Analysis Overview
SHA256
9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c
Threat Level: Known bad
The file 9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c was found to be: Known bad.
Malicious Activity Summary
Detect Lumma Stealer payload V4
PrivateLoader
RisePro
Lumma Stealer
Executes dropped EXE
Drops startup file
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Adds Run key to start application
Looks up external IP address via web service
Checks installed software on the system
Accesses Microsoft Outlook profiles
Drops file in System32 directory
Detected potential entity reuse from brand paypal.
AutoIT Executable
Enumerates physical storage devices
Program crash
Unsigned PE
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Checks processor information in registry
outlook_office_path
Suspicious use of FindShellTrayWindow
outlook_win_path
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-14 06:01
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-14 06:01
Reported
2023-12-14 06:04
Platform
win10v2004-20231127-en
Max time kernel
149s
Max time network
154s
Command Line
Signatures
Detect Lumma Stealer payload V4
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
PrivateLoader
RisePro
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\YF5bt14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7ty5jH79.exe | N/A |
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\YF5bt14.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe | N/A |
Checks installed software on the system
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7ty5jH79.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c.exe
"C:\Users\Admin\AppData\Local\Temp\9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\YF5bt14.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\YF5bt14.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x144,0x178,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,6362227366478068568,15334680981983133440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffcf76a46f8,0x7ffcf76a4708,0x7ffcf76a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4153342589918023589,4866051323694924216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,9379338445225790113,10437878364024694844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,9379338445225790113,10437878364024694844,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,6362227366478068568,15334680981983133440,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,8694719340962926034,17037405141852835808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11771087593647230546,3502909986504361024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1540,8140019820115133812,18263034109618583040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10983160986691949567,11800035589686378568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,10818891019385382712,12260532236571248021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7204 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x244
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7648 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 6176 -ip 6176
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 1764
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7ty5jH79.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7ty5jH79.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8480 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 7524 -ip 7524
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 1016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,14490782088061445869,5967957011015351323,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6068 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 92.123.241.50:443 | store.steampowered.com | tcp |
| BE | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| GB | 104.103.202.103:443 | steamcommunity.com | tcp |
| IE | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 34.225.16.118:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | 50.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.202.103.104.in-addr.arpa | udp |
| GB | 104.103.202.103:443 | steamcommunity.com | tcp |
| IE | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| BE | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 34.225.16.118:443 | www.epicgames.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| BE | 74.125.71.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 118.16.225.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.10.230.54.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 193.233.132.51:50500 | tcp | |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 51.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | rr1---sn-5hnekn7s.googlevideo.com | udp |
| NL | 74.125.100.38:443 | rr1---sn-5hnekn7s.googlevideo.com | tcp |
| NL | 74.125.100.38:443 | rr1---sn-5hnekn7s.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.100.125.74.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 74.125.100.38:443 | rr1---sn-5hnekn7s.googlevideo.com | tcp |
| NL | 74.125.100.38:443 | rr1---sn-5hnekn7s.googlevideo.com | tcp |
| NL | 74.125.100.38:443 | rr1---sn-5hnekn7s.googlevideo.com | tcp |
| NL | 74.125.100.38:443 | rr1---sn-5hnekn7s.googlevideo.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 3.232.181.43:443 | tracking.epicgames.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| GB | 13.224.81.91:443 | static-assets-prod.unrealengine.com | tcp |
| GB | 13.224.81.91:443 | static-assets-prod.unrealengine.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 104.18.37.14:443 | api.x.com | tcp |
| GB | 199.232.56.158:443 | video.twimg.com | tcp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 104.244.42.69:443 | t.co | tcp |
| US | 93.184.220.70:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | 2.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.37.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.181.232.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 221.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.178.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | soupinterestoe.fun | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 104.21.24.252:80 | soupinterestoe.fun | tcp |
| US | 8.8.8.8:53 | dayfarrichjwclik.fun | udp |
| US | 172.67.174.181:80 | dayfarrichjwclik.fun | tcp |
| US | 8.8.8.8:53 | neighborhoodfeelsa.fun | udp |
| US | 172.67.143.130:80 | neighborhoodfeelsa.fun | tcp |
| US | 8.8.8.8:53 | diagramfiremonkeyowwa.fun | udp |
| US | 172.67.183.217:80 | diagramfiremonkeyowwa.fun | tcp |
| US | 8.8.8.8:53 | ratefacilityframw.fun | udp |
| US | 8.8.8.8:53 | 252.24.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.143.67.172.in-addr.arpa | udp |
| US | 104.21.74.182:80 | ratefacilityframw.fun | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| GB | 172.217.16.227:443 | www.recaptcha.net | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | reviveincapablewew.pw | udp |
| US | 8.8.8.8:53 | cakecoldsplurgrewe.pw | udp |
| US | 8.8.8.8:53 | opposesicknessopw.pw | udp |
| US | 8.8.8.8:53 | politefrightenpowoa.pw | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 182.74.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | facebook.com | udp |
| GB | 172.217.16.227:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| IE | 163.70.147.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| GB | 104.103.202.103:443 | login.steampowered.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.103.202.103:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| GB | 13.224.81.91:443 | static-assets-prod.unrealengine.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 35.186.247.156:443 | sentry.io | udp |
| US | 8.8.8.8:53 | 120.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.204.78:443 | play.google.com | tcp |
| FR | 216.58.204.78:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| US | 104.19.218.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.218.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api2.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| FR | 216.58.204.78:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\YF5bt14.exe
| MD5 | db42e9be8daa4c8715bd8ea035035c57 |
| SHA1 | 452cd8c71abe0ed7fef1178107a77228e6879ac7 |
| SHA256 | 13c37e63fe208652832ce30bb0259c2b6e596141ab789d8928850a9c2523f698 |
| SHA512 | 5bab982b340004beac6f21cf6b8357bd1ecd45fc21d9159f449f3a8b804181d0943a8697ff37df1600a18eb31ea6841720e5148514a3123903058c179cd72ef4 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1vT52Lm6.exe
| MD5 | 44e97035738e990d56a26e86e163771a |
| SHA1 | 9e8f3456a3cb16e4ae1789eec18ad7c590b35bfe |
| SHA256 | 0d77fcf37de4c8fad295974539e7338f1a7ad068950ebf3bb6357893bd99f692 |
| SHA512 | 246ed78653382943eb32d7bab980afe9c1f801a8d720fcfa7c8e8ea8097881df9ad9352e0c38ca24c4db63d6120d9899c37493b0318386a09635c106d20a459f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fcd8bb32c04fa99657007efde87bbbc2 |
| SHA1 | ce575cef42840e731c9834e27efa02efa0c57a6b |
| SHA256 | 2e3fecfa2023e8f7b14c40277a60b0c781659ae240a32ae2521f7fa0f000744f |
| SHA512 | b87bece2e0850f523206684c555cf80b348f794d51e8e0f7cf9c0ef054fc103885145acde9698dc363e8162aeaa4495a180825836e3fb92d4a3220f3359f57c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e5c27b4a4d5a3c9c60ba18cb867266e3 |
| SHA1 | dea55f1d4cdc831f943f4e56f4f8e9a926777600 |
| SHA256 | 860ed0acc83eb0096cc8911725e2c631ff879ad8c35854577651af502c4b69c9 |
| SHA512 | 56eda28e9c61e8081dadc220d23e7bb3320a9ba557eb7511d17a3d2836aa61f301d1d714a3d611eedd7c4b91886c790af7366b01acdb3b637f3dc4fb024f3f6b |
\??\pipe\LOCAL\crashpad_4368_YHVVFBIVJTHWAHWZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e298147c4595abd1aa9149dda324ba7d |
| SHA1 | e7bd5008bc77150da8d93eb0da2646ec3775ec9d |
| SHA256 | bd9979a01b2c14a60489cf84058f538c9960800d83217f3fec957299796319ef |
| SHA512 | a63ffa3427f47412eddd547e0e1aec9e8533f1dd912d7f042a836cd623a055f72f8b078f30d4322d98b1108465f056bc17eb2b4028f7155146fc5c50ebcd4a93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9b1c0769-244d-4a56-a1fb-0317d5e01aac.tmp
| MD5 | c45136899c9375b506dabbb81822f4fe |
| SHA1 | f58cae5170f02af50be7874f2fcb12d827430c86 |
| SHA256 | 9c9a537d400973f9f0ec1f91b4c6aab9275556c3ce2ed6b6ea9828ef3f518e51 |
| SHA512 | 4b93b9726ffc559a7b0b13e87aa19b30e5695a6886108f0fd079e59163a41735d0a39b3aa817abcff89cb4c4bc158b44890b19443e3f59546c69f011d83b9519 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5d3fc56cf8765874cde382f5de35c9e2 |
| SHA1 | 950acf9d6ea17eeb03535580a42fecacc7f9baf2 |
| SHA256 | 40d95fbbb99bb3970978e0eff70243ceaa12170bb18d11749942c4e1be8a097b |
| SHA512 | 725480321c74cd6b03a6bf4c7bf6834ed8927579966a8ce14660fcc213dc0396aa20af242abbb05ffce0144d3e5cbec11d127ce8a666e4c45e5f164d45d819b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3dabaa41445bcbb6e8add6858db6eaff |
| SHA1 | e29c3d2985ee197a05a12906e5ad845edb67c0f2 |
| SHA256 | a42f22c8a296fcd3b3968c3f4bdc17e655b6dd04fe34a69cb168ebb0ef8b5117 |
| SHA512 | d8a3b0230cf6704e1aad61c8512092f15a14482942a3c6506fe6d2b205745be3739adc4496be5b3dd8b12baf0f44a3f7ca7246dcef2b49a369ff286015ef3816 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ki3559.exe
| MD5 | ef5c1ec128ac1822358d9281dcf3b710 |
| SHA1 | e0c8a7594d258b02e691f0bf85a289490ee4c110 |
| SHA256 | 183181709acea935fa0e22bcae4c80d05d090283ada960a0a386aa930c588ed9 |
| SHA512 | 82b5bb583c02c55aa425a939307bc17bd89644d2f6271a3cd7fe640423bee61f1e1ece424e12633b8e82ea78012da838aefbee5321b0d4013f2ff2707ebcc05e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6e97512ba7e8ce74e146d12ef431a7a6 |
| SHA1 | 4dab6b00d214db4e746fc1f0936c9cb7de89767e |
| SHA256 | e575f3dcbe55aab29af1de4c6afe36567a36a6031872f11237bb65a9b2bc96cd |
| SHA512 | 58936ca210a2f0ec7ad1cc88d9eb3f8419a7c966d63ef49992d8722827907ee35ce501f2411255ffe00f0e69852f3fe4d25eb5b31011d1a826af1b2bbd7251c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 869304f9d02d66d6ba92d39c6352f4a5 |
| SHA1 | 824ebeb706857f007941b66a958573b34ff3d537 |
| SHA256 | bde71a0d3b69d2040190fe681162bace8fd03add81d183c54ad5cc809d4b5738 |
| SHA512 | 09c33f40918bdbc5123fe35e9cd01e5fe300a641879008785b9d1eb181032c285251fbdecff876e0406fa1baf49acdeb0b63e76439cbb7015fe10b0fcaf6ca56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c63f9f67ba9bc4778927c7f2273d957d |
| SHA1 | c30e426f706244e037190b141133b4083584a2d5 |
| SHA256 | 529377b6223f8741d41c0133741c74934bce9f7175a424e4aeffb38a445c1d89 |
| SHA512 | e9a3e27d313129dc8afb022ef31d2fff7ed30902a7213119e060af4bc632dcdb25282b2d33f9d4f1bd43626b9ac4395eee7dbd92fbf5fb8f49f963a42fa9262a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 61cd5b305856969c890920281309b74f |
| SHA1 | 21edaf6fc6fb087e13044004d5c05076077bc03f |
| SHA256 | 953dbd6257b363f4ce789ae72dfe4d3418663e2dae417d0369bd5f88f5bd3085 |
| SHA512 | b7e9c941c9e31920ae26e11adbdac6e032eee84b847a62d0d1d18cfd69ff29568e3c34be9715148645cee92a0bb126b7509ed9eeda29f15801df49efd191da30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 35e94d06323c1d1599cfdac5a225c2f2 |
| SHA1 | f5732c4c60a0e62ae778bc98269f373b8ab20bc2 |
| SHA256 | 8dc48be7d0d28e2b9b75adc0e800d9304f181e04ad942193439af1f69339c0bb |
| SHA512 | 7d3fdfa552a6b9230fb2fc4afaeb3b67942fa58d5124a08a3dceb05541cafdc3217236ab7877abca1db8bc708396ff63ddc0dacb3697840515d0eda5913dc91b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 8ef171b21e3050fafe9d9992a7d5e1b9 |
| SHA1 | ee51c7b92feea25f953c14fe8a59499eb89e1174 |
| SHA256 | 0690bbec232581d829acaa339e3b7303e8cc0cfd78682103d7187c4d1d14d256 |
| SHA512 | 44fc04b9c5a7ce506670401512b5b1f8a2e64db3324b40ba0b8d9e5230af174cca9f1580dd0820ceca4ed49f05f286dbef742f3e708f79a2d8269db013404553 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 06f4d214bf78af9773d4e3c1495758ab |
| SHA1 | 1482f338a3586df8cf7f1bf51ac3587f877607d0 |
| SHA256 | 6f3ee9ff582e77d901bd934b65c89801896e794001f5c88adfbb49afb1e03611 |
| SHA512 | 03a51f5829a41fe272b88c87377e6d9bbff2437cf5a4b55dd03951fd56491cb2636e81a60db12f3fca51390aa53a2f82e2149de626f8af935454e2819fa48f1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 7a769ad25f28b2d84da316f5e47b7a5e |
| SHA1 | db5c891210cb9228e1ef58f3d1adb3e481694ae4 |
| SHA256 | ea7e825ee006e21b0348dd5f7211ff8d8ae17f0d44f70369ef4e8193c7814e0d |
| SHA512 | 60715466cf5863d652e613d6910ef3a8e2e7c21673266c01853b5d472fa9dc9cdb990357cdb4fc2f4c38a5b1c3c60423954d7b9b65eabfeee1b285f506a9aadd |
C:\Users\Admin\AppData\Local\Temp\posterBoxHxWbvBAiIg94Y\ZunTSaNJLBVfWeb Data
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Temp\posterBoxHxWbvBAiIg94Y\QdX9ITDLyCRBWeb Data
| MD5 | 21363921c6943b0ba12e8c3cbd47a7fd |
| SHA1 | 03bb94c70b12783c4d1962cc7cb9f752ff8a9a54 |
| SHA256 | 2f023e72c5bc9804a60441c14980fa8de30d3118e3d7ce67d8951989b1d90c4a |
| SHA512 | 3749d95295a281e18f7eca6bdecc45d0d08bc98a4da5d5b8ab21cd5022eed125b1b7a4b96c70ed486750be4eabd4da325ab9a7a1fb497dda4c4f30f9adf8da43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Temp\grandUIAHxWbvBAiIg94Y\information.txt
| MD5 | b45de444b95a6b54be621ed0c2a3b27f |
| SHA1 | aa5fdac929f254c2915a11d801a7e9d14ab6f4ac |
| SHA256 | 19c78efdb995322603ba4937efef7588f454c084eb4de667941cf5b4774d1483 |
| SHA512 | e77283233210687dc1c1712c6c3c2b0a2b3df394b4d150da92da5d8fcc554ede224326e9ed24c06b8462ad9b18141a13b326be3a391121e298ece66471ddbd7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 97adc9204339b612196a7a2aa896561d |
| SHA1 | 939a3bc7d01776703e978d0a090433a0ff341680 |
| SHA256 | 9c09b0c468f7c21666c3d6a3c81cc299c2b96954ac3281eb1dcb3732a05c7b2c |
| SHA512 | d6e76c32e39b3a9b2da7d75e7628ac3451aec34c68c3a7bcb27552fd2fb3aeb4db4cb09570778402e6bb5069f954cc16150cdc694a786e75f89ad56dc4ea6ab6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e5ef7c3f8d5b8a3e180f87a62d62b521 |
| SHA1 | 226e3febbe634c3c5fb74708a4d1a34b4db88913 |
| SHA256 | 57c49f3daa2cd58e13847e7449c71acba40a67c0472b78610fe8c17937b2b3a3 |
| SHA512 | 22fe4cdb0f3a01af96f91101d332ba86d127af1703695765fe23fc444816e66954ef789720b681f176a908b91459fb66564828688ee4079137c83b8a2cb39bda |
memory/7524-681-0x0000000000B70000-0x0000000000C70000-memory.dmp
memory/7524-682-0x00000000024C0000-0x000000000253C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | e30738d93d6789672ce8e1c4bfe275a8 |
| SHA1 | ce2195ec1f2e3830b9a106a9dc8d7fa5397d10fc |
| SHA256 | 7d60046d1238ff11bdf616d83c212ad6866a7cc630ee9be8580050dee7f74832 |
| SHA512 | e39c9590f558477a1b823de555bf27542a725566d8bd839a1c493459444d49d755445d8ff34f59681ede12a8e654c5a7fc34b6008c9abcfd65d09f6b1b523a65 |
memory/7524-695-0x0000000000400000-0x0000000000892000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/7524-743-0x0000000000400000-0x0000000000892000-memory.dmp
memory/7524-744-0x00000000024C0000-0x000000000253C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | 909324d9c20060e3e73a7b5ff1f19dd8 |
| SHA1 | feea7790740db1e87419c8f5920859ea0234b76b |
| SHA256 | dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278 |
| SHA512 | b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | d55250dc737ef207ba326220fff903d1 |
| SHA1 | cbdc4af13a2ca8219d5c0b13d2c091a4234347c6 |
| SHA256 | d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd |
| SHA512 | 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e
| MD5 | b3ba9decc3bb52ed5cca8158e05928a9 |
| SHA1 | 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0 |
| SHA256 | 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4 |
| SHA512 | 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c2f2bbfe77b3bbae3541c756b00608d |
| SHA1 | 5de5aa8c277a62216a5047eb0537c6a2adeda322 |
| SHA256 | 8262bb09a1b0480d952afa6e00c21fac1d47e0cc0fdd55ac009fd010182aafbd |
| SHA512 | 014a77b711ac390a7e418934d2e39f9eb8187a09d41071ca0651153da4f36c8283652277daf54926ca1d957c150be1111c61fbfbf73874bd635042171f4b1d6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 69970320c9daeb640da9b7895b5bb9ea |
| SHA1 | 6f5a2cc3f42a4ae98a57d5dc0b6614aa10bd3a32 |
| SHA256 | 92c985b62106ce9f6bc9569c65aa95ce2c4400bd757f7a7dd57947b1e966a710 |
| SHA512 | 842ab1cc95ec7186240d1fb0ac9cc8019a19c66f40025a8d39fd42c31ee81770fc4b63bcd4a6617302065a61e82227b86bc679446f92be7e725c7a673937cf21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5850ab.TMP
| MD5 | 852527856824e9ae7a977053832422ef |
| SHA1 | 5bcb857cccdc6b7b53b5ae5aa3f56ef1d214c5a2 |
| SHA256 | e7a60b18151fb31e30300f8f05e7fc177e8bdf1e18d8f0dcd5aac69c6ac51987 |
| SHA512 | a47582db143951dc6ee86be1b90cf02a7cd7692e5ea45bfb9ddcbb5ce347a76b98627bf4eae343ea8c96f09859543b746bf2f58bbfd397e49b970738ef7506b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e8924c1b-be94-4d86-880a-5c1012bdd04b\index-dir\the-real-index
| MD5 | 2a5766f763e8e9596d4ea2de6ad98a83 |
| SHA1 | 29b29dde29a130021b5181a103ce088dc8c454c3 |
| SHA256 | b21a63c486009d34b06625d8a009dca8c05e5d7a41ced1a2fd97e754d78eb836 |
| SHA512 | 4bf5e2d9d46f42c6ba9aae12ef5023fd78044d27c608a211841cee1f80ecd7f8cef6b61e0a1220bf319e6a1991b73e02d6eafbf33071444b08dccda77f084ea8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e8924c1b-be94-4d86-880a-5c1012bdd04b\index-dir\the-real-index~RFe586963.TMP
| MD5 | 6efe0b38d2eefffedfd22343c83d9c1c |
| SHA1 | 55c97dc42e90d334fdcd6e49eb0cd1a2fdde617e |
| SHA256 | f2a289d951a5dc4c31c6e9210b3fff1fdb739c0f2fff249f709e644a786217b2 |
| SHA512 | 23218692b36ca0016fa882aef3b1338538e361c03b42516da42e78b2a81e4765aa6b96c5434cd1d51a2f7a8d99a21797767e4349cffd79cb5f59318e8028e72d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | fcba32b5a44b8fd90f3281806e58bc99 |
| SHA1 | 555fb0237f76038f1f00a48383e901fa528b8c37 |
| SHA256 | abb19866e8d52b734be7a70fcda0aefe47f94c0850b08eb5353caa5617643a62 |
| SHA512 | 7cbe2bb65764b4637cb44d6374c8a32c1d009ab226a823c75f1eb7a2eae7a927d3fcfddfefaca7f8348c4e83f764bb5fac541f16db0a6aa7082a510029e42e28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 3203d9b8700fc2f515aa84a6c6d6992f |
| SHA1 | f2dea2c26b06142b284fa5e6c71c18c41ad1a9da |
| SHA256 | 9c98ccdecf49807df658a88e7624e55847e9a21c26fe87726bbfbcf332d649a6 |
| SHA512 | bbc1130925a55961f8feb8cc54887f107fe23678af9d7b67bda1cf914b8efb08ad9e04d48fe0f1dc808652c026730a3b3ae45e097a8dc73c0a9b90a457a90176 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 413ef461bdb2461a1c4c9ef12a7489e2 |
| SHA1 | b47c92ef311a92580318854ac22f7c7197d9ae4b |
| SHA256 | 5dfc8e37fff7ba46be690cbd22f072814694d272a79b0c7451f4436f38873a14 |
| SHA512 | 63a860f165f07d70428f6d774a2490246e2c5612a7bedd9c98ea9d2aa06b658f6a920cdb36eb5cd48c05b930328827fb427e595d4a04cccd6ef1051729e51245 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ec7c6ad49698617ef746e161b8777cca |
| SHA1 | 39aca18d24682fe06d360ad147f20510160adb51 |
| SHA256 | 410b56e8b1aaf2f96f19b739b7da05e77a1852665fe4584af906b679aa1c6843 |
| SHA512 | 39729f329c316cd09e524ac6a8e25d2bfc28aef9be3c85cabb7292359c146e2399e26c10f9db43c87562b98f3434951be1ebc07b7088f891bacd0a0f9b695c15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4c5ad30a82dbd577d1f41e4b0af1d296 |
| SHA1 | b82b38f18d90c6bc23c44d72bf8b6cc4d126d34e |
| SHA256 | 334ecd66da18433f5bb83e0bbc591d238a01bfb742fb449a733dbb29481a2089 |
| SHA512 | 541ef173f4ac280d046012da4f77e43a84ffb5ed96d94a3085ee3c23057aed51476f205c686f4202259e7bb01b23e2391dbb2e245d28a22baee47240aab7bd1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a4c7.TMP
| MD5 | 4c92fcf8b3fc248c91b06aa5f33301dc |
| SHA1 | d4429b9915ae5d4a1b631bde296153fd5cd0eb0f |
| SHA256 | d8c6573beb856b5c391c81f497573fdbbbe66892a3de201617a6206f5c08dc04 |
| SHA512 | c423cfb34c9ff2ef43655353fd476e9ce2098278c576b20bc7c4f4b35e8c0a5d63cb59e27d36c27d15e1bfeb03728473ad21c892e12ba42792c953c3e0852727 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 72c606714f61fbac5e14af7200966e33 |
| SHA1 | d14a68fe13b4d76a2114d023cca5396d99025416 |
| SHA256 | 25c3577229e2b88f749a7f4c62bc2a969d28d5d65a11acb9471466f4fbb91143 |
| SHA512 | ec25d71fbb14ab7447c719c4ffb24b9c8e252234d91870f3e6e0f6117b5ec362661933495ba84139a882d478e9eb9d340330c2d2e898ca183dc44d788ebe865b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8d09a955173de149214de8245d0b645a |
| SHA1 | 603aafb7c104b7e77d792e4ec1f090b734465f59 |
| SHA256 | f18f9363dca81c57ec6500f56341b8a24f02b71843418ab4498674d8874b9bd8 |
| SHA512 | a5903e609c09dc77ca64282f0ee0e740c541d04b0508b59fab4a7655f6636be00772043cf520935805755fadabb3f17a9d412216c0658dca0aaaf0d353e81a2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | db2d3cde32081633b8c0a0e318b40b3e |
| SHA1 | 80dfa954b06cd4c3306419b43d529d73324d2f66 |
| SHA256 | e465a7dcbf36fbaa826b2e0be6df45f677b421266d40c11d32cca2fa98627053 |
| SHA512 | 75639882056679548ef565ace8568d206be3d07ea1e1a891dc94b8e5347ff4120d264373bfb192b66bce4f021170faafc4e3073a68c37b483d8ca59f95837e23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b8469e228b624b6972927dff57002354 |
| SHA1 | 5d8627e433270d149bce12e0a31929ecc66d6d86 |
| SHA256 | 35c338a78ffef65b6866db5581634da5d5072d03abc8fd075c9bd0c0a68dac33 |
| SHA512 | 12aef9d3d05761761aa098ccc2001f1eb04db2d5885048aa615fd71ab980c842ff5e1d49995995ef5bc376dfdb98a0f9829d854c673db6fc41f441b326e9dede |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\7dd7754d-064f-41aa-bace-3211626e7cb0\index-dir\the-real-index~RFe5906fb.TMP
| MD5 | 8bd883f5817d0e408a7267ddb968fa4f |
| SHA1 | 8fa720449f04c5009e30ac9aa6f540aa725947d7 |
| SHA256 | 9e00427d2b476c2f23a6480f9cd9b73947d03d91fc8467182811f544a6644198 |
| SHA512 | 58535fe1310e5a1ef28b913390b31ff03cc55e1d68978dcb615b6cac1c9886d2f0626f3edbcc4630d673204d2802bc6a3ea6ca4cf9d71c227b113c55a14f8ae6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\7dd7754d-064f-41aa-bace-3211626e7cb0\index-dir\the-real-index
| MD5 | 62922966c97271ac916a55169c763062 |
| SHA1 | b29efca5d7a69dbd8f46d71277f0f9657bfc089d |
| SHA256 | 26368430c8bceed28bb447bc9fe7ec0ce7f7752419ea3bb3009b34e8feb0d2d5 |
| SHA512 | 688b5a8740d1d76c8adce0ca80a2d21cd90923673c7d8b4a85316ecf88b21114c26226f16898b34b93783475d8f447cc7858e12ab04ec092dd01aeea1053ac6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | e886eb25b42b664a6768f2558fd927b8 |
| SHA1 | 9cc7ecab5f76a613d9709fe7c8a397223bdaabfe |
| SHA256 | 1c0b7a3929a467e1a305ab54d15309799fd935c60bab7ef5b106f1d1fb51bf37 |
| SHA512 | dcf71e1d5f5326bf97f87c25cf02cded3da7256566f5fe31e8c351ab637f3925c5df6d50a83e7b08444f664968bdd81a01d5dd104c75bc669ebc8c321f0253d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f76773c608048d4f226ca5ae3fdedf4b |
| SHA1 | 1c074398b9dc3773caf9aebfc2f6aaf7dc1d6961 |
| SHA256 | 3d568015fa6139b5c6d96821a108f3a9afce8acdec966eda6218ac2e5a59dd53 |
| SHA512 | 996d03c3e98d25bd1d9287b4c549eb6168c5fac6371f735a450e838cf111b2333a6339d885c9d2df8974850f306fdd779d30c6a4dde8cbf76c646df9aea6ca9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8394882676f647d975fbcb0ddd800574 |
| SHA1 | 8cc12eb1c47519bd1beb67b88b954c20296f94cd |
| SHA256 | 82c10094bb0b97f1e0ead975643223fa027f19947bbaa6ec011c04a27e5d1185 |
| SHA512 | 30e5234ecaa038772a89c2f7ac99bd3897dab51737cb5a5118cec89dd6dea43fc58a289061316d594f3452ef60cba325fe03d0a459b38e2e03a6978f9056ecf5 |