Malware Analysis Report

2025-01-02 04:20

Sample ID 231214-gq24kabggr
Target 9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c
SHA256 9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c
Tags
lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c

Threat Level: Known bad

The file 9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c was found to be: Known bad.

Malicious Activity Summary

lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer

Detect Lumma Stealer payload V4

PrivateLoader

RisePro

Lumma Stealer

Executes dropped EXE

Drops startup file

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Adds Run key to start application

Looks up external IP address via web service

Checks installed software on the system

Accesses Microsoft Outlook profiles

Drops file in System32 directory

Detected potential entity reuse from brand paypal.

AutoIT Executable

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Creates scheduled task(s)

Suspicious use of WriteProcessMemory

Checks processor information in registry

outlook_office_path

Suspicious use of FindShellTrayWindow

outlook_win_path

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-14 06:01

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-14 06:01

Reported

2023-12-14 06:04

Platform

win10v2004-20231127-en

Max time kernel

149s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c.exe"

Signatures

Detect Lumma Stealer payload V4

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

PrivateLoader

loader privateloader

RisePro

stealer risepro

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\YF5bt14.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe N/A

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1680 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\YF5bt14.exe
PID 1680 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\YF5bt14.exe
PID 1680 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\YF5bt14.exe
PID 1132 wrote to memory of 536 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\YF5bt14.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe
PID 1132 wrote to memory of 536 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\YF5bt14.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe
PID 1132 wrote to memory of 536 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\YF5bt14.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe
PID 536 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 4368 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 4368 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4112 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4112 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 2804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 2804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 4776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 4776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2808 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4328 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4328 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 536 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 976 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 976 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4368 wrote to memory of 5140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c.exe

"C:\Users\Admin\AppData\Local\Temp\9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\YF5bt14.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\YF5bt14.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x144,0x178,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,6362227366478068568,15334680981983133440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4153342589918023589,4866051323694924216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,9379338445225790113,10437878364024694844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,9379338445225790113,10437878364024694844,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,6362227366478068568,15334680981983133440,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,8694719340962926034,17037405141852835808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11771087593647230546,3502909986504361024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1540,8140019820115133812,18263034109618583040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10983160986691949567,11800035589686378568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,10818891019385382712,12260532236571248021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7204 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x150 0x244

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7648 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 6176 -ip 6176

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 1764

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7ty5jH79.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7ty5jH79.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8480 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8480 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 7524 -ip 7524

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 1016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6068 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 92.123.241.50:443 store.steampowered.com tcp
BE 74.125.71.84:443 accounts.google.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
GB 104.103.202.103:443 steamcommunity.com tcp
IE 163.70.147.35:443 www.facebook.com tcp
US 34.225.16.118:443 www.epicgames.com tcp
US 8.8.8.8:53 50.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 84.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 103.202.103.104.in-addr.arpa udp
GB 104.103.202.103:443 steamcommunity.com tcp
IE 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.paypal.com udp
BE 74.125.71.84:443 accounts.google.com tcp
US 34.225.16.118:443 www.epicgames.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
BE 74.125.71.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 118.16.225.34.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.10.230.54.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 193.233.132.51:50500 tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 51.132.233.193.in-addr.arpa udp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 rr1---sn-5hnekn7s.googlevideo.com udp
NL 74.125.100.38:443 rr1---sn-5hnekn7s.googlevideo.com tcp
NL 74.125.100.38:443 rr1---sn-5hnekn7s.googlevideo.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 200.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 38.100.125.74.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 74.125.100.38:443 rr1---sn-5hnekn7s.googlevideo.com tcp
NL 74.125.100.38:443 rr1---sn-5hnekn7s.googlevideo.com tcp
NL 74.125.100.38:443 rr1---sn-5hnekn7s.googlevideo.com tcp
NL 74.125.100.38:443 rr1---sn-5hnekn7s.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 api.x.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 3.232.181.43:443 tracking.epicgames.com tcp
US 104.244.42.2:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
GB 13.224.81.91:443 static-assets-prod.unrealengine.com tcp
GB 13.224.81.91:443 static-assets-prod.unrealengine.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 104.18.37.14:443 api.x.com tcp
GB 199.232.56.158:443 video.twimg.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.69:443 t.co tcp
US 93.184.220.70:443 pbs.twimg.com tcp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 91.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 14.37.18.104.in-addr.arpa udp
US 8.8.8.8:53 158.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 43.181.232.3.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 www.google.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 221.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.178.14:443 youtube.com tcp
US 8.8.8.8:53 soupinterestoe.fun udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 104.21.24.252:80 soupinterestoe.fun tcp
US 8.8.8.8:53 dayfarrichjwclik.fun udp
US 172.67.174.181:80 dayfarrichjwclik.fun tcp
US 8.8.8.8:53 neighborhoodfeelsa.fun udp
US 172.67.143.130:80 neighborhoodfeelsa.fun tcp
US 8.8.8.8:53 diagramfiremonkeyowwa.fun udp
US 172.67.183.217:80 diagramfiremonkeyowwa.fun tcp
US 8.8.8.8:53 ratefacilityframw.fun udp
US 8.8.8.8:53 252.24.21.104.in-addr.arpa udp
US 8.8.8.8:53 181.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 217.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 130.143.67.172.in-addr.arpa udp
US 104.21.74.182:80 ratefacilityframw.fun tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 c.paypal.com udp
GB 172.217.16.227:443 www.recaptcha.net tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 reviveincapablewew.pw udp
US 8.8.8.8:53 cakecoldsplurgrewe.pw udp
US 8.8.8.8:53 opposesicknessopw.pw udp
US 8.8.8.8:53 politefrightenpowoa.pw udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 182.74.21.104.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 facebook.com udp
GB 172.217.16.227:443 www.recaptcha.net udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 8.8.8.8:53 c6.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 fbcdn.net udp
IE 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 login.steampowered.com udp
GB 104.103.202.103:443 login.steampowered.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.103.202.103:443 api.steampowered.com tcp
US 8.8.8.8:53 sentry.io udp
US 104.244.42.2:443 api.twitter.com tcp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
GB 13.224.81.91:443 static-assets-prod.unrealengine.com tcp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.204.78:443 play.google.com tcp
FR 216.58.204.78:443 play.google.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
FR 216.58.204.78:443 play.google.com udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\YF5bt14.exe

MD5 db42e9be8daa4c8715bd8ea035035c57
SHA1 452cd8c71abe0ed7fef1178107a77228e6879ac7
SHA256 13c37e63fe208652832ce30bb0259c2b6e596141ab789d8928850a9c2523f698
SHA512 5bab982b340004beac6f21cf6b8357bd1ecd45fc21d9159f449f3a8b804181d0943a8697ff37df1600a18eb31ea6841720e5148514a3123903058c179cd72ef4

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe

MD5 44e97035738e990d56a26e86e163771a
SHA1 9e8f3456a3cb16e4ae1789eec18ad7c590b35bfe
SHA256 0d77fcf37de4c8fad295974539e7338f1a7ad068950ebf3bb6357893bd99f692
SHA512 246ed78653382943eb32d7bab980afe9c1f801a8d720fcfa7c8e8ea8097881df9ad9352e0c38ca24c4db63d6120d9899c37493b0318386a09635c106d20a459f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fcd8bb32c04fa99657007efde87bbbc2
SHA1 ce575cef42840e731c9834e27efa02efa0c57a6b
SHA256 2e3fecfa2023e8f7b14c40277a60b0c781659ae240a32ae2521f7fa0f000744f
SHA512 b87bece2e0850f523206684c555cf80b348f794d51e8e0f7cf9c0ef054fc103885145acde9698dc363e8162aeaa4495a180825836e3fb92d4a3220f3359f57c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e5c27b4a4d5a3c9c60ba18cb867266e3
SHA1 dea55f1d4cdc831f943f4e56f4f8e9a926777600
SHA256 860ed0acc83eb0096cc8911725e2c631ff879ad8c35854577651af502c4b69c9
SHA512 56eda28e9c61e8081dadc220d23e7bb3320a9ba557eb7511d17a3d2836aa61f301d1d714a3d611eedd7c4b91886c790af7366b01acdb3b637f3dc4fb024f3f6b

\??\pipe\LOCAL\crashpad_4368_YHVVFBIVJTHWAHWZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e298147c4595abd1aa9149dda324ba7d
SHA1 e7bd5008bc77150da8d93eb0da2646ec3775ec9d
SHA256 bd9979a01b2c14a60489cf84058f538c9960800d83217f3fec957299796319ef
SHA512 a63ffa3427f47412eddd547e0e1aec9e8533f1dd912d7f042a836cd623a055f72f8b078f30d4322d98b1108465f056bc17eb2b4028f7155146fc5c50ebcd4a93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9b1c0769-244d-4a56-a1fb-0317d5e01aac.tmp

MD5 c45136899c9375b506dabbb81822f4fe
SHA1 f58cae5170f02af50be7874f2fcb12d827430c86
SHA256 9c9a537d400973f9f0ec1f91b4c6aab9275556c3ce2ed6b6ea9828ef3f518e51
SHA512 4b93b9726ffc559a7b0b13e87aa19b30e5695a6886108f0fd079e59163a41735d0a39b3aa817abcff89cb4c4bc158b44890b19443e3f59546c69f011d83b9519

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5d3fc56cf8765874cde382f5de35c9e2
SHA1 950acf9d6ea17eeb03535580a42fecacc7f9baf2
SHA256 40d95fbbb99bb3970978e0eff70243ceaa12170bb18d11749942c4e1be8a097b
SHA512 725480321c74cd6b03a6bf4c7bf6834ed8927579966a8ce14660fcc213dc0396aa20af242abbb05ffce0144d3e5cbec11d127ce8a666e4c45e5f164d45d819b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3dabaa41445bcbb6e8add6858db6eaff
SHA1 e29c3d2985ee197a05a12906e5ad845edb67c0f2
SHA256 a42f22c8a296fcd3b3968c3f4bdc17e655b6dd04fe34a69cb168ebb0ef8b5117
SHA512 d8a3b0230cf6704e1aad61c8512092f15a14482942a3c6506fe6d2b205745be3739adc4496be5b3dd8b12baf0f44a3f7ca7246dcef2b49a369ff286015ef3816

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe

MD5 ef5c1ec128ac1822358d9281dcf3b710
SHA1 e0c8a7594d258b02e691f0bf85a289490ee4c110
SHA256 183181709acea935fa0e22bcae4c80d05d090283ada960a0a386aa930c588ed9
SHA512 82b5bb583c02c55aa425a939307bc17bd89644d2f6271a3cd7fe640423bee61f1e1ece424e12633b8e82ea78012da838aefbee5321b0d4013f2ff2707ebcc05e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e97512ba7e8ce74e146d12ef431a7a6
SHA1 4dab6b00d214db4e746fc1f0936c9cb7de89767e
SHA256 e575f3dcbe55aab29af1de4c6afe36567a36a6031872f11237bb65a9b2bc96cd
SHA512 58936ca210a2f0ec7ad1cc88d9eb3f8419a7c966d63ef49992d8722827907ee35ce501f2411255ffe00f0e69852f3fe4d25eb5b31011d1a826af1b2bbd7251c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 869304f9d02d66d6ba92d39c6352f4a5
SHA1 824ebeb706857f007941b66a958573b34ff3d537
SHA256 bde71a0d3b69d2040190fe681162bace8fd03add81d183c54ad5cc809d4b5738
SHA512 09c33f40918bdbc5123fe35e9cd01e5fe300a641879008785b9d1eb181032c285251fbdecff876e0406fa1baf49acdeb0b63e76439cbb7015fe10b0fcaf6ca56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c63f9f67ba9bc4778927c7f2273d957d
SHA1 c30e426f706244e037190b141133b4083584a2d5
SHA256 529377b6223f8741d41c0133741c74934bce9f7175a424e4aeffb38a445c1d89
SHA512 e9a3e27d313129dc8afb022ef31d2fff7ed30902a7213119e060af4bc632dcdb25282b2d33f9d4f1bd43626b9ac4395eee7dbd92fbf5fb8f49f963a42fa9262a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 61cd5b305856969c890920281309b74f
SHA1 21edaf6fc6fb087e13044004d5c05076077bc03f
SHA256 953dbd6257b363f4ce789ae72dfe4d3418663e2dae417d0369bd5f88f5bd3085
SHA512 b7e9c941c9e31920ae26e11adbdac6e032eee84b847a62d0d1d18cfd69ff29568e3c34be9715148645cee92a0bb126b7509ed9eeda29f15801df49efd191da30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 35e94d06323c1d1599cfdac5a225c2f2
SHA1 f5732c4c60a0e62ae778bc98269f373b8ab20bc2
SHA256 8dc48be7d0d28e2b9b75adc0e800d9304f181e04ad942193439af1f69339c0bb
SHA512 7d3fdfa552a6b9230fb2fc4afaeb3b67942fa58d5124a08a3dceb05541cafdc3217236ab7877abca1db8bc708396ff63ddc0dacb3697840515d0eda5913dc91b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8ef171b21e3050fafe9d9992a7d5e1b9
SHA1 ee51c7b92feea25f953c14fe8a59499eb89e1174
SHA256 0690bbec232581d829acaa339e3b7303e8cc0cfd78682103d7187c4d1d14d256
SHA512 44fc04b9c5a7ce506670401512b5b1f8a2e64db3324b40ba0b8d9e5230af174cca9f1580dd0820ceca4ed49f05f286dbef742f3e708f79a2d8269db013404553

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 06f4d214bf78af9773d4e3c1495758ab
SHA1 1482f338a3586df8cf7f1bf51ac3587f877607d0
SHA256 6f3ee9ff582e77d901bd934b65c89801896e794001f5c88adfbb49afb1e03611
SHA512 03a51f5829a41fe272b88c87377e6d9bbff2437cf5a4b55dd03951fd56491cb2636e81a60db12f3fca51390aa53a2f82e2149de626f8af935454e2819fa48f1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7a769ad25f28b2d84da316f5e47b7a5e
SHA1 db5c891210cb9228e1ef58f3d1adb3e481694ae4
SHA256 ea7e825ee006e21b0348dd5f7211ff8d8ae17f0d44f70369ef4e8193c7814e0d
SHA512 60715466cf5863d652e613d6910ef3a8e2e7c21673266c01853b5d472fa9dc9cdb990357cdb4fc2f4c38a5b1c3c60423954d7b9b65eabfeee1b285f506a9aadd

C:\Users\Admin\AppData\Local\Temp\posterBoxHxWbvBAiIg94Y\ZunTSaNJLBVfWeb Data

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Temp\posterBoxHxWbvBAiIg94Y\QdX9ITDLyCRBWeb Data

MD5 21363921c6943b0ba12e8c3cbd47a7fd
SHA1 03bb94c70b12783c4d1962cc7cb9f752ff8a9a54
SHA256 2f023e72c5bc9804a60441c14980fa8de30d3118e3d7ce67d8951989b1d90c4a
SHA512 3749d95295a281e18f7eca6bdecc45d0d08bc98a4da5d5b8ab21cd5022eed125b1b7a4b96c70ed486750be4eabd4da325ab9a7a1fb497dda4c4f30f9adf8da43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\grandUIAHxWbvBAiIg94Y\information.txt

MD5 b45de444b95a6b54be621ed0c2a3b27f
SHA1 aa5fdac929f254c2915a11d801a7e9d14ab6f4ac
SHA256 19c78efdb995322603ba4937efef7588f454c084eb4de667941cf5b4774d1483
SHA512 e77283233210687dc1c1712c6c3c2b0a2b3df394b4d150da92da5d8fcc554ede224326e9ed24c06b8462ad9b18141a13b326be3a391121e298ece66471ddbd7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 97adc9204339b612196a7a2aa896561d
SHA1 939a3bc7d01776703e978d0a090433a0ff341680
SHA256 9c09b0c468f7c21666c3d6a3c81cc299c2b96954ac3281eb1dcb3732a05c7b2c
SHA512 d6e76c32e39b3a9b2da7d75e7628ac3451aec34c68c3a7bcb27552fd2fb3aeb4db4cb09570778402e6bb5069f954cc16150cdc694a786e75f89ad56dc4ea6ab6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e5ef7c3f8d5b8a3e180f87a62d62b521
SHA1 226e3febbe634c3c5fb74708a4d1a34b4db88913
SHA256 57c49f3daa2cd58e13847e7449c71acba40a67c0472b78610fe8c17937b2b3a3
SHA512 22fe4cdb0f3a01af96f91101d332ba86d127af1703695765fe23fc444816e66954ef789720b681f176a908b91459fb66564828688ee4079137c83b8a2cb39bda

memory/7524-681-0x0000000000B70000-0x0000000000C70000-memory.dmp

memory/7524-682-0x00000000024C0000-0x000000000253C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e30738d93d6789672ce8e1c4bfe275a8
SHA1 ce2195ec1f2e3830b9a106a9dc8d7fa5397d10fc
SHA256 7d60046d1238ff11bdf616d83c212ad6866a7cc630ee9be8580050dee7f74832
SHA512 e39c9590f558477a1b823de555bf27542a725566d8bd839a1c493459444d49d755445d8ff34f59681ede12a8e654c5a7fc34b6008c9abcfd65d09f6b1b523a65

memory/7524-695-0x0000000000400000-0x0000000000892000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/7524-743-0x0000000000400000-0x0000000000892000-memory.dmp

memory/7524-744-0x00000000024C0000-0x000000000253C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 909324d9c20060e3e73a7b5ff1f19dd8
SHA1 feea7790740db1e87419c8f5920859ea0234b76b
SHA256 dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278
SHA512 b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

MD5 d55250dc737ef207ba326220fff903d1
SHA1 cbdc4af13a2ca8219d5c0b13d2c091a4234347c6
SHA256 d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd
SHA512 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 b3ba9decc3bb52ed5cca8158e05928a9
SHA1 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0
SHA256 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4
SHA512 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2c2f2bbfe77b3bbae3541c756b00608d
SHA1 5de5aa8c277a62216a5047eb0537c6a2adeda322
SHA256 8262bb09a1b0480d952afa6e00c21fac1d47e0cc0fdd55ac009fd010182aafbd
SHA512 014a77b711ac390a7e418934d2e39f9eb8187a09d41071ca0651153da4f36c8283652277daf54926ca1d957c150be1111c61fbfbf73874bd635042171f4b1d6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 69970320c9daeb640da9b7895b5bb9ea
SHA1 6f5a2cc3f42a4ae98a57d5dc0b6614aa10bd3a32
SHA256 92c985b62106ce9f6bc9569c65aa95ce2c4400bd757f7a7dd57947b1e966a710
SHA512 842ab1cc95ec7186240d1fb0ac9cc8019a19c66f40025a8d39fd42c31ee81770fc4b63bcd4a6617302065a61e82227b86bc679446f92be7e725c7a673937cf21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5850ab.TMP

MD5 852527856824e9ae7a977053832422ef
SHA1 5bcb857cccdc6b7b53b5ae5aa3f56ef1d214c5a2
SHA256 e7a60b18151fb31e30300f8f05e7fc177e8bdf1e18d8f0dcd5aac69c6ac51987
SHA512 a47582db143951dc6ee86be1b90cf02a7cd7692e5ea45bfb9ddcbb5ce347a76b98627bf4eae343ea8c96f09859543b746bf2f58bbfd397e49b970738ef7506b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e8924c1b-be94-4d86-880a-5c1012bdd04b\index-dir\the-real-index

MD5 2a5766f763e8e9596d4ea2de6ad98a83
SHA1 29b29dde29a130021b5181a103ce088dc8c454c3
SHA256 b21a63c486009d34b06625d8a009dca8c05e5d7a41ced1a2fd97e754d78eb836
SHA512 4bf5e2d9d46f42c6ba9aae12ef5023fd78044d27c608a211841cee1f80ecd7f8cef6b61e0a1220bf319e6a1991b73e02d6eafbf33071444b08dccda77f084ea8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e8924c1b-be94-4d86-880a-5c1012bdd04b\index-dir\the-real-index~RFe586963.TMP

MD5 6efe0b38d2eefffedfd22343c83d9c1c
SHA1 55c97dc42e90d334fdcd6e49eb0cd1a2fdde617e
SHA256 f2a289d951a5dc4c31c6e9210b3fff1fdb739c0f2fff249f709e644a786217b2
SHA512 23218692b36ca0016fa882aef3b1338538e361c03b42516da42e78b2a81e4765aa6b96c5434cd1d51a2f7a8d99a21797767e4349cffd79cb5f59318e8028e72d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fcba32b5a44b8fd90f3281806e58bc99
SHA1 555fb0237f76038f1f00a48383e901fa528b8c37
SHA256 abb19866e8d52b734be7a70fcda0aefe47f94c0850b08eb5353caa5617643a62
SHA512 7cbe2bb65764b4637cb44d6374c8a32c1d009ab226a823c75f1eb7a2eae7a927d3fcfddfefaca7f8348c4e83f764bb5fac541f16db0a6aa7082a510029e42e28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 3203d9b8700fc2f515aa84a6c6d6992f
SHA1 f2dea2c26b06142b284fa5e6c71c18c41ad1a9da
SHA256 9c98ccdecf49807df658a88e7624e55847e9a21c26fe87726bbfbcf332d649a6
SHA512 bbc1130925a55961f8feb8cc54887f107fe23678af9d7b67bda1cf914b8efb08ad9e04d48fe0f1dc808652c026730a3b3ae45e097a8dc73c0a9b90a457a90176

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 413ef461bdb2461a1c4c9ef12a7489e2
SHA1 b47c92ef311a92580318854ac22f7c7197d9ae4b
SHA256 5dfc8e37fff7ba46be690cbd22f072814694d272a79b0c7451f4436f38873a14
SHA512 63a860f165f07d70428f6d774a2490246e2c5612a7bedd9c98ea9d2aa06b658f6a920cdb36eb5cd48c05b930328827fb427e595d4a04cccd6ef1051729e51245

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ec7c6ad49698617ef746e161b8777cca
SHA1 39aca18d24682fe06d360ad147f20510160adb51
SHA256 410b56e8b1aaf2f96f19b739b7da05e77a1852665fe4584af906b679aa1c6843
SHA512 39729f329c316cd09e524ac6a8e25d2bfc28aef9be3c85cabb7292359c146e2399e26c10f9db43c87562b98f3434951be1ebc07b7088f891bacd0a0f9b695c15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4c5ad30a82dbd577d1f41e4b0af1d296
SHA1 b82b38f18d90c6bc23c44d72bf8b6cc4d126d34e
SHA256 334ecd66da18433f5bb83e0bbc591d238a01bfb742fb449a733dbb29481a2089
SHA512 541ef173f4ac280d046012da4f77e43a84ffb5ed96d94a3085ee3c23057aed51476f205c686f4202259e7bb01b23e2391dbb2e245d28a22baee47240aab7bd1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a4c7.TMP

MD5 4c92fcf8b3fc248c91b06aa5f33301dc
SHA1 d4429b9915ae5d4a1b631bde296153fd5cd0eb0f
SHA256 d8c6573beb856b5c391c81f497573fdbbbe66892a3de201617a6206f5c08dc04
SHA512 c423cfb34c9ff2ef43655353fd476e9ce2098278c576b20bc7c4f4b35e8c0a5d63cb59e27d36c27d15e1bfeb03728473ad21c892e12ba42792c953c3e0852727

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 72c606714f61fbac5e14af7200966e33
SHA1 d14a68fe13b4d76a2114d023cca5396d99025416
SHA256 25c3577229e2b88f749a7f4c62bc2a969d28d5d65a11acb9471466f4fbb91143
SHA512 ec25d71fbb14ab7447c719c4ffb24b9c8e252234d91870f3e6e0f6117b5ec362661933495ba84139a882d478e9eb9d340330c2d2e898ca183dc44d788ebe865b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8d09a955173de149214de8245d0b645a
SHA1 603aafb7c104b7e77d792e4ec1f090b734465f59
SHA256 f18f9363dca81c57ec6500f56341b8a24f02b71843418ab4498674d8874b9bd8
SHA512 a5903e609c09dc77ca64282f0ee0e740c541d04b0508b59fab4a7655f6636be00772043cf520935805755fadabb3f17a9d412216c0658dca0aaaf0d353e81a2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 db2d3cde32081633b8c0a0e318b40b3e
SHA1 80dfa954b06cd4c3306419b43d529d73324d2f66
SHA256 e465a7dcbf36fbaa826b2e0be6df45f677b421266d40c11d32cca2fa98627053
SHA512 75639882056679548ef565ace8568d206be3d07ea1e1a891dc94b8e5347ff4120d264373bfb192b66bce4f021170faafc4e3073a68c37b483d8ca59f95837e23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8469e228b624b6972927dff57002354
SHA1 5d8627e433270d149bce12e0a31929ecc66d6d86
SHA256 35c338a78ffef65b6866db5581634da5d5072d03abc8fd075c9bd0c0a68dac33
SHA512 12aef9d3d05761761aa098ccc2001f1eb04db2d5885048aa615fd71ab980c842ff5e1d49995995ef5bc376dfdb98a0f9829d854c673db6fc41f441b326e9dede

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\7dd7754d-064f-41aa-bace-3211626e7cb0\index-dir\the-real-index~RFe5906fb.TMP

MD5 8bd883f5817d0e408a7267ddb968fa4f
SHA1 8fa720449f04c5009e30ac9aa6f540aa725947d7
SHA256 9e00427d2b476c2f23a6480f9cd9b73947d03d91fc8467182811f544a6644198
SHA512 58535fe1310e5a1ef28b913390b31ff03cc55e1d68978dcb615b6cac1c9886d2f0626f3edbcc4630d673204d2802bc6a3ea6ca4cf9d71c227b113c55a14f8ae6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\7dd7754d-064f-41aa-bace-3211626e7cb0\index-dir\the-real-index

MD5 62922966c97271ac916a55169c763062
SHA1 b29efca5d7a69dbd8f46d71277f0f9657bfc089d
SHA256 26368430c8bceed28bb447bc9fe7ec0ce7f7752419ea3bb3009b34e8feb0d2d5
SHA512 688b5a8740d1d76c8adce0ca80a2d21cd90923673c7d8b4a85316ecf88b21114c26226f16898b34b93783475d8f447cc7858e12ab04ec092dd01aeea1053ac6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 e886eb25b42b664a6768f2558fd927b8
SHA1 9cc7ecab5f76a613d9709fe7c8a397223bdaabfe
SHA256 1c0b7a3929a467e1a305ab54d15309799fd935c60bab7ef5b106f1d1fb51bf37
SHA512 dcf71e1d5f5326bf97f87c25cf02cded3da7256566f5fe31e8c351ab637f3925c5df6d50a83e7b08444f664968bdd81a01d5dd104c75bc669ebc8c321f0253d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f76773c608048d4f226ca5ae3fdedf4b
SHA1 1c074398b9dc3773caf9aebfc2f6aaf7dc1d6961
SHA256 3d568015fa6139b5c6d96821a108f3a9afce8acdec966eda6218ac2e5a59dd53
SHA512 996d03c3e98d25bd1d9287b4c549eb6168c5fac6371f735a450e838cf111b2333a6339d885c9d2df8974850f306fdd779d30c6a4dde8cbf76c646df9aea6ca9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8394882676f647d975fbcb0ddd800574
SHA1 8cc12eb1c47519bd1beb67b88b954c20296f94cd
SHA256 82c10094bb0b97f1e0ead975643223fa027f19947bbaa6ec011c04a27e5d1185
SHA512 30e5234ecaa038772a89c2f7ac99bd3897dab51737cb5a5118cec89dd6dea43fc58a289061316d594f3452ef60cba325fe03d0a459b38e2e03a6978f9056ecf5