Malware Analysis Report

2025-01-02 04:05

Sample ID 231214-ey23esbdcp
Target eabedeeff3d8999a369b47ffc9bc9dc0baac49634ea2bc1cebfd9f58e97dd709
SHA256 eabedeeff3d8999a369b47ffc9bc9dc0baac49634ea2bc1cebfd9f58e97dd709
Tags
lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

eabedeeff3d8999a369b47ffc9bc9dc0baac49634ea2bc1cebfd9f58e97dd709

Threat Level: Known bad

The file eabedeeff3d8999a369b47ffc9bc9dc0baac49634ea2bc1cebfd9f58e97dd709 was found to be: Known bad.

Malicious Activity Summary

lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer

Detect Lumma Stealer payload V4

Lumma Stealer

RisePro

PrivateLoader

Reads user/profile data of web browsers

Drops startup file

Reads user/profile data of local email clients

Executes dropped EXE

Looks up external IP address via web service

Adds Run key to start application

Checks installed software on the system

Accesses Microsoft Outlook profiles

AutoIT Executable

Detected potential entity reuse from brand paypal.

Drops file in System32 directory

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

outlook_win_path

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Creates scheduled task(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

outlook_office_path

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-14 04:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-14 04:21

Reported

2023-12-14 04:24

Platform

win10v2004-20231127-en

Max time kernel

155s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\eabedeeff3d8999a369b47ffc9bc9dc0baac49634ea2bc1cebfd9f58e97dd709.exe"

Signatures

Detect Lumma Stealer payload V4

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

PrivateLoader

loader privateloader

RisePro

stealer risepro

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\eabedeeff3d8999a369b47ffc9bc9dc0baac49634ea2bc1cebfd9f58e97dd709.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Zy4Bg47.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe N/A

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe N/A
File opened for modification C:\Windows\SysWOW64\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4928 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\eabedeeff3d8999a369b47ffc9bc9dc0baac49634ea2bc1cebfd9f58e97dd709.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Zy4Bg47.exe
PID 4928 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\eabedeeff3d8999a369b47ffc9bc9dc0baac49634ea2bc1cebfd9f58e97dd709.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Zy4Bg47.exe
PID 4928 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\eabedeeff3d8999a369b47ffc9bc9dc0baac49634ea2bc1cebfd9f58e97dd709.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Zy4Bg47.exe
PID 1896 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Zy4Bg47.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe
PID 1896 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Zy4Bg47.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe
PID 1896 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Zy4Bg47.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe
PID 2544 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4724 wrote to memory of 1404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4724 wrote to memory of 1404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\eabedeeff3d8999a369b47ffc9bc9dc0baac49634ea2bc1cebfd9f58e97dd709.exe

"C:\Users\Admin\AppData\Local\Temp\eabedeeff3d8999a369b47ffc9bc9dc0baac49634ea2bc1cebfd9f58e97dd709.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Zy4Bg47.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Zy4Bg47.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fff7b1446f8,0x7fff7b144708,0x7fff7b144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff7b1446f8,0x7fff7b144708,0x7fff7b144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff7b1446f8,0x7fff7b144708,0x7fff7b144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff7b1446f8,0x7fff7b144708,0x7fff7b144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7fff7b1446f8,0x7fff7b144708,0x7fff7b144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x160,0x170,0x7fff7b1446f8,0x7fff7b144708,0x7fff7b144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff7b1446f8,0x7fff7b144708,0x7fff7b144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff7b1446f8,0x7fff7b144708,0x7fff7b144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,7370894860974222014,377404851647125721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,7370894860974222014,377404851647125721,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,6637033684308337872,5567301821556363976,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff7b1446f8,0x7fff7b144708,0x7fff7b144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,8982310293596065400,393778920956077674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,12411620145924580637,14546879201394700641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12411620145924580637,14546879201394700641,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,6637033684308337872,5567301821556363976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,9359555591881622417,4969577805348632896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4090520222345634477,8524356922435053453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff7b1446f8,0x7fff7b144708,0x7fff7b144718

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 7004 -ip 7004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 1668

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7gP7lV74.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7gP7lV74.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 8020 -ip 8020

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 1076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,415228820472486698,16027031615329580738,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1872 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 3.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
BE 64.233.166.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 84.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 104.244.42.129:443 twitter.com tcp
US 92.123.241.50:443 store.steampowered.com tcp
GB 104.103.202.103:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.youtube.com udp
US 44.209.107.83:443 www.epicgames.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
BE 64.233.166.84:443 accounts.google.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 50.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 103.202.103.104.in-addr.arpa udp
US 8.8.8.8:53 83.107.209.44.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 22.10.230.54.in-addr.arpa udp
US 193.233.132.51:50500 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 51.132.233.193.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 api.x.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 172.64.150.242:443 api.x.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 pbs.twimg.com udp
US 3.232.181.43:443 tracking.epicgames.com tcp
GB 13.224.81.102:443 static-assets-prod.unrealengine.com tcp
GB 13.224.81.102:443 static-assets-prod.unrealengine.com tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 172.217.169.78:443 www.youtube.com udp
US 68.232.34.217:443 video.twimg.com tcp
US 104.244.42.133:443 t.co tcp
US 8.8.8.8:53 i.ytimg.com udp
US 93.184.220.70:443 pbs.twimg.com tcp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 242.150.64.172.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 102.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 43.181.232.3.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 220.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 221.160.77.104.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 facebook.com udp
IE 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 soupinterestoe.fun udp
US 104.21.24.252:80 soupinterestoe.fun tcp
US 8.8.8.8:53 252.24.21.104.in-addr.arpa udp
US 8.8.8.8:53 dayfarrichjwclik.fun udp
US 8.8.8.8:53 fbcdn.net udp
US 172.67.174.181:80 dayfarrichjwclik.fun tcp
IE 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 fbsbx.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 neighborhoodfeelsa.fun udp
US 8.8.8.8:53 www.recaptcha.net udp
GB 172.217.16.227:443 www.recaptcha.net tcp
US 172.67.143.130:80 neighborhoodfeelsa.fun tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 diagramfiremonkeyowwa.fun udp
US 172.67.183.217:80 diagramfiremonkeyowwa.fun tcp
US 8.8.8.8:53 ratefacilityframw.fun udp
US 172.67.161.55:80 ratefacilityframw.fun tcp
US 8.8.8.8:53 181.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 130.143.67.172.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 217.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 55.161.67.172.in-addr.arpa udp
US 8.8.8.8:53 reviveincapablewew.pw udp
US 8.8.8.8:53 cakecoldsplurgrewe.pw udp
US 8.8.8.8:53 opposesicknessopw.pw udp
GB 172.217.16.227:443 www.recaptcha.net udp
US 8.8.8.8:53 politefrightenpowoa.pw udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.204.78:443 play.google.com tcp
FR 216.58.204.78:443 play.google.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
GB 142.250.200.4:443 www.google.com udp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
GB 104.103.202.103:443 login.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.103.202.103:443 api.steampowered.com tcp
GB 13.224.81.102:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 104.244.42.2:443 api.twitter.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-q4flrnes.googlevideo.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 173.194.191.169:443 rr4---sn-q4flrnes.googlevideo.com tcp
US 173.194.191.169:443 rr4---sn-q4flrnes.googlevideo.com tcp
US 8.8.8.8:53 169.191.194.173.in-addr.arpa udp
US 173.194.191.169:443 rr4---sn-q4flrnes.googlevideo.com tcp
US 173.194.191.169:443 rr4---sn-q4flrnes.googlevideo.com tcp
US 173.194.191.169:443 rr4---sn-q4flrnes.googlevideo.com tcp
US 173.194.191.169:443 rr4---sn-q4flrnes.googlevideo.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.178.14:443 youtube.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.204.78:443 play.google.com udp
FR 216.58.204.78:443 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Zy4Bg47.exe

MD5 cdcbfd0a5ad6e3bee4450f78c2f1bed1
SHA1 1616ee16c6c20a6e9d0360f5d14ecfb8a6635966
SHA256 3945b11afcdb3511e85b5d358acd9699df6820d1280722b4954723f9b36d1f1d
SHA512 1a1f5db1868ba827f4ea2a4ca2eea4c230a8b87a33bfb05bb87233715d68924c8d7d506b5649e506f2f1af7160ebbf8e1bc1affa6d3d828a079c434c0499e6c9

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oQ73IV2.exe

MD5 ca3709b28189b7db915f5d94a6e0b7fc
SHA1 f0bdacada3c16209912fb64de265da5393c9eac2
SHA256 197a0316ff47319b98f238643e4854024087aa0417c5810a0107c583ed1d8b75
SHA512 4c997cf4f50d93fc8a47af7d48bf511baac24ff1039c395f38c60fc921aeda0cdcb66753ab13c48c8e618cc1368038d655d533e1132657f5a52a5afdda38fd45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d94c59e136e2bc795637c1c05e315e35
SHA1 0ec32d5c51c34e9215b5390e7aa4add173310f01
SHA256 ad71bfe2069efebb4ca211ae6ec21473fc1b43dd3269b8523c5b67da6edcb41f
SHA512 57a5c50bd9e87b20200ecbd18ed2bd7712a46fcb9f5ce3d3aecdb768bcfa52d5025f9fd40523015414aeac3e8c94c9ab1caa6ae006dc4e9e7ab58c92607ffd6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 890585f0e978711e84e103f4e737e1b8
SHA1 12b9a7b4a1a016c8a0d4458f389135ed23574e27
SHA256 c83ee823a77974192ee702a6b550e28046fe4f60798e471e7b5b75c1f623c092
SHA512 246b774837bfb5c3f158024986fb040419974c7a8c1e6f6875e713760385084b32cfa294a5195598e7968632d1e2e4f553545f6d084cb4e5204a868aabdc0297

\??\pipe\LOCAL\crashpad_4200_MPKAAVHEELVVLTDL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d7973c8b9305cc237d061527a86e5ac2
SHA1 e74a0a532846a9998b2d4f767dba8f122f2f87b3
SHA256 8fe750a3c659f3e1c137af107d683633d1f43b0d54d6035566a1dfed7d5f38e6
SHA512 efb172e4f53b763fe228c7fee7d506192057370905b808bc8092f51c7d8745115232661099dbf8b91349f5a09134669bfd06d296dd311a4d10b43544e77694b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 410083cd3860e3374971b428648279fa
SHA1 c4cb4b35d352b1b0ed20151ae882f4766b4d111c
SHA256 9fcbbd7db8e16f2ec8a0b226a5a038c284b5679e04e7512c68862eb183f9100d
SHA512 1a6efa40c5936e6f114a0df89ef6c09428099971068aae7f0fee2e5c8392ef75aba7ebd3572a901bd5e335625387875156bc6395a374202dfd98031df0d06e1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a83082868ebbea8b29698d11dd6eb009
SHA1 7bd34f3d6a7431bbd7cb97c85b04df6940be3066
SHA256 90bed0dcbea82b091d9aff3e7f5a34d6825b6648c41c27650591454b82b34750
SHA512 fc5e693c7b50a25d127637c430962db97bf887b6676797e2810c4fa97b8b6cdd7915a3d12b5ed4d8144894c97e3cd4e07aef19bf814b83a0c6d98f94c618b1d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 83740b7065161c7f6c1b728d2c485389
SHA1 727d3f3e10e883bed69b79c7a90e86f2ca3f9514
SHA256 12e04a8f84917030e070be423cf0902b00ec1f4fd1feae9da555cebe2fda1f55
SHA512 bf78825823531d6ec1efa45e634a470761d213d9b98497051cadaa90fd89cf72026e6f3e8b92ca8d88d9ff31a0b6cac05dba4401d2fdf9713c46bff003ff619d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2315e21a58610f7f183f1d4246cca4d3
SHA1 5ef5db9617e97ed4fa787a37afa0ec9ab15ff922
SHA256 029e5796376fb12daeb37b2160654b6d6d04fcfa1261fc4ef5a6bc4cff4f8697
SHA512 d60ca2dc039bcc8aab85aea1cbbe14c627cfc78278fba7febb438cdd52fda222daab2dd3c9207def6ac63ddd6c882b2895298db414a5212bb7024aae1978e2b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e39416dad6a221c963897006738945e3
SHA1 ebc217951dc2952fe72633b20fc710b69581b710
SHA256 943764473e540bc48c7778d20904dceda3f8acb2eb4443d94e0e268790fd83a9
SHA512 c8faa492c66f3e3815c3405f27b04102232547205020d5fd374ea35d1dff4654bd917a6b84d63e0ac00a366cf47d4cb0d7a10b86f550ffb2ceb1fe1e61773c0a

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2fp5878.exe

MD5 ef5c1ec128ac1822358d9281dcf3b710
SHA1 e0c8a7594d258b02e691f0bf85a289490ee4c110
SHA256 183181709acea935fa0e22bcae4c80d05d090283ada960a0a386aa930c588ed9
SHA512 82b5bb583c02c55aa425a939307bc17bd89644d2f6271a3cd7fe640423bee61f1e1ece424e12633b8e82ea78012da838aefbee5321b0d4013f2ff2707ebcc05e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7896bfd59cf0d12f28f449033fc73a8a
SHA1 a1013fea1ed13d7ff34309129628d2b210cabe2d
SHA256 e7acd822596640a7c91dca1734f71095ebb56e2e848f7f36992d5ec2440ef3ad
SHA512 c74477ea99006945ed1e429f35cae7470d15cd0fc45206477c290de7782d53bebbd7153e2624648c910c4cfcfc77b6c42a6e2d4fee334222c2ca87ba522c8400

C:\Users\Admin\AppData\Local\Temp\posterBoxhKXSR4UMStJe6\ZunTSaNJLBVfWeb Data

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Temp\posterBoxhKXSR4UMStJe6\QdX9ITDLyCRBWeb Data

MD5 250f6cee6a8be4a85cd0d78b8f9ac854
SHA1 48a5be711abe88c0efb7204f6c792e67a99d390a
SHA256 21e090219937792f360789c94785cf969cf22fb9e2ae145dec419dc4beab1321
SHA512 4685c2cbc34566879e5c494f1433996ce9541e048a87036876d0ec426a02a13af6ed606575306522def4dd19a3fcc34b95335f492b21960b28e8f12be82a35b7

C:\Users\Admin\AppData\Local\Temp\grandUIAhKXSR4UMStJe6\information.txt

MD5 f03031dd27be90ed3866a80a210f5b8f
SHA1 aa47765f5364e07c110bf165caf494909b7a5c79
SHA256 f46a4248ed1b6fafc9f4f696ad1f98966f74433ee0101f7f3b7fc708eaa042c9
SHA512 df76175eff208c13394e546f452b8125396e11059f7cb269bffd10c3bcdf3494eea40186c238a00215c2f74b0b1713e54fcb40dcd5fc62f3c81c16f7c39242fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 475a35812b3b692e09de9c77555fa641
SHA1 3f7b04956784a1e246d6654f4ecad7f84e3a53c6
SHA256 8226ec290619576aec8fbc61ccab3db6c9bc011d1a820337f59981a267900fe8
SHA512 dc3724b4414411384cf5b33e135ca925721e4af149d55d2ef004171b77ebeb083f5abae8d2c993d6b6784ad4ed2321038c5ad74d09fe956675393daac57a31a0

memory/8020-498-0x00000000008D0000-0x00000000009D0000-memory.dmp

memory/8020-499-0x0000000002500000-0x000000000257C000-memory.dmp

memory/8020-509-0x0000000000400000-0x0000000000892000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8600d0b7d18fbd26a1a4387d6b2de4fb
SHA1 70a0cab8ba64fc96ba60f01ba64144645bab5a43
SHA256 2a7c48b68d1c0ee3709532325b03714720a35e3c57a86bcc99fb8a2fbcb12aa2
SHA512 dcbeb8e380ca6109377be9e6d06577044cb568e26f20ab197122a2e7baf38389273bd93410964f2de62c06c38db717f97a8f91fb9a42ef62fed6c3b8641320b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 a553ed37741112dae933596a86226276
SHA1 74ab5b15036f657a40a159863fa901421e36d4fa
SHA256 ec16b2f20ead3d276f672ae72533fcc24833c7bcfd08e82abf8c582e1bed5e87
SHA512 25d263aeeda0384b709e1c4ec3f6dba5cfcb8577e026d66846c2045b543f6446439b946163b1ea8f7e53cc6ebf38c93172452bd43e2560b42b56c4d13625e107

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 909324d9c20060e3e73a7b5ff1f19dd8
SHA1 feea7790740db1e87419c8f5920859ea0234b76b
SHA256 dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278
SHA512 b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 d55250dc737ef207ba326220fff903d1
SHA1 cbdc4af13a2ca8219d5c0b13d2c091a4234347c6
SHA256 d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd
SHA512 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39

memory/8020-571-0x0000000000400000-0x0000000000892000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 b3ba9decc3bb52ed5cca8158e05928a9
SHA1 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0
SHA256 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4
SHA512 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fd41f6906f67a24e7e3f23830d03dd47
SHA1 93372d241f1e710a6347bc778c8d68c8a9ad69a5
SHA256 5776aa5a8b0b44b69f6d46bf4c77da1b94729fc17faca61386607b7774287630
SHA512 bdcbe6d16b325cd52a938dba4ead7da0ceb1b0ae5b40ca8f02bfffe5e90add050aef8fa4966de514a2b9c9951faa97c0cd7b080b1342f6ef030ab7fb6bc6790f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8985b3c9581c35503f9a1e172e26cc38
SHA1 754050d2d2005721b3e0f8f683bea4d175b9a765
SHA256 f6e247c5d61ace48002d87121d77d91787b987f221e311b2a1bb6ade3b91a7aa
SHA512 5fd614b76902468514439f1caa708f032ebd162bdb93f58c30a883f9e243e67adafb120860931d3d46cc052d2aa5519eb2f7ab7b9a0b9a754bc1856ebda39a28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5809bf.TMP

MD5 b17ae9ff2aa647796d57c1316df2880f
SHA1 f420d26a7417900863c4b4a1682875a66e733aef
SHA256 5b29b140ec8f865cec6df855de316f97c7bc625182645ee8e4827866511abb9d
SHA512 8c9ae4c5a86d62093cd3e2e52676eb7f9228b70d94e6358cc2d88031a22cb61214fad97ed478f05bb854910281dd071d910f9377a754f2dfebb048dc6b81e508

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 b1f23a56753136794ae51260996dbfa1
SHA1 a7ee796e1727db35d226e574b6212a2d1533e961
SHA256 70a28dd73968909964283c8b5ebdad985b6a8ffc631582e6227bd9b82c03a856
SHA512 9b39f3fb2b15bd808933c8791fda6bf5da4e888b6da1de83375262f66265ff05fcd30e7f9f818cfdd48ea19883b2f93ae6ab816181e5a02cae62b8752c9fadb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6385f5e405ae4f1b22feef640e5d64f7
SHA1 9efdf230b695b2bc45ce3a6c6f75b2612c54deab
SHA256 7f9121daa1d361e8fa93d9ac505902848641bf74dd2b23c40a7736f808b4bc3e
SHA512 2331e36f25a6089c1a3ac185bd1bad904e740ca13feb472b3ce81746083c9701d08c7c0815ee9360fbc4a19123f274f7678dcbca8aa0009889951329f6d3974e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 86eb8a6e29ee60a5d1e84003d74e044f
SHA1 dc76821942ad086a24d53176cb5bf1835d49b028
SHA256 ddd4f16afc717a03a2c5a7c574635e0927e7db157852f164d0085d0c5254a59e
SHA512 13b8587456209f6283bd558b10e4cf3eeabe97c6eba632110cf9a2dfacc80844b217df95a00809cf1d1ec61087f1d9fb55bfe9d2dad0b04b5454c4c5bd553db1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3d7e2f103ed944b738f4de73e3be13b8
SHA1 3b8896efc0ca5eba96e166f10e0cef4c130845f9
SHA256 22441da9d02d076d3aad51614209830e2fd4139967e2e8351c75b3c758c28c65
SHA512 a3c61de744b65a2fd635af71634b09c35fcf30f3ac44132570608c407e88b120290b4cde4172834cfaf51c3dc6600cf3ab53469bb95741e7783f739640820771

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 72bdb319be8348e64daaa594408cf07b
SHA1 16f7631a1c5810e082ade7e59bcee5bc6b5ce6b6
SHA256 d097cd7bda2b3160432ddc7e1bcaefe39e7e283191c626d5f99b7632303287c5
SHA512 fc75d0713e54d7bfd9ae152a6631fa2144522cda2af61e9581e06ae8073ef9824cdf095f056f7232281bfd36083479b7787c393191b9f59a4712303f9e89c3b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 968f53ed07c5fb96d05dff0bec0c83e3
SHA1 7a9003a469c1cae6bd87c26fa03dad180476eb6a
SHA256 793ccb3aecbe2df5d3b7cb2b745d3320078ed006350fd3df8a0b49bd48caa6ae
SHA512 033a49c6dbd5fbb9de2569e5e70e1141503dc296ce989811d4f8825cf249a529e518655adc536eaff19263c3f16f4ac1a83e7a290d361d29e03d5458037941ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 768cd2a72481e4f6f6b97aa94f5588d2
SHA1 f8a5d6999fa7d456a1c67fc31e0f674ffe24220c
SHA256 83f8b337512a9067df581bc3fdef0b7142d867fb77408198f7dc17188ff90b12
SHA512 f39f8ed1ac30a3af3d451584b5f6439901aeff86bad0fc318e91245401b3c72cae5aab9c2f1c2cc340463745dbaf4f9a93a48132aadc0a76debcb9367a7f7a4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9547c8eb98cf3c7ad7e248bb33296dd6
SHA1 0fd4bce67c3cd4c1b1052500aa21135bd0c7d839
SHA256 eb22a408065b61ab6d169f77cc5297a97f1a49e3322c80886fef289cdcda71d9
SHA512 4dcb68f8086f6985834bfd4c17dc0e98d64dc19cdabdb043cf01ac00a5e28ef7796b6e6fb83c34964b710f70ccdd9dec6c4401c0a97527b995c8e3b0097793ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b01fa74dff1c9622bf48c3ae1b421c26
SHA1 219435ecd4a97deb5321ba1aef654913d853b8b3
SHA256 92a72ed92b76a7537e67c8b433eb18825d1d189e18b709b30c9c3474a7b11c52
SHA512 f869f2b2b6478c8d0be8d80e411d3fb3552fefce349bf3d5b7c3bc12705867f951720137c82dfde6e787ce919548a87ed943d04de86f2fe36846cb6d7630f3c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5885c5.TMP

MD5 e7b860e6cfbfb18b59ca4e519dd95520
SHA1 843d19a845f19b076b01ab58228da79bce653158
SHA256 4a0da759178a49581afa34af35f08b874ffbc7d3a77353a60396e00bca79bf46
SHA512 8e418e5ea1bf85350fd381f537ba00fa0489d7e66c6636a8810e3fb29ed893fead2911e46f3e20c7bb3271db2ed20ae960345afb4a9aca38303bdf1b74029fd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3cb6de534f1ac8ee51e5fb1a02c34c99
SHA1 c26af2daac0f2fc75200181de8b43b77536fc9b1
SHA256 8a8cd49e09967b8f518ff47eeaa52c015a161faf6e82b7469e4f9eae8122416f
SHA512 4f7f3f161fbc363df6f08007fc221dc0252fe2243016f3d799544d03ffb89c2311b8213743249a78a754b9b8a6b78b74ccb3c6e8f8c40880d563d8c9c9a2d436

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d43c867d288c694cfad880c7d1ab5f4e
SHA1 17c480cc046058b6642c8689720b4cc6357720e7
SHA256 45745f062c4917139eb8342c8e9854279f3051a10e2f1e0f4e8e542f8161adca
SHA512 8575d8c53952c184f614e448d44fa26c4a5341a8881d6e54200d5c46ce2aa961611a2a65cfd4c6369b103f13ab5b9dd25c4eeb84b70afc948bd45b322ac21664

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ad9a70fbaba6c05c71733b4410023063
SHA1 3cc6ea21a490da274e7a8832e8d2533c1d68c59c
SHA256 c589c42205f7179961e4dc2d51ac91d5cdfac8a82dbcd872113329c07eeca35a
SHA512 311b7b9d58cdfef45c268aa508418922a51abe7288658c35c4ab2e7616ac76b8ae25fc1e40e33fcba4b02a6e7dba135a747588e4922f5a804a318ffa7d135521

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3c3be69a57ff8553b5daae63daf2c8c9
SHA1 2f68086882dce6686b308ec9e59ffb1a2ddb99cf
SHA256 124d964be0b7c41d8c31b2f35bb9384c6fb2d0b48013f29007cc680850354b70
SHA512 4c3392c818b1e6734121ccac90c9189b9b55a38a1c97d8da457bd203f76d4379cdec52f129265868db8edaa44e11f73d7c929ba24ae7c875ea9ed42ae1238c8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\1d79ac3c-151b-440b-9e4d-a151eda9b498\index-dir\the-real-index~RFe58df8d.TMP

MD5 cfcaae75099ba76c84f49290001096c1
SHA1 112616e9ea7b9a5f15e5ea0bfa56865b82cbc0d8
SHA256 c9b0b3d4de530d80cfe52b5e050f728f0fd722ea221c74fa96da4c32a43ffd66
SHA512 6f26951d2749547f37351a424bc5a720d2dc819aa1458c35c4bf6cf6c5348ce2dca7d076c10222660ff3f21f126185facf610200b1c6de07ade5e527aa015dcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\1d79ac3c-151b-440b-9e4d-a151eda9b498\index-dir\the-real-index

MD5 972a49f9cca72689ca3e04e36bba046e
SHA1 94ad2f81dae27a764fc9f1a131240b3d7b06d720
SHA256 7f63962d0e5f2c42109505c782ee4f3edf2fc0af2db94d036308f7002db37a70
SHA512 3da62ea589697ca5e2b412b5a2a24bcb9c9bafa3720207060311682d5b6b79eac3f1de5af1dbb1f19beda86c4269300d3e703635a384d43690cdc698316b3ae6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 04e229ce03781f3b8f6fe6f07f409b0b
SHA1 44a7763cdfa18a4fcf6724b32636f5900b428edb
SHA256 e8dd7132e735d69aa37d9b730cc8f0011c6a60156b1c7c6d1f978a1b61ddd678
SHA512 8e356987bf52daf9db5c486c162defa7bc3c5cc99ffda7acda4b9fc718de3efa6eb893ac14836c0d039bf96ebb31033342e578db45fa2f8c89c6fc641130124f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cb48926dca331a140484d86614438a81
SHA1 ad2741e0cd42f3fb7ad7a0247f47cfef1170ce87
SHA256 e35bdd4a996fb42aee9d81689bd1a58f1d33dea9d37b55847e6e2ef56e2addee
SHA512 b0c135899a849c19aa6b14dfa564a6dec449267730bed6f2c42140b3f17def64e8b209fcacbbfb007f55a120c4fa2df6e2698444ea31240fa0967da1368b810a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4f51e418124bdf4509ef75a4f296ca09
SHA1 51a694f329774399010b13b46fdc779bbb28dd38
SHA256 66a855ac6120c35de39f9e2e5e9eb2caf54224298f24e38e41912296f4e55c73
SHA512 b608a1b779b2989675e4e61b99ecf04ea7001812e36be78cf992342e4033c93b2f8f6ffc7254da7589aebe124b195264332c1550b086ae5560bd9e659a4c497d