Malware Analysis Report

2025-01-02 04:17

Sample ID 231214-hg428sbhhn
Target 1c0ca2c9b5f2f31b66becf51f6d1b01f8e59f768fd00fb0f1b3e286b8dd57363
SHA256 1c0ca2c9b5f2f31b66becf51f6d1b01f8e59f768fd00fb0f1b3e286b8dd57363
Tags
lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1c0ca2c9b5f2f31b66becf51f6d1b01f8e59f768fd00fb0f1b3e286b8dd57363

Threat Level: Known bad

The file 1c0ca2c9b5f2f31b66becf51f6d1b01f8e59f768fd00fb0f1b3e286b8dd57363 was found to be: Known bad.

Malicious Activity Summary

lumma privateloader risepro paypal collection discovery loader persistence phishing spyware stealer

Lumma Stealer

Detect Lumma Stealer payload V4

PrivateLoader

RisePro

Reads user/profile data of web browsers

Executes dropped EXE

Reads user/profile data of local email clients

Drops startup file

Accesses Microsoft Outlook profiles

Checks installed software on the system

Adds Run key to start application

Looks up external IP address via web service

AutoIT Executable

Drops file in System32 directory

Detected potential entity reuse from brand paypal.

Unsigned PE

Enumerates physical storage devices

Program crash

outlook_win_path

outlook_office_path

Suspicious behavior: EnumeratesProcesses

Creates scheduled task(s)

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-14 06:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-14 06:43

Reported

2023-12-14 06:46

Platform

win10v2004-20231127-en

Max time kernel

152s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1c0ca2c9b5f2f31b66becf51f6d1b01f8e59f768fd00fb0f1b3e286b8dd57363.exe"

Signatures

Detect Lumma Stealer payload V4

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

PrivateLoader

loader privateloader

RisePro

stealer risepro

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\1c0ca2c9b5f2f31b66becf51f6d1b01f8e59f768fd00fb0f1b3e286b8dd57363.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rl3ak29.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe N/A

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe N/A
N/A N/A C:\Windows\system32\svchost.exe N/A
N/A N/A C:\Windows\system32\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\svchost.exe N/A
N/A N/A C:\Windows\system32\svchost.exe N/A
N/A N/A C:\Windows\system32\svchost.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe N/A
N/A N/A C:\Windows\system32\svchost.exe N/A
N/A N/A C:\Windows\system32\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\svchost.exe N/A
N/A N/A C:\Windows\system32\svchost.exe N/A
N/A N/A C:\Windows\system32\svchost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 916 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\1c0ca2c9b5f2f31b66becf51f6d1b01f8e59f768fd00fb0f1b3e286b8dd57363.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rl3ak29.exe
PID 916 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\1c0ca2c9b5f2f31b66becf51f6d1b01f8e59f768fd00fb0f1b3e286b8dd57363.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rl3ak29.exe
PID 916 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\1c0ca2c9b5f2f31b66becf51f6d1b01f8e59f768fd00fb0f1b3e286b8dd57363.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rl3ak29.exe
PID 2996 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rl3ak29.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe
PID 2996 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rl3ak29.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe
PID 2996 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rl3ak29.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe
PID 2736 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2640 N/A C:\Windows\system32\svchost.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2640 N/A C:\Windows\system32\svchost.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2796 wrote to memory of 2568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1608 N/A C:\Windows\system32\svchost.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1608 N/A C:\Windows\system32\svchost.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1124 N/A C:\Windows\system32\svchost.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1124 N/A C:\Windows\system32\svchost.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1184 N/A C:\Windows\system32\svchost.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1184 N/A C:\Windows\system32\svchost.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 4708 N/A C:\Windows\system32\svchost.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 4708 N/A C:\Windows\system32\svchost.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 4296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 4296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1688 N/A C:\Windows\system32\svchost.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1688 N/A C:\Windows\system32\svchost.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1608 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1c0ca2c9b5f2f31b66becf51f6d1b01f8e59f768fd00fb0f1b3e286b8dd57363.exe

"C:\Users\Admin\AppData\Local\Temp\1c0ca2c9b5f2f31b66becf51f6d1b01f8e59f768fd00fb0f1b3e286b8dd57363.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rl3ak29.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rl3ak29.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ffea99246f8,0x7ffea9924708,0x7ffea9924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffea99246f8,0x7ffea9924708,0x7ffea9924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffea99246f8,0x7ffea9924708,0x7ffea9924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffea99246f8,0x7ffea9924708,0x7ffea9924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x80,0x170,0x7ffea99246f8,0x7ffea9924708,0x7ffea9924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffea99246f8,0x7ffea9924708,0x7ffea9924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,10244502420489311634,18181371359419660305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11453176351397849477,6967875691514764919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11453176351397849477,6967875691514764919,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,10244502420489311634,18181371359419660305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x108,0x170,0x7ffea99246f8,0x7ffea9924708,0x7ffea9924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,12028221045078607817,6555539251881275954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12028221045078607817,6555539251881275954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15187087227260189165,15561981809111386589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffea99246f8,0x7ffea9924708,0x7ffea9924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,15846194609175446438,8076818158954363502,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,15846194609175446438,8076818158954363502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1564 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffea99246f8,0x7ffea9924708,0x7ffea9924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2352 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffea99246f8,0x7ffea9924708,0x7ffea9924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 7012 -ip 7012

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 1864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7rp4Me93.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7rp4Me93.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 7396 -ip 7396

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 1028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,13751959284246917082,1666989470399325057,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8924 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 17.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.epicgames.com udp
IE 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 3.232.47.168:443 www.epicgames.com tcp
US 92.123.241.50:443 store.steampowered.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 104.244.42.193:443 twitter.com tcp
GB 104.103.202.103:443 steamcommunity.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
BE 64.233.166.84:443 accounts.google.com udp
US 8.8.8.8:53 168.47.232.3.in-addr.arpa udp
US 8.8.8.8:53 50.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 103.202.103.104.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 64.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 193.233.132.51:50500 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 api.x.com udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 51.132.233.193.in-addr.arpa udp
US 104.244.42.194:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 104.18.37.14:443 api.x.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 t.co udp
US 192.229.220.133:443 video.twimg.com tcp
US 104.244.42.5:443 t.co tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 3.221.38.39:443 tracking.epicgames.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
DE 52.85.92.12:443 static-assets-prod.unrealengine.com tcp
DE 52.85.92.12:443 static-assets-prod.unrealengine.com tcp
GB 104.77.160.204:443 store.akamai.steamstatic.com tcp
GB 104.77.160.204:443 store.akamai.steamstatic.com tcp
GB 104.77.160.204:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 14.37.18.104.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 12.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 204.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 39.38.221.3.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 220.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 fbcdn.net udp
IE 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 104.77.160.204:443 store.akamai.steamstatic.com tcp
GB 104.77.160.204:443 store.akamai.steamstatic.com tcp
GB 104.77.160.204:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
GB 172.217.16.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.213.14:443 play.google.com tcp
GB 216.58.213.14:443 play.google.com udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 8.8.8.8:53 t.paypal.com udp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
GB 172.217.16.227:443 www.recaptcha.net udp
US 8.8.8.8:53 soupinterestoe.fun udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 172.67.221.65:80 soupinterestoe.fun tcp
US 8.8.8.8:53 dayfarrichjwclik.fun udp
US 172.67.174.181:80 dayfarrichjwclik.fun tcp
US 8.8.8.8:53 neighborhoodfeelsa.fun udp
US 104.21.87.137:80 neighborhoodfeelsa.fun tcp
US 8.8.8.8:53 login.steampowered.com udp
GB 104.103.202.103:443 login.steampowered.com tcp
US 8.8.8.8:53 diagramfiremonkeyowwa.fun udp
US 172.67.183.217:80 diagramfiremonkeyowwa.fun tcp
US 8.8.8.8:53 ratefacilityframw.fun udp
US 104.21.74.182:80 ratefacilityframw.fun tcp
US 8.8.8.8:53 reviveincapablewew.pw udp
US 8.8.8.8:53 cakecoldsplurgrewe.pw udp
US 8.8.8.8:53 opposesicknessopw.pw udp
US 8.8.8.8:53 politefrightenpowoa.pw udp
US 8.8.8.8:53 65.221.67.172.in-addr.arpa udp
US 8.8.8.8:53 217.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 182.74.21.104.in-addr.arpa udp
US 8.8.8.8:53 181.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 137.87.21.104.in-addr.arpa udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
GB 104.103.202.103:443 api.steampowered.com tcp
DE 52.85.92.12:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 104.244.42.194:443 api.twitter.com tcp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 35.186.247.156:443 sentry.io udp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
GB 104.77.160.220:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 92.123.241.137:80 www.microsoft.com tcp
US 92.123.241.137:80 www.microsoft.com tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 187.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.178.14:443 youtube.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rl3ak29.exe

MD5 15fab64aba4a33703f857e5a26fb2009
SHA1 858b23ddb95e1dfa6e54b21f50f494f0f8a3f83b
SHA256 7d5a7b0ddd70970274ab491ee61ef21ef325f1b088c1b06aaa9582dcdb917aa6
SHA512 4675ca29bf4025d75435d12a7aee46fd2003272c283ca2560d0b2ea7befdacc370cd087bf1a5f89e49fb47e8f042ef99203cb14054b96789e3d86931b7537e1d

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1dW30Nu1.exe

MD5 096777b4aee8c82e6bd4352a9c40f312
SHA1 845779b992c0bba2bfc558f35c4b0a0810b134a5
SHA256 a6929df65370dfbffbce27842c3ce15ba9bb793a713565c34d8f172709aec6d2
SHA512 bf74501c94ba1544d2652e55700c19ccf379f9f54bf2b252518335989fe770fbd2473eff313e3904480cfd57b68176b17d5f181db5df1984d3bc3be5e9774e90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 001e6accd2295500f29c5aa029f13b83
SHA1 ab18a2236828927b4c0927fe97991f395f587b9b
SHA256 488b5425924289b246663eb3e7820375e20335c948e1116c5e06a46ab6306df9
SHA512 295630689f1e63fa6d9f32dcbf54df669d87570deb0cb12b7b2f804a02a54fc5c9a8b94da3addbe0398da019816084ffd6639a9430e868500a5361c9c2eaca95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9757335dca53b623d3211674e1e5c0e3
SHA1 d66177f71ab5ed83fefece6042269b5b7cd06e72
SHA256 02f0348e2af36f2955efda1613dc6480f1c68c8e55f19590b7b58e9355c6a940
SHA512 f13351398f5dd5b6cf638b174dc50ddc782b690c6d4736d48941923a3425b5dff4a9aa0da22773e9abc9559d40f020f268018db902e0a7772b7b1f4d21126f21

\??\pipe\LOCAL\crashpad_2796_FGCCVOVZLYHCPVTM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7cc721f8-e48f-460f-91f0-1f021e21080c.tmp

MD5 b5a95d74e42d3f05161016aa08153b1f
SHA1 d849ab1bbac061a2c4160b2a25c8ea9886584eba
SHA256 d2c1bc4723ce76bef96cb612d0e4d0545e9c7fa6df968e1a92eac3d9ebd71d92
SHA512 7d98a5fc93eeef4ff8916ee7564c9afc0482cfbe4c7b9532008ba2269a7b35d061ab10f98d91344ba07fc947040905a8d755faedd9c1d69ceeb78b13c86b059e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c2c1648ba440c9e459d01a6b4f4e3f2a
SHA1 5e80f87a3816be4159e64cf8713da91f4c9e1cda
SHA256 d99ad2a8a2b23bdb05294a6690011027ea59e7dca2800f00b5905a791649b246
SHA512 a83a0ea4eabf574037bb1d61ad2dc221e2f18107f7a56f0248557812e84d6a80f3164c3dd84e35d51a139a22e25a2db579b9dfe7ac17dbcbbe41474d8a88dbb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 117586c9612acde369a09059a2acb648
SHA1 bef10f5603efd3d02afb2d81e95def08c24908e3
SHA256 06463388e84bd1548153cde02e69be1caceea68faf5658ef92bc59750d074986
SHA512 6c3d1fa78e79d4d8295a61025524a6b9d7c61db085568d261098420925b15826ae23e64a96fa080a389258172a465d18a34e029c333d40c1118151c2a53f9712

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a3672500f70ec7844a573fba5962c500
SHA1 f7d48917ccbc62fe16c38f8b3e32574b7019bf63
SHA256 4315b77cd67aab774aae7faef198c5ee54e13dfda6958ef368dc93ddc35f236a
SHA512 69f8b9574fffed59c28f6b0b3a1d99b60fc4f0df770f78b52e0f6fba25e86e7738d3e5b530fee33d12e42a7f4fb96ec87a2625953a674501214933f696ebefc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b1ffcce5e30bffa828624e8be02045f0
SHA1 26430dc5910e5bad27c3a26eebb4ca63c4137ca7
SHA256 5314f85f3337e914d77b6650d501fe6af38619c89f531cb70ff5995e5b194695
SHA512 92899fe30b2dc03ef191524540b4c688800d26fbdecd1852e02b9e813b7cf366c0187ba20812be63b3719209274be09725ff5973a29e3ccc66808b885350bcf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 340f01db8416c0ba47aa9ec2d5d3df5c
SHA1 07ee6ca52171f21d295c1e8f2b51a6c2c1cb32b7
SHA256 11e982edaa8afc8391ef4136a8f186859080010d58efb7fd204347ff602fe335
SHA512 f6c753f012fdb9117bc2e087643d8273f8c6b9c45a62b02591973a344c64bfb3011e5cead8682e2b7120528eb894b8f357d4a43368d99516962fafe7c1aac8d0

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2WG9117.exe

MD5 f73f6ab9affa5d7693b09cb5c4a2fd93
SHA1 242151f576bbc4d219ee42fc721fbf39cfcc674d
SHA256 a50612dbe8baa9049369ca9efaff226b55923ff7dd617826bb32887666345f59
SHA512 9e7b639d6729a76fdf40bde410b4e0080d7bec91ff58ae97c2912526fcb69c4e3fe18f66e7103dd8e420eec338c351d22fb4e38b053fe6bc492a5ec6eb7f3500

C:\Users\Admin\AppData\Local\Temp\FANBooster131\FANBooster131.exe

MD5 5047ef66d994557d5cf7c7959693184b
SHA1 75e8ceec5f4bdd1d5d70f4e6b382218c6beff212
SHA256 73db620d75c41c062a2783eeccd282ac37d428667b7617b8c19d4994f9bc85fe
SHA512 a2f14a7d1cb508ce7b9e719fb93a9ef91c0576b14b638d161c85dd8402d1e0bf034859d337031c2b185826780ba1b7292e42062c1b34f9d5f60803e3947e9be7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Temp\posterBoxNIIqKsMEv0_qF\QdX9ITDLyCRBWeb Data

MD5 ce7f99b32cf0d8473697dfcf8fdcc1d7
SHA1 001451a4f514f593a55bcf2c50a3a22a926a7231
SHA256 8a57ebc2f09a2c28da6e9bfd41e48953d06c99dddc7103df08fefe90d446d350
SHA512 20be27aec29b8666654a8ff2ec43738e2727073611fa085a26c672f36c04e42b0688b1c146b23c3d188a2f9a5483b9a057064ae7a293064caba2dbd55bf81767

C:\Users\Admin\AppData\Local\Temp\posterBoxNIIqKsMEv0_qF\ZunTSaNJLBVfWeb Data

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 25eaac00145ede7c5931764ab5728cc5
SHA1 ba9727108f18431033451ad71885c03a247de4da
SHA256 5329a59b888593d93715668b463a35344d88de1130e6acb189dc3cd8cfb49841
SHA512 0376d7a815e7fea42f817519dc65c76d1f9a312faccf3021bbdb2f3359bded8e2965b6c8ade28c8c3ad90a9b4235e768c7d1694c8b8047430522fa924114a911

C:\Users\Admin\AppData\Local\Temp\grandUIANIIqKsMEv0_qF\information.txt

MD5 545f2559e514ce1ef6d991553c1b462e
SHA1 28a128f2cb548f80180907a46cdd854b82946d9e
SHA256 e38c1c740252ce9e4b21c4deb4184eb58698e9325ff67d82bb04d8e71cc09dc4
SHA512 1d66f0e225bef7234c5474a42f30c5049e78ccab15051842fc0b07b4d2f122195bc508232354c32f65952ad7e6ca87372a960f5a8af1b5e2642abab2ce1132ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 07a9febb39d4519602b8c993479fc820
SHA1 c2a9ab8f110be29781cd3eab83f4ca1ac20b58d2
SHA256 1dbe00a7bb0af2fe1f3de1820be7d4ce2ff75d673d9c4d4cb318ef4a01e7c70c
SHA512 992b45dad71275a62bfe7407379bbab172e9662df57639e7f977d737e253b7e453a6409e5fef368dc13d8d912a124ad357af61f871891965a8cdc8451550613f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 c0499655f74785ff5fb5b5abf5b2f488
SHA1 334f08bdb5d7564d1b11e543a2d431bd05b8bdd1
SHA256 6aa332a4d21802b2dbcd08e153764da60f538ceb0daaaaf7504ba8f67c08ef03
SHA512 5f0cec6dd823f2b3ac62017383dbbf71ed38893724312ec75e73fb197e0bcd5418bb70fdfe9150f5ca495d5f8547d8a08618bdacb5010514a3cb1101437d698e

memory/7396-570-0x0000000000BF0000-0x0000000000CF0000-memory.dmp

memory/7396-571-0x0000000002400000-0x000000000247C000-memory.dmp

memory/7396-574-0x0000000000400000-0x0000000000892000-memory.dmp

memory/7396-604-0x0000000000400000-0x0000000000892000-memory.dmp

memory/7396-605-0x0000000002400000-0x000000000247C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

MD5 b3ba9decc3bb52ed5cca8158e05928a9
SHA1 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0
SHA256 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4
SHA512 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ae79c84d122ccf757b57a91ddcca3470
SHA1 4836cde65f03fdbc75ea38247603b22fd4f17439
SHA256 23edb1c048151717b4f72a7bffb3ed9a5385914c06e1a958408f2f41d3d92a43
SHA512 7fea9b2294e374485da119cb76e3b2cf5e4796ed3ab1cebec095dfdd64a5d217b08a516500356cad7588d499c2045b51ee755ca64e3388e7376b8510d0d1581c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f4ff.TMP

MD5 df06661f789bd12b473748ce185e2211
SHA1 0ead09ab1b8aa886b926963dd507af8e718a5d7b
SHA256 785f9df244a438fdbd2a29f3d90387623a17bfa0a841a7b15c32d08ec7252bfc
SHA512 d16afc82ac997b0b4a091b8f04ecf76e0f3ed99af10261faffe2fc1736c2102b10392dff841de9c26d86f692e9b02cee483f53ac9b2cdf53650994a113fc880d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3aa63ced830336ea53c811febba86e68
SHA1 8b160cf7608b393c5b7357521cdbd682468ae1ba
SHA256 06c699c1e810a687d2620b2c40dba6cf9c18a71f1fb6b8267e90cbd779969004
SHA512 f62c4c6f3c3475b33a5942206bf3e5856150419f9e3465b18034cfca1ea30730f1110722862203bbdd8fc73852b55eed6dfc4a7952b1395241fd2358dd6706f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 e5cc4fcd8dc8d7d08bbab54644cfd474
SHA1 177ebcb802de6d9aace5c65053b4fd17c9e4d053
SHA256 0a56e1f792f2da960b500101357a68bd3c27b156a20c9a0dc5145296cb82c147
SHA512 9090b50a788f1af4f768406302c6b3b7b18946d7320bd5c4d89bace659b2403514a3f9c7c0488b833ded8a68039e9bf194ad81d2a1459707f082f57dedac4c05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 aa859526db296583ff4b96f80255bbd4
SHA1 219918699aba6930a1b65ee54f2e987757b5c6ba
SHA256 70541dfe2fdeee95a44bf2e57c81eae853e83d67d76c13d2f325d17e977ad4e4
SHA512 ab8aecd0e153a608fd1296235ea413c618cc095387a38b88bc1adcd976b6394e96355b20d6e303858523a36768982fbc310b6340f516fe65fcd61e1d7188ad55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5f07e9152814721890615a02b2964dc0
SHA1 ecb92703dc68545531dfcfd9e7e5f28a6337847e
SHA256 6d422b3fd342ef9be37ca4393b32325cdc344b47c1b587af24562e8084d7cb6b
SHA512 1d5ce70e35e7c9fc625cabdb28c4f558a3a327f207c8cb05cd562d57f1b484da1beabec734f6b97beb23805443cd01653b24c0b7de991dd52695427392a05220

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 45a4ce363b0175861d08ea827671be3b
SHA1 fa940359e2cc6dd2e2bceffd44305a30e4cebf3c
SHA256 d24145bb04eecff0357243f80c34b3342f57961239f89bb8dafa7553344ec03f
SHA512 80b1d35a2dd2c3783327648834ce974f8dd3cf9e6ac43181761a53744c15656aca719444d63df44ca11b421d04bf5fd1c5406863351543bb8d1447af266e0650

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e2d4f369f7a713353da007dfab0de578
SHA1 ee38c840209732241eed592e221e83a29a6675b3
SHA256 9b97e7d0f8114a24476a5c33d1071706e60872719c34dd80e7ef34be42b887cc
SHA512 ab865626c8aae33dc99e61a66f9aea7f1f185af8ea528a38cb276630e21447eb8026f0338acf9ada8d5b7f51c8fce81a4c0c3cb4a19ce1d3207dc05d4a052371

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 1e422b46870c2c58143825693cce6c14
SHA1 1863ad5c4ee2bbd41de31e6f91f43467cdd7ab78
SHA256 fd2d2133bb44cd322c0fd7e63e43bc9580e78823f765aa293d214bd4fc273be3
SHA512 c59f9b69162c7a10ddac15cb76eb2e736d76fafcdc1a9c87e402c2ecbaf1ccce588f62c8ddb2ad335ad3ff01744c17fe37525007b4b0f62a311bbb6d29b08f00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58431f.TMP

MD5 cd7d0b3ddcf4c5e380cf53fb18d5c9a9
SHA1 b1ba44bdb069e7257b6a093f42163e1fc86de444
SHA256 edc6039ac588800fc807575e5c26fa5f1c408a8059967b6da7299ab566d29866
SHA512 c21b0cc6e9fab4b11d1722144d0cfdf09efc6c426fcb02c804c6af3137aec2890d18de9c9276d792429b7fbc25e82c4a69c626a03cf771811ca9d69dddecd9ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e6c164aca28990b599c8ba81cdad76ed
SHA1 7ce223c2605b78b3b6dbe2671baaca6e591eb86f
SHA256 0e219c1441c91affe7a8841ab8cf4b521048ee8f533172dbcc036448c8c54f77
SHA512 369f91a4dc0d60f3149a6b03cc52768c3ee8f3ded4110a7484aef8c74c311a0cb8ed191bd1e985c72d5bc5b6d7e09550e0f6403c3c6d69d95efd59ae29afb4fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 722a9ebb14edde0e2324e980e8f2158f
SHA1 4203ada6ad249417b0b57261464218ec6aa04328
SHA256 9b993f8a266f373842fcf6282c56124fab7d1985220deb80af14ef0158801cff
SHA512 3dc8abe453453254cd416f47aed16b5b9103e99ee37dd72fea3581101b75178df23de05510b1d31090c40543ea7990995008932da88623eaff2d080964156058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7c46e4a1f2f004a2c75c5721cacb106f
SHA1 82d5e0b09a24923bd76da9305812daaa86273e09
SHA256 02bbc1158063a2af5351c2a0dd7ffca30def56585eedfcc7c63d29eff6dd80b5
SHA512 dbe8b4d65eae92646f161200f204315f2335814e51b7ec6b55768b9b138c21812c568e6cdd9a02acf989a99997e83bec9c7ae34c4b244cb38c8efc03f2bac5e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\891082cf-9481-4d66-a817-bdbe1c65cb8d\index-dir\the-real-index~RFe589a09.TMP

MD5 030e74e041984531961656175a3baa7a
SHA1 998cc9e79af347b5879ebd75644b201ed135b916
SHA256 cc23097752aa84904444550def24091ae56e0e8418b7b434f28d8fa730ca6b68
SHA512 09e062b1d216ce9a4b88d9ab087a9a324235ad68b648a4ed0c0f79214f5743bed763334a0888dcc7382564de350ecf0accb86c9b0bd6a3f1baf9e433f1fb2a91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\891082cf-9481-4d66-a817-bdbe1c65cb8d\index-dir\the-real-index

MD5 fadc85c79b4817290463f2f51a83f608
SHA1 129ce99d813632256c1ebbd7357ca4231597d0d0
SHA256 c2dbeac761d60a8b7d8ab6be4ab5d936a12b90b2c326ca68ed31141dd33be87b
SHA512 4adba25d0a7c270feae20e4910ee32c40c9fc63725ae7928cf7d75007e5359176ae7b47093a676851d75b7aec7328b8808c9c644df37502f66ff1aa065d9054e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 d6b13934797532bc1a4423e60dc78d54
SHA1 dc242c42caa7cc1ed321e96cb1bd13c038e8a8a4
SHA256 28ea24f300c5c19a930fff4d1597afdec0df06a5dd1acd68aef2f4fd44c783bc
SHA512 cd1ef75e5d8325071af67606647113329cdc089b34f226e104d9d92bf22284223008fb87bd0141dc9936dc090112ced9ed41e27c6375680caf330f2e63760346

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cf9b39fbc8caf0ef6e46de8deadfc3da
SHA1 4540ef1e533c4e1842e58e53d258b9ffc0bc9f0d
SHA256 a5fee85b0abb2e5dc3d3dac34cb5dbdf95bbb9a793c1e34ba6758b5659e26b29
SHA512 5dacd005d3e6be9131084146915a7c88aad5a3b1cabff9e60c1cf70828d923e3ebb4e7a1e118ea3c3a8ca93be9b7bf6bac50f8c42f5069a6fc528b30237fde1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 49f26660501c37085a00a873b20f36b5
SHA1 1a84aadbb28eec5f0b6f233b6fc98fd55b006fc7
SHA256 c2941989700a21a9baf855ba2d77b80e61a8ec54e024ca8bd33201e7de5059d3
SHA512 1aaca967440f987ceefc32b5e5151ab9e487f8b76de66a623ef501a3bdabee5d13f1633c234b6b3c17976fb6ff9ecc2a78abe581b11a7fed8055ee1167d8aac4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c3c32e49c5e173c1adbb3af6185e837e
SHA1 40230361d811380da764cd7b7df879457e99df17
SHA256 198cef95765a8022bb24b3f25b1cd91b248d16dfdce63a330c8809bd8f561ead
SHA512 860110e10d7b6ff279754282f4850ff1f616d0f8857a12f4ded6b9a7494a88b7f52cdcbf5b3c879b13637fb96ba27af7a4d05ac72f7c8b46363b5a812823525e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 675f56a9f7ab434bd27c86bb1401a9a6
SHA1 200d8fa751b85fc222d3712493a42cdcb63ce489
SHA256 ca48e95a73465f2eb26248286bcefd9b8321fcf6ff80dee3dcf1b1243f7de86a
SHA512 7f2dec6269691ddf3ce7a394659346014a72f930fc9b5fedca200f50987868af30f0cd8f145a1047649179b9f3ceb3fbffc14d3674f6ae208b9c9e33919b6049

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 459ebc31a3032d0df3dc0c9e29617d2a
SHA1 661f9c98ca638fb687bdd0cb3e372c4cd7421c5b
SHA256 0cd43cec2463dff345c1710069579282c031428ec2936a05469e5979691661cf
SHA512 425f3c9b66f7d5508379ca8470c76f4363523094ebe53040fa029883a658a14046d72763e9e93e160f54f94c6502d1e85c9c7932cbc97e16b70cdf5b1856066c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 71155acf69ee357c12196d2608e8a298
SHA1 81dc244e5a321f4266a2f32f1fa5d8c86e29892a
SHA256 4f25f5fcdf21c6fa86fa0153e1a54e1b8108cd8eb4388e4d6e835d44e6944f3e
SHA512 410405d45c367a18a9fcafd78e9caae1fb3dc68887bf6dddfe036b10b8f3bec79b0c45a627e050e880c31ec7d0a1aa6e8615842a5b04897d6306287e5c6efebe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9a60380ec9ab49e0bea4ff1a39376386
SHA1 ba69ee98f1a6139729b2af972d47818fa124d7e2
SHA256 7896bd53342e7eab9638ba92b654ce82dee33cb3078b58c2d1170eca248742d3
SHA512 6b8ba8bd71dfe68932692e2223fafe5ae0e769f7c58dc826049a8e3c610afd906eb98a3a9295b10e456cfbe5bb9edc3806f5bc698e259ae47b6199a9293d8b88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3ca2235f28b6569804c562d7158756e3
SHA1 fe3e8e1e21805b196c2a666c7c27554516c2be9f
SHA256 ee64a3ef116ea453337ed28a09f5315499c9fdcaae4bd808e127104f55943239
SHA512 2211f758b73c5587cf9bdd6e5263ff68fda98797d6fabf1a6deff5d45ffd0343930495f83ca3026d984db47b3ea4fda538f5d21c242f7ded02de7496564fc264