Analysis Overview
SHA256
6da00bda1f57dfa8a109b1a9e96813e46c8b52d65e21c13d63a5a6ce71c89212
Threat Level: Known bad
The file 6da00bda1f57dfa8a109b1a9e96813e46c8b52d65e21c13d63a5a6ce71c89212 was found to be: Known bad.
Malicious Activity Summary
Detect Lumma Stealer payload V4
Lumma Stealer
Executes dropped EXE
Adds Run key to start application
AutoIT Executable
Detected potential entity reuse from brand paypal.
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-14 05:53
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-14 05:53
Reported
2023-12-14 05:56
Platform
win10v2004-20231127-en
Max time kernel
149s
Max time network
154s
Command Line
Signatures
Detect Lumma Stealer payload V4
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vU2SM89.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oG82QE5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Jy1037.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7HI4oW61.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\6da00bda1f57dfa8a109b1a9e96813e46c8b52d65e21c13d63a5a6ce71c89212.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vU2SM89.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Jy1037.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7HI4oW61.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\6da00bda1f57dfa8a109b1a9e96813e46c8b52d65e21c13d63a5a6ce71c89212.exe
"C:\Users\Admin\AppData\Local\Temp\6da00bda1f57dfa8a109b1a9e96813e46c8b52d65e21c13d63a5a6ce71c89212.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vU2SM89.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vU2SM89.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oG82QE5.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oG82QE5.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffafdce46f8,0x7ffafdce4708,0x7ffafdce4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffafdce46f8,0x7ffafdce4708,0x7ffafdce4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffafdce46f8,0x7ffafdce4708,0x7ffafdce4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffafdce46f8,0x7ffafdce4708,0x7ffafdce4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffafdce46f8,0x7ffafdce4708,0x7ffafdce4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffafdce46f8,0x7ffafdce4708,0x7ffafdce4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffafdce46f8,0x7ffafdce4708,0x7ffafdce4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffafdce46f8,0x7ffafdce4708,0x7ffafdce4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x170,0x174,0x178,0x14c,0x17c,0x7ffafdce46f8,0x7ffafdce4708,0x7ffafdce4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9745973612766131961,5156087649924302895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,910332992740481839,10612467883795650574,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9896940392021868574,2572692920367762329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,3162644097643764883,8828356640132327606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9896940392021868574,2572692920367762329,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffafdce46f8,0x7ffafdce4708,0x7ffafdce4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,9745973612766131961,5156087649924302895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,4484291338949074821,17150177675008435240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4484291338949074821,17150177675008435240,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,910332992740481839,10612467883795650574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,3162644097643764883,8828356640132327606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8418746231932654109,11629057646506337066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8418746231932654109,11629057646506337066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13599673204345761731,4094119005373854303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13599673204345761731,4094119005373854303,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,13051682471151541699,4604216160246399651,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,13051682471151541699,4604216160246399651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7088 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a8 0x4f8
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Jy1037.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Jy1037.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6088 -ip 6088
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 608
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7HI4oW61.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7HI4oW61.exe
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5604 -ip 5604
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 856
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,8831171959309901394,7035012897117589911,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6676 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 104.103.202.103:443 | steamcommunity.com | tcp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 92.123.241.50:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 103.202.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.42.244.104.in-addr.arpa | udp |
| IE | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 3.232.47.168:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 50.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.47.232.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| BE | 64.233.166.84:443 | accounts.google.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 36.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.180.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.180.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | soupinterestoe.fun | udp |
| US | 172.67.221.65:80 | soupinterestoe.fun | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.178.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.221.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dayfarrichjwclik.fun | udp |
| US | 172.67.174.181:80 | dayfarrichjwclik.fun | tcp |
| US | 8.8.8.8:53 | neighborhoodfeelsa.fun | udp |
| US | 104.21.87.137:80 | neighborhoodfeelsa.fun | tcp |
| US | 8.8.8.8:53 | diagramfiremonkeyowwa.fun | udp |
| US | 172.67.183.217:80 | diagramfiremonkeyowwa.fun | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ratefacilityframw.fun | udp |
| US | 104.21.74.182:80 | ratefacilityframw.fun | tcp |
| US | 8.8.8.8:53 | reviveincapablewew.pw | udp |
| US | 8.8.8.8:53 | cakecoldsplurgrewe.pw | udp |
| US | 8.8.8.8:53 | opposesicknessopw.pw | udp |
| US | 8.8.8.8:53 | politefrightenpowoa.pw | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 217.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.74.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| GB | 13.224.81.102:443 | static-assets-prod.unrealengine.com | tcp |
| GB | 13.224.81.102:443 | static-assets-prod.unrealengine.com | tcp |
| US | 3.232.181.43:443 | tracking.epicgames.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.181.232.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| IE | 163.70.147.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 172.64.150.242:443 | api.x.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| GB | 199.232.56.158:443 | video.twimg.com | tcp |
| US | 104.244.42.5:443 | t.co | tcp |
| US | 192.229.233.50:443 | pbs.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | 2.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.150.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.233.229.192.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 172.217.16.227:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| GB | 172.217.16.227:443 | www.recaptcha.net | udp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.204.78:443 | play.google.com | tcp |
| FR | 216.58.204.78:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| GB | 104.103.202.103:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| FR | 216.58.204.78:443 | play.google.com | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.103.202.103:443 | api.steampowered.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| GB | 13.224.81.102:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 35.186.247.156:443 | sentry.io | udp |
| US | 8.8.8.8:53 | 120.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.218.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 90.218.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | nelly-service-prod-akamai.ecosec.on.epicgames.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| GB | 23.48.165.149:443 | nelly-service-prod-akamai.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.165.48.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | nelly-service-prod-fastly.ecosec.on.epicgames.com | udp |
| US | 151.101.2.132:443 | nelly-service-prod-fastly.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | nelly-service-prod-cloudflare.ecosec.on.epicgames.com | udp |
| US | 104.18.42.25:443 | nelly-service-prod-cloudflare.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 25.42.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nelly-service-prod-cloudfront.ecosec.on.epicgames.com | udp |
| GB | 13.224.81.104:443 | nelly-service-prod-cloudfront.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 104.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nelly-service-prod.ecbc.live.use1a.on.epicgames.com | udp |
| US | 50.16.189.216:443 | nelly-service-prod.ecbc.live.use1a.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 216.189.16.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.71.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.179.89.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vU2SM89.exe
| MD5 | ae6bacded98d04b7167e60f4bb8da15f |
| SHA1 | 5abed7f65d4f2654167b1fa94f089c23c60e705c |
| SHA256 | 2e567da80b154b371ad93e79c7f5babe6bd5d534439597805f1be14bd5af40e3 |
| SHA512 | af7d27e86982a97e59a8b33a7b4855422fac76b982a02c9cd741dcc9201a5de53f2432b5df1ea52db3bdd93d02634d9d39cea83f92844069fc225f50551392bb |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oG82QE5.exe
| MD5 | 3af0f9ca855125a8c289e5fabcc4a881 |
| SHA1 | bb44d43cc42188cf6f9dee0d8126f2f232454021 |
| SHA256 | 438e5c26c911c76eebd420df8921263091411b424928efbbfe670f454eae83c9 |
| SHA512 | 3858fb808f2ec45229ce051fa480644ea92ac20ec5b50d829bf777f4d8ad829f7b46feb25dc2967d9534be8993d4e93b7c2d681e3cbdc8446bf473a5b92cfc47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5990c020b2d5158c9e2f12f42d296465 |
| SHA1 | dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4 |
| SHA256 | 2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643 |
| SHA512 | 9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 208a234643c411e1b919e904ee20115e |
| SHA1 | 400b6e6860953f981bfe4716c345b797ed5b2b5b |
| SHA256 | af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458 |
| SHA512 | 2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2 |
\??\pipe\LOCAL\crashpad_404_UTBEUBYICSYLVIKV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 825a98b1e2e904faf74482dada81d645 |
| SHA1 | 5716538d39c422a8c8a0a1bf878e6725abf82d6c |
| SHA256 | fa35da83ad3ec71b426b70679cad2a616d757544f8e5f599db6eb61b3c5f3c46 |
| SHA512 | 14d95d5d38e59c7697dede8f6f1bb9c20ce7a507c1e0f4083d8e53ecc3ab24f009fed056c210c643fb1a1992a6ea353247b2b9bf1ed5c3e7de83cdfbb7d91f52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 85535464523e71ad3e7692ffcc5dfc87 |
| SHA1 | 6ca386a142280a6e184e645fd9e7bc1407e3e50a |
| SHA256 | ce7e3d3b1580cb35eda89efa7fadc6b96bed0203499353f0ece22a5afef0c8c5 |
| SHA512 | ec89896ebd3aab874de9fb732cd4c62782ab8ecb24e062d5f89d87a5859a8d88f6785e2449d21514226c849d5c462387105dd502a3a2dc00b374871f0d852281 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 805a20b8f99359045c92949efc92314d |
| SHA1 | df421fb681aed034f75c15512f4bcf46a525de50 |
| SHA256 | 19622098d7ee781e7f7724137f1dfb249b2c98c254bc2865ed1180de4a8f670d |
| SHA512 | 67ad8843e51cc774dd0f939864c7199475b46f0d8e60984af5c4e0a59e0e6f9f45e0ca2afa5a05746eaa4d68745f7c274c8299d91d5d8c0d299a9e4caca9d725 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e979ffa18c799bd42558b43cc94479f0 |
| SHA1 | 41f4bd861a8bcf88fcc4ca306c123b25baa9e991 |
| SHA256 | 3525a593baedb90ef1a22d7de8d7975c35601ef1f34f0fc95226fbdd9f6be20c |
| SHA512 | ec8473595389446ffa8e68a743c3ba72de75ed2c33792fc8646c2fee3bc38e59003522fd69547210e2e6bfabe1cd0103fce1170bead0ea205eb32f20f711cbe1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\110d1b0f-e4e1-46c3-a7f6-5b0e99690340.tmp
| MD5 | 15b92eda878b47269741ff54e485e766 |
| SHA1 | 8d2e295c296425e167733d43ce4fd3aa796d949d |
| SHA256 | 9d644c95f4cf1bdc871e69d8fc6b3dc17208d3d8ae032422dc23cba292d8c7d8 |
| SHA512 | c0957a339459444936324f0117332773d2e80b5df1caee33bf5d7212aeb5e1269260d8edad82097116623045170932bf1f2f662c4d577e539573957f3145d77f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 535bca73198b29dc613d7ef292d045ac |
| SHA1 | 765e186ba0b2604e3f5620dd1013577448f70b71 |
| SHA256 | 3190e2283ecf375f32fcbbf9d8eca4af2d612083ebdc36b7fdbc2b632b92bf11 |
| SHA512 | 99956c633715997288cda826de0f87dbad1c28488c795d72f232fa729c89e33046cb26ac89eb787b1b0c04ccebe250b8b1280a415c55c265a3636239865d8b7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 103107b0c69b48e68dfe35dece6a40ac |
| SHA1 | 924448f0a82afa6c57de8f32c6890311ecccc505 |
| SHA256 | f1868c1a80c8876744e206c5c5d37ec60a91bd07fdf0b51cfec05c15b50fcc40 |
| SHA512 | 97280260701943ceb9b6768052be847dd72e60ef9e023e330e1bdca9c7b4e8b84d80041a3a87900638061537e22d2cce378abb49bea4bd8ca9c830fe407881cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a10078e337fb74fe876e9c87334ca595 |
| SHA1 | 367b57c1240e6db23eaac18af1bf3a484838ee20 |
| SHA256 | 4e41525bde2b88dfae5e9e2fc58d5c16459cc1c643a1be4c0d33284c0a5e046f |
| SHA512 | 988c3bf674b853f2f46cae282a59af34de429aee37120925c33e90803060b1178d1094cbb8f8bf2405d734c5e998ef6f1bb52f41d5506674efc2ce97a93e1e0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3f0f77de5b72ae575f664702c47815d4 |
| SHA1 | d1c8d7d28ac6f90e15a09a64b7012345bc8bf487 |
| SHA256 | c3471fe3d33513e52335b94b799386a5398e11ff15ed3b1acb2cab1e9c1f976d |
| SHA512 | b7e642c1aa660e1a48b5a63435c894edfac63ea9c1b2c6a2b4a1ad32f2101f75b63c5a22e2bf4cff644a2cbfffdd8de3934fba30aef03c84e82b176cf3684542 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 051e64a8f45708321eb1c1543ed38b5e |
| SHA1 | 630ae187605b9c6e00563e49ec601c88e7236758 |
| SHA256 | 774244e0b94ba8c6e29ccd152a657baa42803e118855d0e561983c4440fe70c9 |
| SHA512 | c00511c5e1ee1f2dd7a83f6c2186a9e724e81725f563d0600243ccc87825a44432e4f8442d2967e9f1ceaa51f7a908b641d4849052f7a8c54685d5f096bbebf4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | a1a5a240d8c8b1cec9376f790fc50973 |
| SHA1 | 3668375e4a1fcc371c9f7c9a7dbd87a54765c5d3 |
| SHA256 | 9e6b0bcd273e418b4676880fb257da0396dd2e18d95c0313c717b1b5e0499e83 |
| SHA512 | 640af24f4a2cb5a0a570eb3ec5ab1287be04dec0b1ba7d1cdf34b98ea26d900c38f0a89a0ea6d13085d28a58a1d1dc1eb753b7bc20fbbe6d21975708569a1fe1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 5ebeda3820f4919ca678dac45221850f |
| SHA1 | e80734476e6755a90c87aa5ffa68917581eea362 |
| SHA256 | 95e78f1872edb64217250cbc4a3168b27fd061b6b4cfed866d76495ae60c2024 |
| SHA512 | 70214ac944dcb239fb60a334abb7ac9fa89e605721c97655c980c74d53b4b1bb8eaa24c6d4f115f4b94bf876a76c12a4c1de855db9bdece831098a36a63b3e1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0c70161759df59b1848f264438be629f |
| SHA1 | fe2473ffda0ebfeff6b2a7ba3d08f6a840783e23 |
| SHA256 | 4e2f841358404fd3c2533002db379b4c0cbf37adca7e7d41868d8628b44034ea |
| SHA512 | 4d507149439f17aa8989d0aceee78211ec450abe9b8acbb1edfe70a3f19cabbb7cde46e4d81c5acce14ddc2f47bbd4d09ab9729e4dee6958bb9841a4b30e439c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 12577efc853f881cf158126b3ea95c44 |
| SHA1 | 95c774960777e534b49c0301d240ec1bc4f7c0ee |
| SHA256 | 921413c819721dadf45b548bf490aab31b431be1e44147deeb7ba7d158257059 |
| SHA512 | 3dbf6474680c297f4bf3320cc5eadfda5c89e509dd02563427af4e7fac184e95a5925704c39c3aebe9272787f55d7944776e8519094d55b22d1972f0efb0f00e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 5a6206a3489650bf4a9c3ce44a428126 |
| SHA1 | 3137a909ef8b098687ec536c57caa1bacc77224b |
| SHA256 | 0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28 |
| SHA512 | 980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78 |
memory/5604-509-0x0000000000B00000-0x0000000000C00000-memory.dmp
memory/5604-510-0x0000000000A80000-0x0000000000AFC000-memory.dmp
memory/5604-511-0x0000000000400000-0x0000000000892000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7dc2f09d6350ca1a45d85b19c2e21106 |
| SHA1 | bdc1a8af22c4026846dd64e782b3867ee93339ae |
| SHA256 | 9e4af43020deca0963102243c2e43c2e8702f6e5897689908d916f577c89358e |
| SHA512 | 278bb5c2f902b45939af7213feef471fec23e81e63fa4a6592c964229882aa80db3e0d66b06700cf9532f69420b7a30e61bdb1167882d6e3c5e5202dd2914742 |
memory/5604-528-0x0000000000400000-0x0000000000892000-memory.dmp
memory/5604-531-0x0000000000A80000-0x0000000000AFC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d7ae.TMP
| MD5 | 87e2c8ded5ebdb695edd0341fccc95aa |
| SHA1 | d9c9f81f064a2654eae0218e5f087b897460b33f |
| SHA256 | 2b79ec5b8edb3fdd2b2d804df6a58c4c0b59087db103cdcefe24d50da12cc663 |
| SHA512 | d487d7a158a5ae22bc1b81b03973e7fb19a4976480f7c6cffbcb7080f6469354464786f4cae18f5d37569579f090e47731e8e09743c6070c8a27b46047ffdda9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c4b512e0cba4a2294d313190cb92d906 |
| SHA1 | 55ac4b35338df8825a0f17df853d94759f66f366 |
| SHA256 | b302738fd5768bd27c678fb62d38a74ec0dafe65d9d56de945ed541eabac67da |
| SHA512 | 512c8fd934ddf34e809682e13a6056293f6f404c449662392e76a225d9bf923271c6d7cbc915d5499ef3502b3040fc3c7949a5aaa270a82e452fc6af505858f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ed11a10c7f59b22da689519728ba92e1 |
| SHA1 | 95183cde1d58a7b8ab42b684561dbce8aa16a679 |
| SHA256 | 2e85d11b527537875b5f98204ce883930e85ad9a1d5cff7ce5adb947f67565e8 |
| SHA512 | b4cc1850c95037e20e0aaf81732867dc30b8cb2d70e9231e428aa00790e0be4faaa248a15616a7c532cc98962c8e745192415d7c13832df2bda560c562b58e03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 0a5bf5a5ced3b121758e9ceb17f154b4 |
| SHA1 | 20749f37147d245ff9b68d4f27fc933c4389d088 |
| SHA256 | ec9654eca07cb6991fb8a563f43770dcbb895134dfa5042def6dbd4e0c6612a5 |
| SHA512 | d267294bc0ac8cee97ea3ac278d5efb10dc8980d8672b8969788c86a1b9b8ed09e5a1dfcad9062fd67f7f7e2f885e43becd69e266690f793bf07275e9909b6bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58e942.TMP
| MD5 | a04fcfa3c6126653c208ca62d6eb7b83 |
| SHA1 | c3571ae1921badb653b50fc9481862c598b1c285 |
| SHA256 | 8162e953382dc9ba81cc7fa63450f53d8be9cbdc81b99cc0e678c55afbdefaf5 |
| SHA512 | bbc665f1731c51ce4da7e515e5f0f5c2836d3f4a628f95301db284f5ffeacea55a42faafd4f3dbdd8df9b58b67321ab10cdef5e29fe16ec051a48ed5026b8e2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\90643b49-d4d1-4fd7-b7b2-5aa9808da487\index-dir\the-real-index
| MD5 | aec6464ef3b60df70ca2717d645fd614 |
| SHA1 | dafa6c85e166195b8d736a9808bd7444b7411009 |
| SHA256 | ae04e7ad1eb35d40bcab683d6e7918083dddde3e11f5bc9fe8575c53fa59a724 |
| SHA512 | 8e596ca03c10746e17bf9ba0600372ddc816e37f039a4115e31e599ba061bfd61b2065c8fd989beacf97acef88ed31b042e106c4aae1375f8d494a23b5803c2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\90643b49-d4d1-4fd7-b7b2-5aa9808da487\index-dir\the-real-index~RFe58f96e.TMP
| MD5 | 0ab09d12e111595993a2c87796168d26 |
| SHA1 | 09bc8319e532a7ac9254b3031a8bc3543f50d94e |
| SHA256 | ef3caf391a27662b36b3a7293fe4580a5edb173bb1f05b78925753d1ef45a0d8 |
| SHA512 | fa53ebde16ea0bd9f6affc3fa8138fc00e9dfa44a221e7725887f2b1409d86087404b481db5b03fba838bbd22a48dbdeb3ed46232562acb37a46f63dcffac775 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 485b520a7c90659e6de3c077359a532b |
| SHA1 | f3b407e78619191b2623861717978299b573bdc5 |
| SHA256 | 17e3a2b2942f38c2f2c95545de68bff463d5b374090feaf966305e56f4b77cc1 |
| SHA512 | fd0fb2d035fc4623f9693c82d8d82dce55a06f90b8ebb78433a9f37bd3592e1d2c215d51b6d7fefd24e16f1c321b48b3c27e88c5b63c6cfd6e66e94380bce649 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e0a932725d47468d0449db88ce445dab |
| SHA1 | 69d14318e96c649f11e60c726287adecef4f6d17 |
| SHA256 | 249e3f15626c0687c165c67670001526d2cbce6ff17efa288745e65ac241c7d9 |
| SHA512 | 27d46bba9ccc09fb59471fead67d9ad2583e6d86c3190e6840bb4ddacd1c0b5f981aa358c9287927611c5347d1c142eeeed6b02a26bbc15efc0aaa6f55dfdd7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8c1a8c8dc6cca31732914f4ed517da8e |
| SHA1 | 178e94af2ba8fd5277927550b29c3bf45e23c97c |
| SHA256 | ccf7f1d498c1d1ce155d161c81aaaeece6bb8db1d7403d571552c7ad870526c4 |
| SHA512 | 6a5133f302feeaeed31e94c1659a92cef10a95dac3d0b22b68db98768b1e180e0882d87962d4ccc58c224accf2aca44a7730f355c13f6152eb6856ca04203324 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040
| MD5 | b3ba9decc3bb52ed5cca8158e05928a9 |
| SHA1 | 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0 |
| SHA256 | 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4 |
| SHA512 | 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3b3cd9eadce3d635550228da3de89ba2 |
| SHA1 | 3863a32668440f612e76efc71b1465030c349673 |
| SHA256 | c7275d9e519ca2dcdb24666c9d1ab599b035959f0973fc63b06bb446d5dcb6ad |
| SHA512 | 771eff23175ca4839f9871e2cca4749eba6582c84c64d3ee4d6fb006c9235e859f98741e23f488d41533e6ad4e59fb5f97c0a1dd15c81145cf43196cb61d6fe6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 89da30fc021d312e68e02b69051c06c7 |
| SHA1 | 55e057546811fd2fd9941a01f87456a71501cfa8 |
| SHA256 | d8060371f852eb3523b71610448b8b7d7f59ec3e93ac3c36029ce8d2be591622 |
| SHA512 | 08879486bf3f1877b64d34fc9f1003582c07d015c3fb6c0ecf3a1251420208227711fd08384587271745501f5718f8ad5db4777be8eea9ca3b3c83acec46a679 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 156dd8686bfcc352dd8751f1e6c6b53a |
| SHA1 | a54c645b37828f6a88fe0a7459aaa48d745a0a3b |
| SHA256 | 696155b0cba5df61f5ddf28bf8f087c88506756ba7bc13c9bfb49e37dc150be9 |
| SHA512 | 9b8a34e5f3e8b6e7a0ed566ec972cb3396469c6d37ce5ad455b77a0f8cbedcda78b87289dfb1013642c9069ee756b203334293f9d11261c816724fa8c3352a57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bf8b1cc4-2037-4062-a4cb-0cc364539dfa.tmp
| MD5 | d87771fdf2a5b6d9db446b6ed2a00df7 |
| SHA1 | a3f26c4f06642b220323c6089c66d258d9ad9fb0 |
| SHA256 | db8d9960e73d0a0994a431d2950cee04e9e45a61773655c21308343d920b3174 |
| SHA512 | 0b443c304a5e05d7392f424fcc14911827fddf14cb893555dc52753b2680887d58455baa3ac57c8bbcdc47f7655c20a84fbe7acfd93ad8c17458f0d3c39fbd15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d1f297d3af83248d134b6eb2f786befb |
| SHA1 | 2d0591f33fe90f6759c90f86362d0ef2776fce13 |
| SHA256 | b2f967d850f9ebbec3fe8f5e88de56b009a5557a74dd46d56ebd12ca93ac8bb9 |
| SHA512 | b6f0563fc6ac871312e618c66e159883a1d591240aa2dbf846443d3c2834ec2c21d10744c80027c3419a839fc697aec35bc124d56c367220bf97d6939f9e91dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | a7d999ff1237902f09c74b620ef608c7 |
| SHA1 | 1ae0829ac4a6a279cad4c051359da3d08783f059 |
| SHA256 | 4afb18ca17a4fad8ee41f576972fd15bf218e8815943db77c2163debc0256339 |
| SHA512 | e1b4276574061b29544b9a6d54439b1d25f26d0886934d5a196849a337de2ee348383a24e53e44657ecd6b055937a336b9be58fd1c3f6d23435c988acd18e491 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000083
| MD5 | 3ae8bba7279972ba539bdb75e6ced7f5 |
| SHA1 | 8c704696343c8ad13358e108ab8b2d0f9021fec2 |
| SHA256 | de760e6ff6b3aa8af41c5938a5f2bb565b6fc0c0fb3097f03689fe2d588c52f8 |
| SHA512 | 3ca2300a11d965e92bba8dc96ae1b00eca150c530cbfeb9732b8329da47e2f469110306777ed661195ff456855f79e2c4209ccef4a562a71750eb903d0a42c24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dbf7fbaca77c66954f194e4f53fe906f |
| SHA1 | 88a4d1aafe8c469e7b25c54359bc479076ecf451 |
| SHA256 | 4e869a9dd9b7d4b0e1d6f109c0a5fd5e23f06b48e659ed71923822f2df78bf98 |
| SHA512 | 5cd8d14e8d9f09991e0edcff8182a381ec356bb426128820cd59d8910bbd0649156a0e47f9a427ac3f6e8cb0e498a36bbfc83c498d888c417dffa3c0ff6c1cfe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 021e7b8e26cf01f1271828dc1cc0e867 |
| SHA1 | 6fd2901b56ff11f0356cffc208db1a200c27d70c |
| SHA256 | 7d4f940bc222aecf6f76a54cc1a6d0b7741f2d55c4e3abe291a90e482e998b06 |
| SHA512 | 8263a748f0fe3ef12cc26d77af4d6cff43fd406d5460c883f537da4ebdc4ea5b4299585171c5c89608152fe03c2f94a204a34e5df8255098f98d25a83a114295 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fced8d5aac55e05c89309f01da462c5a |
| SHA1 | dd7fd00c9383f4592fd07d29035d7203f91f1b62 |
| SHA256 | db068c564e106040d3880178e0217cb4897039e39fa7746b8ffbacb99b5ef993 |
| SHA512 | acef9687df3074698e5d03c73dfa35810a95e8da2d63b584abb9521356db810e308f220d6e7cd8925c00505f477cc6c96b75c5bd86a7019c9c7edaadb6de73c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 670fcd640883032147f9be2e314b97ed |
| SHA1 | 636324290b467519a6c774498756f4327f5fddea |
| SHA256 | bad8f9c841161038163475b119fc406d6cedf54a98bd1d981d6c0834df1cdddd |
| SHA512 | ca00d3bfff3a0aa47734433aaeb7168d2e4409bd25a0bad2d9f4307130feb6bc5d915e2a466ab538a676cf7d50712fd6ba35ad902106a2af54c9e1543ea8d7b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | aa9bd6978574ded01b5f258b58a09ce6 |
| SHA1 | d84062c4aa188356a106a63a61d03da39777d353 |
| SHA256 | 67167453bd31b73622431ea9db077df36f590e18efe740d89cadd3d1fc6bf5a1 |
| SHA512 | d69d422ffacda99f5a3e7a8a3c05e270907702c11fa4c2e26b0d2a3421f11a5321269091b2e17f638f2787d1bfbb6d1b53e704c1afb13ac1cfd05f28827837aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\9709393a-66cf-4a8e-ba97-44e614fb4d28\index-dir\the-real-index
| MD5 | 69c6962fed907d4e5bddec9a5110a60d |
| SHA1 | 451642a035b721361030728b1af83b985d26ea59 |
| SHA256 | bcbdff8bfca4baa77529332c2fe4ec12738ce0f1fd6a83ccbd7f2c21af0a8eec |
| SHA512 | 26be1beea7056fcefa41e6e5401dedec8c8d88bb5e4f8d50255e31dc09be7a557828a2e6636464b602978d46ad575a511ebe6deea011f11946eea45653e0330a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\9709393a-66cf-4a8e-ba97-44e614fb4d28\index-dir\the-real-index~RFe5a106c.TMP
| MD5 | db06999a35c9043ae8487695e5dd7e0f |
| SHA1 | ff7cdb763cb8d47c58f733e670a2bcd13ef29833 |
| SHA256 | 49b2e89ad9f25af154fc08daa2b55f38725243c77ea96836af26852ce32c2d76 |
| SHA512 | 7bc6c731f768c8198b15fdc022cb20cbd291ea65a7a05f3d3f9fdc9482ffcd3149579156e07ece0948816a86a99628e7dfa4420d0e8225d778cff16b9dac7da8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | a35198cf89b27a1362999b5ef47f0ae0 |
| SHA1 | b581cc96a5cabc8f141959e6cf84651757ab6b64 |
| SHA256 | b84b6ca4ca4741294003457815c3bd8f2dec01af512ee42b58d9df4c45b3bb25 |
| SHA512 | e72b26e30cdda3a16774abee1d9ea621e2a1e69336de6946e4e27cc6eae56953c9ae49458cc2bb4200cb8869fe6859c4bc2e3484f7b17f037165c27c60e5b964 |