Malware Analysis Report

2025-01-02 04:21

Sample ID 231214-h4af5scafr
Target ed71aebc3e881925402002afc9d33658a3dbf77f068c26a412b48667c4be7724
SHA256 ed71aebc3e881925402002afc9d33658a3dbf77f068c26a412b48667c4be7724
Tags
lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ed71aebc3e881925402002afc9d33658a3dbf77f068c26a412b48667c4be7724

Threat Level: Known bad

The file ed71aebc3e881925402002afc9d33658a3dbf77f068c26a412b48667c4be7724 was found to be: Known bad.

Malicious Activity Summary

lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer

PrivateLoader

Detect Lumma Stealer payload V4

Lumma Stealer

RisePro

Drops startup file

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Executes dropped EXE

Adds Run key to start application

Accesses Microsoft Outlook profiles

Checks installed software on the system

Looks up external IP address via web service

Drops file in System32 directory

Detected potential entity reuse from brand paypal.

AutoIT Executable

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

outlook_win_path

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

outlook_office_path

Creates scheduled task(s)

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-14 07:16

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-14 07:16

Reported

2023-12-14 07:19

Platform

win10v2004-20231127-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ed71aebc3e881925402002afc9d33658a3dbf77f068c26a412b48667c4be7724.exe"

Signatures

Detect Lumma Stealer payload V4

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

PrivateLoader

loader privateloader

RisePro

stealer risepro

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\ed71aebc3e881925402002afc9d33658a3dbf77f068c26a412b48667c4be7724.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gg8Yw60.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe N/A

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe N/A
File opened for modification C:\Windows\SysWOW64\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2148 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\ed71aebc3e881925402002afc9d33658a3dbf77f068c26a412b48667c4be7724.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gg8Yw60.exe
PID 2148 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\ed71aebc3e881925402002afc9d33658a3dbf77f068c26a412b48667c4be7724.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gg8Yw60.exe
PID 2148 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\ed71aebc3e881925402002afc9d33658a3dbf77f068c26a412b48667c4be7724.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gg8Yw60.exe
PID 2840 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gg8Yw60.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe
PID 2840 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gg8Yw60.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe
PID 2840 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gg8Yw60.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe
PID 2184 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 3196 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3196 wrote to memory of 1080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3196 wrote to memory of 1080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2868 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2868 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3600 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3600 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1324 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1324 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 4780 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 4780 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2176 wrote to memory of 3316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ed71aebc3e881925402002afc9d33658a3dbf77f068c26a412b48667c4be7724.exe

"C:\Users\Admin\AppData\Local\Temp\ed71aebc3e881925402002afc9d33658a3dbf77f068c26a412b48667c4be7724.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gg8Yw60.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gg8Yw60.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff970da46f8,0x7ff970da4708,0x7ff970da4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff970da46f8,0x7ff970da4708,0x7ff970da4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff970da46f8,0x7ff970da4708,0x7ff970da4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff970da46f8,0x7ff970da4708,0x7ff970da4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff970da46f8,0x7ff970da4708,0x7ff970da4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff970da46f8,0x7ff970da4708,0x7ff970da4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff970da46f8,0x7ff970da4708,0x7ff970da4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff970da46f8,0x7ff970da4708,0x7ff970da4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,5053092882935441660,4848314511557700160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5053092882935441660,4848314511557700160,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4872906805102882381,2907111656400272730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,17377629797612866285,5862268556061187710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5156715122570517320,2539988886317501782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1704 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4872906805102882381,2907111656400272730,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,9324086667297823185,18164800019167397263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff970da46f8,0x7ff970da4708,0x7ff970da4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff970da46f8,0x7ff970da4708,0x7ff970da4718

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 6520 -ip 6520

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 1716

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dN3Hk68.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dN3Hk68.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 7440 -ip 7440

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 1048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8180 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9894016064763188085,759500718510619152,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1384 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
DE 157.240.27.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 35.27.240.157.in-addr.arpa udp
BE 64.233.167.84:443 accounts.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 twitter.com udp
US 3.232.47.168:443 www.epicgames.com tcp
US 3.232.47.168:443 www.epicgames.com tcp
BE 64.233.167.84:443 accounts.google.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 92.123.241.50:443 store.steampowered.com tcp
US 151.101.1.21:443 www.paypal.com tcp
GB 104.103.202.103:443 steamcommunity.com tcp
US 104.244.42.129:443 twitter.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 92.123.241.50:443 store.steampowered.com tcp
US 104.244.42.129:443 twitter.com tcp
GB 104.103.202.103:443 steamcommunity.com tcp
BE 64.233.167.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 84.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 50.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 103.202.103.104.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 168.47.232.3.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.92.85.52.in-addr.arpa udp
US 193.233.132.51:50500 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 51.132.233.193.in-addr.arpa udp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.x.com udp
US 8.8.8.8:53 api.twitter.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 104.244.42.130:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 172.64.150.242:443 api.x.com tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 104.244.42.197:443 t.co tcp
US 192.229.220.133:443 video.twimg.com tcp
US 93.184.220.70:443 pbs.twimg.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 242.150.64.172.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 220.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 3.231.98.65:443 tracking.epicgames.com tcp
DE 52.85.92.12:443 static-assets-prod.unrealengine.com tcp
DE 52.85.92.12:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 12.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 65.98.231.3.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 104.77.160.204:443 store.akamai.steamstatic.com tcp
GB 104.77.160.204:443 store.akamai.steamstatic.com tcp
GB 104.77.160.204:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 facebook.com udp
IE 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
IE 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 204.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 soupinterestoe.fun udp
US 104.21.24.252:80 soupinterestoe.fun tcp
US 8.8.8.8:53 dayfarrichjwclik.fun udp
US 104.21.80.57:80 dayfarrichjwclik.fun tcp
US 8.8.8.8:53 neighborhoodfeelsa.fun udp
US 104.21.87.137:80 neighborhoodfeelsa.fun tcp
US 8.8.8.8:53 diagramfiremonkeyowwa.fun udp
US 104.21.18.224:80 diagramfiremonkeyowwa.fun tcp
US 8.8.8.8:53 ratefacilityframw.fun udp
US 104.21.74.182:80 ratefacilityframw.fun tcp
US 8.8.8.8:53 252.24.21.104.in-addr.arpa udp
US 8.8.8.8:53 57.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 137.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 224.18.21.104.in-addr.arpa udp
US 8.8.8.8:53 182.74.21.104.in-addr.arpa udp
US 8.8.8.8:53 reviveincapablewew.pw udp
US 8.8.8.8:53 cakecoldsplurgrewe.pw udp
US 8.8.8.8:53 opposesicknessopw.pw udp
US 8.8.8.8:53 politefrightenpowoa.pw udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.213.14:443 play.google.com tcp
GB 216.58.213.14:443 play.google.com udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 192.55.233.1:443 tcp
GB 172.217.16.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 8.8.8.8:53 c6.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
GB 172.217.16.227:443 www.recaptcha.net udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 login.steampowered.com udp
GB 104.103.202.103:443 login.steampowered.com tcp
GB 104.77.160.204:443 store.akamai.steamstatic.com tcp
GB 104.77.160.204:443 store.akamai.steamstatic.com tcp
GB 104.77.160.204:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.103.202.103:443 api.steampowered.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 104.244.42.130:443 api.twitter.com tcp
US 104.244.42.130:443 api.twitter.com tcp
DE 52.85.92.12:443 static-assets-prod.unrealengine.com tcp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 193.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.178.14:443 youtube.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 187.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gg8Yw60.exe

MD5 d720c9bbba03a8365dbbb52307aee3eb
SHA1 101ca76b7e173f34e2800ee704221c9de31c44c1
SHA256 b181286f044c1aa60ec533948168de84877e879396958ddb1493d43504c1c10b
SHA512 8ef6239a6bd5418522437c6a8397140c7d64b85751167b45ee3758ad42e12c6180b4002a9e7c21952ada1eaa3914b77f53fef4c50ca98d7f46e78252a5bf4294

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xA71Ml8.exe

MD5 aa7c6cbcc6a67632dd5d029056950506
SHA1 ead2b696e1fc88c7996a12396102882c05aec775
SHA256 4ac991c189f978c8fe1eadc8e45259fbb37389be280eb12189f8fffcb634b6f9
SHA512 14c3c10ce6b018b06cca9fb8d13e76c86a670d3ba02e8c218f6a961767c65f1c3e094a2f6ed7ee919af28ab2b1528e4327b04e2e6aea73186a5372042e9af103

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 001e6accd2295500f29c5aa029f13b83
SHA1 ab18a2236828927b4c0927fe97991f395f587b9b
SHA256 488b5425924289b246663eb3e7820375e20335c948e1116c5e06a46ab6306df9
SHA512 295630689f1e63fa6d9f32dcbf54df669d87570deb0cb12b7b2f804a02a54fc5c9a8b94da3addbe0398da019816084ffd6639a9430e868500a5361c9c2eaca95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9757335dca53b623d3211674e1e5c0e3
SHA1 d66177f71ab5ed83fefece6042269b5b7cd06e72
SHA256 02f0348e2af36f2955efda1613dc6480f1c68c8e55f19590b7b58e9355c6a940
SHA512 f13351398f5dd5b6cf638b174dc50ddc782b690c6d4736d48941923a3425b5dff4a9aa0da22773e9abc9559d40f020f268018db902e0a7772b7b1f4d21126f21

\??\pipe\LOCAL\crashpad_2176_FJSPHPBSEFVCKVBF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 abb1754e9b3985d4e5d72b95a782274f
SHA1 d6d7fb99e9be151789e2a582e665d436e5a8928d
SHA256 6bff2502491b8e1a4ad843479b7d694f7b0f1c014071983c5c8dab3a8ec84b54
SHA512 3d43638a050f442edfe7adb7703898f4c5d0500b2100427b94f30aa1f3185b77bd536c99dfcbbe5666c48fffac37790b87593fbf7822ea2646f65f0370ba2889

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 37e9f037b4cd3c68bbca4edad799e4fb
SHA1 bbf8a4e22e04d436e4d2bd88641f3d3def44b63b
SHA256 0dd9645f9624d3541ca5d2c9483766d7e9a03c564bdd0965ad3e2f6503b37f6d
SHA512 d556b40d711d5ab02c24452be15d1895930494ed037ca9ff5c9fe4fb48dcf948dff7d6c92f7c7413c0e17c4d2de0e09d5264d470a98460b2e23543526173a080

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9b0dc7ab7ef4e1b45a4df7d43365aec5
SHA1 dd11755ddf57f078811deee8a5abcfeba184f0d9
SHA256 4d5e6a2110169f4fa9d17a8cb2f20fdb0bead14629bca7bca8e67ef01b21891a
SHA512 63fd944daa2ee88d48d9dc53d3b345b68c71504f56439d9497a11304b25b59df9e7c9e7a1dd1861fe425337771b61371e6a524e5698fae3197773aa404e8b0f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c4271e1ba96c56eb75615fa140b46e20
SHA1 7b1208c01d0c64a1f34c355d72512ee41cfc3cbb
SHA256 2a2b81cc98aaf1e9fdbfb0e29b69b261f1352086790c98987917fecf2d8caeb5
SHA512 95718f24b6ab8c219f5975d07fff9752bb737fdede82d54ba83b94e5dcb44c49b981e5f508509d7613a4086125a95b31fb75fa5dfc8164ef6468e448617484f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 078451fae2eb96e7dbacb0b54216be68
SHA1 9a2db89d324ed8558b2d986723d6eda539447459
SHA256 1322376b9e6e28fed14174f624402aa4197369776f94fba16726518765c949c9
SHA512 1285a0545f9d7e79d1bd185b35bcd0a862c8f5156e1fd3cf45434c5187087c3ff8ed197df5414ad8923cf8d6f5b7679e7f184b2fb25ff9706203c2b37f1a71c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4bf6bb8cfeb9808c55c230e104491072
SHA1 9b5cd7065056920fb3c5694b8785f90a309ae213
SHA256 d0561d04a41820a50a196f0ec9dd84057af6e47298f75c6e4528b03584d62a90
SHA512 2533eee84bb4da466400e8f571a0082f77b461048f242a8ceb43fa24f5b7e440e1f65909b0de5e9560f7d7c94b760cb716f28225c890896c7b4236098e68ea15

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2nE9828.exe

MD5 ef5c1ec128ac1822358d9281dcf3b710
SHA1 e0c8a7594d258b02e691f0bf85a289490ee4c110
SHA256 183181709acea935fa0e22bcae4c80d05d090283ada960a0a386aa930c588ed9
SHA512 82b5bb583c02c55aa425a939307bc17bd89644d2f6271a3cd7fe640423bee61f1e1ece424e12633b8e82ea78012da838aefbee5321b0d4013f2ff2707ebcc05e

C:\Users\Admin\AppData\Local\Temp\posterBoxFYQauopkUdTZP\ZunTSaNJLBVfWeb Data

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Temp\posterBoxFYQauopkUdTZP\QdX9ITDLyCRBWeb Data

MD5 ce7f99b32cf0d8473697dfcf8fdcc1d7
SHA1 001451a4f514f593a55bcf2c50a3a22a926a7231
SHA256 8a57ebc2f09a2c28da6e9bfd41e48953d06c99dddc7103df08fefe90d446d350
SHA512 20be27aec29b8666654a8ff2ec43738e2727073611fa085a26c672f36c04e42b0688b1c146b23c3d188a2f9a5483b9a057064ae7a293064caba2dbd55bf81767

C:\Users\Admin\AppData\Local\Temp\grandUIAFYQauopkUdTZP\information.txt

MD5 9663f3f70796b8b44b447ed0bec2c8d1
SHA1 7a6a275e95afa75cb44c9f4c24daee2c53e013a9
SHA256 b34a0b6815fe3b65f54dfa3671871ae4baf5959309759dbd7aef1095551da1c9
SHA512 fa4de9b36bda404772615f57636e75ec4570573ed9ca8498026296fbfc60602b39b23ae6d1acfcf25854c2e468ffd21dee99fcb1bf1671fc002e09eea527c3d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 89357eb544101d1f64c3ea2a4022c9ca
SHA1 c6cd5114f299d689c203ff5e8c93bdd8631bf780
SHA256 b851716aead4922936b8091ed71ace316239c52e8c2029f92de8ae26e7feafbd
SHA512 2fefa5a2d9aa08d027e1274295b2654e5d7dbad30b6f38736431782b6a248d4655cca1c970959ebaea6ac68255a00fe731c3234c93eb602563bb62d344825814

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 449812ae104964c1adb5bc7e6304ac9f
SHA1 d4c5e6e0ee1249bd12d94ca4ad6f9f32babf8dff
SHA256 160dd7c16f079ae06543cbed7d18c3eccf7f3cbb65c7090db18cf468c387b58a
SHA512 b35697482cfce7dea6f0420067b8b5a86673af50dfefcbf2bbb2eaa5d7aa1827bb54173a9f78f7d14ce8ef4e7febc12ec68d9276b2dd8728ccceffc6cc6ec5f8

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dN3Hk68.exe

MD5 700a9938d0fcff91df12cbefe7435c88
SHA1 f1f661f00b19007a5355a982677761e5cf14a2c4
SHA256 946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818
SHA512 7fa6b52d10bcfc56ac4a43eda11ae107347ba302cc5a29c446b2d4a3f93425db486ed24a496a8acd87d98d9cfb8cad6505eb0d8d5d509bc323427b6931c8fff8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 c0499655f74785ff5fb5b5abf5b2f488
SHA1 334f08bdb5d7564d1b11e543a2d431bd05b8bdd1
SHA256 6aa332a4d21802b2dbcd08e153764da60f538ceb0daaaaf7504ba8f67c08ef03
SHA512 5f0cec6dd823f2b3ac62017383dbbf71ed38893724312ec75e73fb197e0bcd5418bb70fdfe9150f5ca495d5f8547d8a08618bdacb5010514a3cb1101437d698e

memory/7440-472-0x0000000000940000-0x0000000000A40000-memory.dmp

memory/7440-473-0x0000000000B60000-0x0000000000BDC000-memory.dmp

memory/7440-476-0x0000000000400000-0x0000000000892000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

memory/7440-530-0x0000000000400000-0x0000000000892000-memory.dmp

memory/7440-533-0x0000000000B60000-0x0000000000BDC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

MD5 b3ba9decc3bb52ed5cca8158e05928a9
SHA1 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0
SHA256 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4
SHA512 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fa2f.TMP

MD5 bbce18183ee1287098be696880441b9c
SHA1 883185834420dd1cf15a6316d8725345a1cacd0d
SHA256 a07a21f19d76140ad88d1f936e25ba4f6291492355ddf885ff444b202321e9f3
SHA512 ef4fb9704f5bd7a513bbf2de54aab63fa04b4bbf207814c618232eec6e9a2e3fbd5000641e4846349ce5f0c3dfd11bfc5e022538ca69c103fb7d3f874fe538e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d4af07d196d32b6b70dba040f22f09c1
SHA1 65d113d3b4238ceaa18cbed3e48c7312f632772a
SHA256 43b9f3827c49cf9324ad4c84b2593570bed535d05b3b97bc813c314854c50655
SHA512 f926d922f60905bf556abc5445f578ec55afd0e144b22fba88d00b63efaa550bda2c643ffb6f70453266a8009e2aa55522db7f83bbd50b09f2e80c000afab378

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 802cd0fc9277f5c80347abfcad1d2e8e
SHA1 209882205b1e85674fc4ea754ff415ab8b487c2b
SHA256 077f6b060ba29183f1c8e8df32d8aa8c2d9d8f446c121cf50133861443bf71eb
SHA512 cb3dbbdca2ec04b4429e15eda2c247af80c602a2217829e4fc8946b1ae0d05e93888f1453dd2671f78fd2e3476f3532bd81008cec30055d4b09295df4edbc7fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 e2a80f981aabea4bf08200f0229f8a48
SHA1 4471934fc63c4ddbdae5dcd7210388a4c8ddbdcd
SHA256 9acb610c53eb118c733c248810faf5af5c8db80e55402aedc1e617cc7e5d72bb
SHA512 b2e8ccaa254f93ff94972d9818afad218d67521a756172e504a51919aa2deb8ad3d6d42a40e1ff65fa08edd76c667a2feda77ec684513a3c70ff3faf6d10f2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 311da96f85344e8a4d0f9f1a55b239f4
SHA1 372ff5806eb52d23e5c1579b729e09c203827e6b
SHA256 c8aee2ccc60be54779c159756f6065c27e9d165f1e67a0e9d236cd1ebfac113b
SHA512 0326118f81a20b4855065039ccfbecf96a761d65f6cf92882470464aba156574cbbf3b0ec67348ce1a80d04912d6c8ef739050750d4db74449f1a560f6901102

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9c0bb5ce975c007080f6f00b49205bc2
SHA1 77a5ac1db342ed54374d2a3eaec90e5e5f06033d
SHA256 c41cbb90c24ac8e284fea594b777297e0e45da3982f3590840b766ce00029c96
SHA512 d249006974bb95e75c8146803cf3eca9d208a5c84ea1bea40e8462a734f16551afb031aa3f4a92697d303aa2549afb73bd85fbe1b739308a526cbca6995001ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6e893a9595ae39da5512762481a41d9e
SHA1 aca6fed85fa9ac0dd8ae3247fbc71ee5b3d176c5
SHA256 c855e25805a9969f6ed8dfcae2cb1f559e47f814392e80d36999e766c168ff54
SHA512 309206276bd488a5e5ebcb8b9f82b00a1296504620a445e495e5a731325195378b49befc1ee4e9b9dad748ad3710f4fe39842ea27ece07f5b0cab465906e2123

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ee5ce99f42b2be7a12c71e6a960ee960
SHA1 6268036eb2183e474f2dde9f27830f5d634288c3
SHA256 0c141bc8648e841583b79944088f9a29fec9d786ea57d3584fbc23e363f4dda2
SHA512 4e0eed18d91dce7595dc82e3afe0e557afd4fe8dcfeab877530473fcd3a20507506b1b53bf8293360199f08f3062cde85b74a95df312ca71099fa71330199879

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5844d4.TMP

MD5 25fbdb324e59b6a1eac991235677098c
SHA1 dbb2bcd3ef7d2f645eea5cd340ab1ff4e8582ac3
SHA256 756ea9acfef1cabe288ef523f675c088de5a3c9482ae8ef0adcb1ee5dd93569b
SHA512 75a801955c7ebc948d7356b5946fb878cef5248030aceb4d6a5b7a3b6c5b97ed0daac4434bfa4828be6a29bb140c593a520b31c027a802624f755ea901d2343e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 60b6116bb5b80122afe843abc7496aaa
SHA1 d1c6e74cd0b47e486cb3e5e3604570cbddfdbdd1
SHA256 1ffd206c4782070cd712d25ff08887c2f214552459d28f5b01cbaea0acdfb3b1
SHA512 a70ac4f8c32d54a59615f863d23db76584442be20f265f872ddf2dd56a0c9b529ab243ace20cca9b593a2c52b022411cce2c8b29e015e427724dd0da9bb6798a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c83b1ed017f227c922d948960b16365e
SHA1 d2d8461412b0c7fc0893698bd37c62a2d4c6913a
SHA256 222ef905f60560fed275cbb8d2de80cbe503a9eb73880011e7ec65e0f57e54eb
SHA512 8f75d6dc07c26a8ab2cff20fec02b3f2f09b6d76b59282f4253cba97bc4041be6246369cbadbf35c5e871008831a0627bbd252b4b674fb936223c59c1144e2f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bfa19324480b0a41275a2b08580d77ea
SHA1 5caf5dbd8c1494e4b8022f1aa683f4f533944d9a
SHA256 fd34b6469e74644098598a88e699ab0c3353696425662733c63e538b16e325dd
SHA512 8a67fa2c931ddfaf74d8d90c455b1e7d16d43bc5253061dd6ce3569d9be4f3fe613bdf0d811a99373e54aa08b705a92667fcd53aa0de617782b58efed909176a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5d1ecdd62a169a32a4469702ff01ef56
SHA1 3cd820b2ac2e3b3830f118b54800bbc404281a79
SHA256 503587be6b7a9357352bd23cf4a1b01c32253ac85e1a13059dc303eed633ddf6
SHA512 e54a8d642853db94b268d9d1b0a2b5619167dc45d6e6440695f0bd853db377b17eb9cb9a3816a1f353b910163713805fe09a6e67adb8f958031846f13c39bed5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5380b6ad-6220-4aea-aeee-88ecd0f83c29\index-dir\the-real-index~RFe589c3b.TMP

MD5 8ea10e9142f3a677b22db422c958d952
SHA1 61f959691f778f241d77e7285c110738215c45a8
SHA256 1bab1e9ed27bd44d99114c3d0c20d295a5688ab4600ee69b5331f6b58f57d1ac
SHA512 67cb111d2b565ad4d5b28bf63fd48c6b3ca5173d7e940375d7425d34a05ad7d25def6c8dd66cd14dcb6519a44a3df1401ffa9c84aafeda9d8f15ff809c55a1ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5380b6ad-6220-4aea-aeee-88ecd0f83c29\index-dir\the-real-index

MD5 34ac7e1ecf87d8626dae201940fe79a3
SHA1 f3b45cd6f74a2229720d0257dace242e7302e17c
SHA256 f905a61b7ae8228dc3c2b5771f0aad87036d8147a3bc3c484646ac361c2c0ba4
SHA512 214e4fed5881efc2a306bf20b224d0b7c503d5022bea3ae09abdbd3ce853f7d4495c2771ea483b6a234693d326fabdd6250d436d9a830b8b41e7615d3ffb11ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 4f1fccaf7e3e3f5853febc3cb71a393e
SHA1 7e4e817f35e17bbd2de1623eab81818357901753
SHA256 af2f7451a663cca51d6ce54cc424d026bfc6881c8af711d9c41b60a2c1a944cd
SHA512 b97e4737445a305fc96cf91ac97cc3a7aee236a77f0d5a551ae76228b844348a67cda57432f59dfc13a75ed5a9e229a5699577c7605ff74e792c1265d2e277d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8fa57bea1ca3097e3e074f6f073b1c70
SHA1 b8fa674556cf96cc472702e1a21b91506a139995
SHA256 5db8c2de0ebcff763360eef812b89c3979288bd0db426fdf9b72cdb0bab9f8e8
SHA512 99488c646aea0c3c2f3c66fa0180bae3b5aa024340c7f1be7a3709f059906aaf19de461729d521c5567fd35303bbf7e13836b3a2d5f866bdddc07f4417112f85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2670422daed84301747a3c0bb30df043
SHA1 76869804acf77e879205dfce224543c6ec2312ea
SHA256 036de296094404e9f52b57412d9ea6f7d9a94e4b3b74963ed6c235ca1a07e7dc
SHA512 f389441d749e2fd2954338c9fb79620b4e9bb969114fbca06b5cd6081ee2cd6241a49dbce29e432f87c49d9640fdba7b185deb04d464e7e77fc4cba2861efafe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 9ba881ec74dd8a91aa97a00c01219d11
SHA1 8721386479aee5fbdc47961a97a9d7a2a95fbe57
SHA256 d3fe000ea7c1e84ef74dcd15a9b2b1db6757079e77d0fc14e3797aabd47cb802
SHA512 09f805dcd3ea7d91d5bdb8177366d1f631bb3d744ff0a291f39933b8150f9b8bb7471a6a0125fed3dd938f9a3cd2c4841cc6928e0654b06521cae324ce1dc765

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0734611cf914cc805b1bceab50a39103
SHA1 0d37f834157f484bc42f9c572f40e6fe3cc360b5
SHA256 ff8c9c25315eab6918082c796f6f48d1aa398ab2c9dbb4403d452d6429c08f83
SHA512 1dbd774bec4490556140b41175c6886bb1fe3d22ad9cfb55667ee2e3d36ec8f008cc967373725d693f23318289f2fad037db5e01cc1e59879e8087a00c406ba5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 06f44599b857e7c83754904cb0220a26
SHA1 ddc22721d9b6f31bda6ae680051a95f173237560
SHA256 92f4d2731df45788592b2ac0a7559b01c0ffe250adaa563d894deb5f723d59d7
SHA512 0d0810667c97d34f9e539ea354ac0b69f61073309f183a426e69a9577b9295f58891da11b1e6143291b15c74788b05f23980a5e7a4c29c1c184b1aacba61995a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fe033ff951fe1a72e792d8941df0d44f
SHA1 ce7156697999490ef661cdcbd06544bd2f4e6517
SHA256 b93a13e3ae89e3e46bc1476a65f933949f54ccdb4b4aa6fa28b4bcf22d9a0fb6
SHA512 6364514bc5bd23f77c26dcc1c1d44ad43dc92788ac04222a1e9ebe422bbcbb18d668e9eb96474c33d5426354fb1c4c3cc7149ff53aad12b6535d2c742c883740

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 918226ea6148c43d55a1bb7583f84bb9
SHA1 b73e0a3927d6446b53fdcabb302a3f80d0674634
SHA256 42b8c54fc4df86024d7ce35c1fbe0f9f0fa806c4271f615b641b689adf4fdd1d
SHA512 fe1b4414a27677aea717f78a86a49a5052a4f208e8df38813b1bac7818c048f41aadd0c17d5b07cdd08a94a7e108a69c9260614e5faa0adc720c99adf1ab6172