef03
SHA512 5f0cec6dd823f2b3ac62017383dbbf71ed38893724312ec75e73fb197e0bcd5418bb70fdfe9150f5ca495d5f8547d8a08618bdacb5010514a3cb1101437d698e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7UD8za09.exe

MD5 700a9938d0fcff91df12cbefe7435c88
SHA1 f1f661f00b19007a5355a982677761e5cf14a2c4
SHA256 946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818
SHA512 7fa6b52d10bcfc56ac4a43eda11ae107347ba302cc5a29c446b2d4a3f93425db486ed24a496a8acd87d98d9cfb8cad6505eb0d8d5d509bc323427b6931c8fff8

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7UD8za09.exe

MD5 6b97ac66e2705d9016f5505c030162fd
SHA1 7aa01cf7abbb679f7dd3a1c9ef3b09a81bfa7d97
SHA256 2997a8f385eb35c36625c5715c23f4af0823c7f13f431cedfbba3397b26add7a
SHA512 f6f6a072a4439e242814f77a9c6c00032c2113e8ebda13d6fc5cc85374979603342e6998a0f45f0d9c200c53bdb6b1f12db40ba8d68b52c4acc335b9635b2fb7

memory/4712-487-0x0000000000B70000-0x0000000000C70000-memory.dmp

memory/4712-488-0x0000000002530000-0x00000000025AC000-memory.dmp

memory/4712-489-0x0000000000400000-0x0000000000892000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

memory/4712-524-0x0000000000400000-0x0000000000892000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

MD5 b3ba9decc3bb52ed5cca8158e05928a9
SHA1 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0
SHA256 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4
SHA512 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d130c8fc54a60c635c0fff60670bc4a5
SHA1 5baa96d1c76d128b8e37d5a5ea972f774f2a2f63
SHA256 49770061929d7f7d493250c9618a6a14ccc7fa155238bf9ac1f9e017de1ae883
SHA512 44b882b17512c90851dc2f1576295d60973f3089751ca7c8f865a610a9e4a08c7a7332612446e29d5dc4f2d8f01a4d9073b0654eb8f994dea73681f2b8d9f77c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dd6f.TMP

MD5 d0b805ceac96361b16b2652daa78cabd
SHA1 f85474c7f44ec98cf937b88bdf8d0b2b12d59f7c
SHA256 96a186898590f62fbae48a714edb6b95509f6f7c22e29385b412611d43a20d47
SHA512 1819c54d83d72907c2c005fa9973c2124503c24c0040deda148980af9ba9de7d68ac57318537a15de08d37301db0f40a3545d81560776295d8730ff9679d71d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e01e571e4754a48ca7271557f125aa18
SHA1 dad73516d3cd036e0d281f0c23341db5806839f0
SHA256 c38a8dcb7183fbc32ca94f83581d900e15d2a0a6239cd83d4a054164e472b8a6
SHA512 f6b93b3c01e6746286ccc9848e0aee6f4189e3d55790dd981c6bb4e86e5de85a3c8716c1c956720c8065685ea78b13511300e0a1eebfde475737db2445ee79d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 8df25a3b12d772d0438d2145ae3216f2
SHA1 02ab286bbf3bf1e98834b67743886eda584b0d25
SHA256 06d67b93a3c1d43e1ddb324b647883764b43033184e7e53089f55a16c5993735
SHA512 6aee3b19719bc3540ac887e6ef6ce74344e1cfcc9ce243f657aa9c7764a35b8658609c527c6ff865ed8fe530369896fd35a8e2fcf70cc2fd526d3e503824ba13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3629e68391bd5532cc52cd1a79c2a38e
SHA1 da4801bdfaaa099689dd07782d07e604a746fc7b
SHA256 7efa2038f460b96463dbcd80ad9965bd1791f76b86d5ca0fecbf7156a579cd6e
SHA512 de63b0c89ec95ac5bb1dc8cca83a2383b89959748840c90b5de70667a6074d949fca4033e9932d91118022009b155ee370fd97115067a7aa2a9456b298057c7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8616b1690d164524d59bf41855a4917e
SHA1 cbfb5e01ca280a3b207afbe19f31bcde2c3fc8aa
SHA256 91452d16cda79d179234c0e49e404cf08c0498545306a2003022420be1342c92
SHA512 910661ac6619be23c916aa6e68824c3e2fb11c7f6e1a5c64cefa7160e4f2f75d3ce649e222794ba34d3cc108656c01b003cf573a83d68d9925e78f333860a591

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 04e7451c8325cf88b874a4bf7b11903e
SHA1 f00b902a20a3e3ca772603399c26cdd420fb8564
SHA256 2f68b16493efdff37a5655cc80d5fcbd101f5f7441da9596dcd9a4744a5ab060
SHA512 a402cf78d0e4620fc53e58ae41e90ad4ab874c03d57e5ecf73dfaef923ad59f1d320d9e9998f2614071c8522272e5fb8cc8d8886942cd782d2845e6a875e39db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4ae3f32ea3b8b0fd1252b62014a8447d
SHA1 ef5d110743bfb8eab983178a31102a52fdaea8e7
SHA256 4022fd4f507f9f05786e63989798732961a1fb5c079a5ffd51f9b9bb90c0dc33
SHA512 99523f595f5c292d6154f529a9ff6547264bd1f284130e47c293b46e54686957a2c70228b429c37a54bd2c598b0a778f7dd6bf2de60d75e48f45029cd6293166

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 678889a7b0108a0d895879edae37bbac
SHA1 38cd60ef81a1e4e319f633418fa0ddb8258bc773
SHA256 879755a82d150e421aefb6629e94e9b335285490403167b16ca4fe005f9df60b
SHA512 a8f42f689e90e6e45da4807fd67077c47cd7feece79c74a19b98b65d4e615dee6a3358a4d384309316cc2aeae79a26c95eb7b68ef2ed02c49eb3f8122c2a6f5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ee748327-a8ed-4630-9028-25b66f2135f0.tmp

MD5 09c5c8f564c5d610af19319c3b8e80db
SHA1 333efd754743aacf5d308d99e91e543cfa6d3bce
SHA256 10dafb86d872e3849e594c7310eb18a52e7c7091bdfb4358066bbd3de5f13340
SHA512 b2c055f683b34cbf35639f36265bb7d60eabc13ec52f8343e02853e0372176e2f501ceafd99652ae730decb9ad559f43cda3e075c7b87d22bc404d8d2b555b03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 714c7aa5ee8c3583384e6d93a781a7a1
SHA1 9e39e68d3d4a9f13ee3cf23120d224e3180e0ffe
SHA256 87da6adf1be12a6fce6644006a61e65c36a68877062791104de1747dc440ad74
SHA512 7ab5c6df999ee8f730f99903b10ed043e188f4288ae0eb1cada974402a8618294eb847e692908c60ac30cf4e2ac465642c710d4b16f185359fe46ded2d195889

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 384387f54d6021df481a92fb19d2b52a
SHA1 a5e7cbbe73ac6d34e3a992aaa4816c99216c7d28
SHA256 c5174f0b6c5c0f1daf7544537daf24438f4f95ad23e2583ef8fc17390137c824
SHA512 99dfb4c80ed1c083056aa8ffa9f475bcb061e044a7bac96ccb778b7b65e996955b838b317f0163f9147eeb903c1c8669a56346024dbc5f26ee86b37b9415aace

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585dcb.TMP

MD5 ec3abbd40ad4b9cc5c2a8d7b88a9dd05
SHA1 7494a0c1b58abc0ae7da222ecae99556edfdefee
SHA256 8f5ca712694815640633ff830fa77d435adc6a0afa672f20dcf968eb3750bc5d
SHA512 9b5c79ac32d923eea5e24e0c7ab68350a689ca10c99604d365618086add040632a7a7824e13e8c6c28269b486b9f59d49ccae8d4cd2aa6cca4069a76a6fe335e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ea05661dfff1e9e00d43ce1e91d91345
SHA1 23b41010753f6ad4e48da47342f1f82ea9aab0f7
SHA256 4c7052e4f6b2c8ea452a75703c5ed3caaf79a404eba47920938b92bd3b52cee9
SHA512 4ff0a4e67563ed2b67da3813c40c49ded1aa526f98ee6b2ce3b60984d24915d64ccc2c7dccfb38e5e22cd17af61cd2b4bc707672a1423d2b5d519da06851abc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a35ce8a0-26c2-4816-b7ec-9d85300b07f5\index-dir\the-real-index~RFe589a37.TMP

MD5 61bb98d8fde6b38aae9e67d746af098e
SHA1 347aaeab109a88f00735d1283b8fbf78e6a714c7
SHA256 2e2c3e53a3be7696f928b73cedb3001d9cc71687b9158a4b7262c98458ae9759
SHA512 0999e44051e39d04760d1ccdfb7d6368cece6f1319cee403e1e4d997d96a3e14199d4b0d0d7e07e556b21726d92a1579b70605372c6bfa66d9613e2f043ab6a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a35ce8a0-26c2-4816-b7ec-9d85300b07f5\index-dir\the-real-index

MD5 cea33d94d1a8afbd9f6bd3a16e745ce0
SHA1 d4caecbf773e90c0437a39114edc30a865b12e59
SHA256 50572e3cb4d90221263c71809c7cea00654d5b9177c76738197eff391bda0414
SHA512 b3882384b83e3ba67d5d02dcb702fafffd74a8a60fb63f0ca79f3772c890c479eada9d4c495f961a68f0d781108c6d8b35d809fe8e0e620dfbb25d1a2b76abad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 24e90a159edf4f8dd19ad9c38de725b2
SHA1 4176dce6b54961b96d6beb58d59b4ef175782525
SHA256 f3a6e1c5ccff771246a0372ed62e2e31746fe2af307571896483a0abce31913b
SHA512 aa04635f1e0e8034e5bc2972634ec6c265c7f494eefb6069e16e69aece5117d50e21aa2673b9633280c3a642fa4ef77f76a15930e6afed84b2b57223ce913771

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b46d98d0813ab610ec59296dc170ef30
SHA1 65e72b23875b7c867bbcdee89f17faada4a39bfd
SHA256 dbc3968952dbb478ffb123c73ffcc1cd0cc363b8d0c64ef5762c5116d9f925ea
SHA512 644756a723114f15ea3b725e1db7d499ef6bc0589b161986c5a79131725a071ac4217d429f3d0dead2096d1e05cc6834034ec866c07f00b90b9b9d6f43bdce50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 56340fc5728bbd9e6abe384e0e78db11
SHA1 43e528c21a1f8a19e791dc23ac05cdecaf103cc8
SHA256 1c1323d0b90ff37caf3684429ad2dade77813a12c47311e93054a73a41d61197
SHA512 ba98b3ea16747353c25e5126c19cac0426684ae9b23aaf1f9b8f4d79c15a11663a8aca8d3a728fb4ff4d1f87a592795307ac14d9342de856a6af385906fe6eb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2d0db264b9b8591de0524762d86001e6
SHA1 24ba6e7cb0a591ca2d2c1a967d26fe9f1015f4ee
SHA256 05d5f27272fcdc875330a00d5f9e7586643248796c15f861af1a2bf402234949
SHA512 343e9ec527e1f28e74abc8523992460f9764c0763dabdc0d55a474534e4a22b628da70aab376a2d037bd802f2de289b00616a22d7bfdd8462339675a9164f8b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e9409de03f7c2bd7ecafbb60c3b14a56
SHA1 b89a5040e7f29b451be45167f340a0ccc7865861
SHA256 3de3c45530a27a071f891b21e742ffddc633e877184fe71c5aaa5046cc124903
SHA512 32cd1d643bf7b3a340900bbc77f8845278c187a415f916eff19186875e1bdec97b82a004f397cb4a8dd1a6c1f4ab9ebbd77ded510df59f145dabd9a9ad962951

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4bfdbe6d3569e4958c76a21e0d1d8dc7
SHA1 2acee744f657366af68b280a5ec9f94c1fb644ed
SHA256 423cd08d5d20a46b0a2865f6bc17b8e6a33ead2da27c2d48e1c3fc35540178ad
SHA512 b11e99a9513176b976aeb6ed84048600d46f11ae3c8dee2640f753f9e522699b4d55435414b7dc1072b9c77c4d678f09083173642c69a74c089c07edcd591c39