Analysis Overview
SHA256
a122065aa7e37aa843dfbbae31affcd7fe3c73b96749fe0e48aa113827595b31
Threat Level: Known bad
The file a122065aa7e37aa843dfbbae31affcd7fe3c73b96749fe0e48aa113827595b31 was found to be: Known bad.
Malicious Activity Summary
Detect Lumma Stealer payload V4
PrivateLoader
Lumma Stealer
RisePro
Drops startup file
Reads user/profile data of web browsers
Reads user/profile data of local email clients
Executes dropped EXE
Adds Run key to start application
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Checks installed software on the system
AutoIT Executable
Detected potential entity reuse from brand paypal.
Drops file in System32 directory
Program crash
Unsigned PE
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
outlook_office_path
outlook_win_path
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-14 12:41
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-14 12:41
Reported
2023-12-14 12:44
Platform
win10v2004-20231127-en
Max time kernel
149s
Max time network
154s
Command Line
Signatures
Detect Lumma Stealer payload V4
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
PrivateLoader
RisePro
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DO5IU64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xo16Ka5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Wm7lA87.exe | N/A |
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\a122065aa7e37aa843dfbbae31affcd7fe3c73b96749fe0e48aa113827595b31.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DO5IU64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe | N/A |
Checks installed software on the system
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Wm7lA87.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a122065aa7e37aa843dfbbae31affcd7fe3c73b96749fe0e48aa113827595b31.exe
"C:\Users\Admin\AppData\Local\Temp\a122065aa7e37aa843dfbbae31affcd7fe3c73b96749fe0e48aa113827595b31.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DO5IU64.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DO5IU64.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xo16Ka5.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xo16Ka5.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa36c746f8,0x7ffa36c74708,0x7ffa36c74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa36c746f8,0x7ffa36c74708,0x7ffa36c74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa36c746f8,0x7ffa36c74708,0x7ffa36c74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffa36c746f8,0x7ffa36c74708,0x7ffa36c74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ffa36c746f8,0x7ffa36c74708,0x7ffa36c74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa36c746f8,0x7ffa36c74708,0x7ffa36c74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffa36c746f8,0x7ffa36c74708,0x7ffa36c74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,1945821843588580055,9001730251331025495,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,1945821843588580055,9001730251331025495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa36c746f8,0x7ffa36c74708,0x7ffa36c74718
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4223705955267705028,7158606800340088484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4223705955267705028,7158606800340088484,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,10156948521235917359,9651168780143402526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15639887390671213926,17229699080489883231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15639887390671213926,17229699080489883231,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa36c746f8,0x7ffa36c74708,0x7ffa36c74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa36c746f8,0x7ffa36c74708,0x7ffa36c74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6284 -ip 6284
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 1180
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Wm7lA87.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Wm7lA87.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4656 -ip 4656
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 1032
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8656 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,4485002741240474178,7958567344227168912,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3104 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 104.103.202.103:443 | steamcommunity.com | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 92.123.241.50:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 52.71.240.89:443 | www.epicgames.com | tcp |
| US | 104.244.42.1:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.202.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.240.71.52.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypal.com | tcp |
| US | 192.229.221.25:443 | www.paypal.com | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 193.233.132.51:50500 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 216.58.204.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 172.64.150.242:443 | api.x.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 68.232.34.217:443 | video.twimg.com | tcp |
| US | 104.244.42.5:443 | t.co | tcp |
| US | 93.184.220.70:443 | pbs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 66.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.150.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| IE | 163.70.147.35:443 | facebook.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| IE | 163.70.147.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 151.101.1.21:443 | c.paypal.com | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| GB | 172.217.16.227:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 192.55.233.1:443 | tcp | |
| GB | 172.217.16.227:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | soupinterestoe.fun | udp |
| US | 104.21.24.252:80 | soupinterestoe.fun | tcp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | dayfarrichjwclik.fun | udp |
| US | 3.221.38.39:443 | tracking.epicgames.com | tcp |
| DE | 18.66.248.67:443 | static-assets-prod.unrealengine.com | tcp |
| DE | 18.66.248.67:443 | static-assets-prod.unrealengine.com | tcp |
| US | 172.67.174.181:80 | dayfarrichjwclik.fun | tcp |
| US | 8.8.8.8:53 | neighborhoodfeelsa.fun | udp |
| US | 172.67.143.130:80 | neighborhoodfeelsa.fun | tcp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.24.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.248.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.38.221.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.143.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | diagramfiremonkeyowwa.fun | udp |
| US | 104.21.18.224:80 | diagramfiremonkeyowwa.fun | tcp |
| US | 8.8.8.8:53 | ratefacilityframw.fun | udp |
| US | 188.114.97.2:80 | ratefacilityframw.fun | tcp |
| US | 8.8.8.8:53 | reviveincapablewew.pw | udp |
| US | 8.8.8.8:53 | cakecoldsplurgrewe.pw | udp |
| US | 8.8.8.8:53 | opposesicknessopw.pw | udp |
| US | 8.8.8.8:53 | politefrightenpowoa.pw | udp |
| US | 8.8.8.8:53 | 224.18.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.213.14:443 | play.google.com | tcp |
| GB | 216.58.213.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| GB | 104.103.202.103:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.103.202.103:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| DE | 18.66.248.67:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 120.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.218.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 90.218.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 35.186.247.156:443 | sentry.io | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.213.14:443 | play.google.com | udp |
| GB | 216.58.213.14:443 | play.google.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DO5IU64.exe
| MD5 | 18020bfb32ef1105ef96440376df53e7 |
| SHA1 | e55d1bc45ef9eacdafe3738e39e1e32c82d23093 |
| SHA256 | e3b4e788b8c2ab6757afc6d96564572e3d864c4318a2ad9a4c9292e80496fc3a |
| SHA512 | 381a23cb3319eebee157b6a0b8c29786f3d7e09f36a0727bd32e53b4ef4703fe4d7e3b7ed8dbc5f62c2f9f6b03e3cb48e7779fa13698c4e6000bd2a914554012 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1xo16Ka5.exe
| MD5 | 96a9a53bff607d83e8e0d648f1898596 |
| SHA1 | c84148ae9a0fcbdea1b3cf157f7227a25540a0df |
| SHA256 | e8b9e0bd96c1e2ba952960d74314ad61f07c9727254756ee03a3eb3163f00117 |
| SHA512 | 5a9a946eed767f1c1813e544fc190cd23b76f1c1a4976504a74a0b262dc04dbec63fac460b133f918f02ec7c9c7392484726ae112e8e6e0556bd8e9aceea7596 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | edf2b2514bd574ccef3a3da9d0be4d9d |
| SHA1 | 78c247610ff063087c9571c1446778eb32993893 |
| SHA256 | 13d82ea9734f67a5fff85da945a9e7b49380d2f3917b11e170cea864cef2d5e2 |
| SHA512 | 5090983fdbe645c7db074e142d01bedd03d1b30ca13ae8dc7a2417f871da5173d1d2ae0f4c084ce423e1c57deed1d27fad77a06fd904d8f2ff7fef797afd2210 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7c89e9212e22e92acc3d335fe9a44fe6 |
| SHA1 | c43c7e1b5fb58a40a01a6d8dd947c41a48e0b41f |
| SHA256 | 18c46c863404b31fcce434662806fa34daff0f9af0a9379d898f772b5c398b44 |
| SHA512 | c6961c171af63ddc7a72aaba4c9d910cc6a424794c416cd1ce51206f7c7f1100ca51c9e41d07d68489105dccded2294c1d761a8dc6be80d22c661014efd6a9ab |
\??\pipe\LOCAL\crashpad_4812_OUYGENSKNVYYJPVF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5b601a2b812beffeaa9422871d77cc2f |
| SHA1 | 54886f1d76a1036bd34403b93d01772f7cb3e03d |
| SHA256 | d69b76d93e5407e2d90e6884105426c3c50ae1a57514b86be9cf5d877de02f48 |
| SHA512 | 11294aa6cca4acc6a6d928deb7f64a4cdcd5806c47a30cbad1c92639eac8cdb4d599d4568654b319f86b13919be7142a416544fa0e5699a3d3576a2b103cd417 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2d653e0c0ffb65c84b56d139f26887af |
| SHA1 | 59cfa8f69a3cc0b8911df86435658fc8b1ef4b4c |
| SHA256 | 721e16a04e5baba9989e65b64b10a9de48666b225f64e5378db29d254bfa0f22 |
| SHA512 | fa5489763a9ce4eb023d968bb002737fac13f5c4d82b4f21d8139a794a6cbbbadf073bd1510f5db255d6317b59d250f8e61136067ef8eb77817e4833bd84dc19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a5c67abab5ebcfc3084801b8a8e8ad7f |
| SHA1 | aba1cde6386b44bf1c12552ee8dc16a08f0e9b67 |
| SHA256 | 6d6a39a52af31780e683d62e353a8a388d84b26059c3d4a1f552aef37cd1b55f |
| SHA512 | 61ab2743c61ae9119c93b03a2dac7254552dd5ac116271eeb6f523d2b4a00c4ba050a5bdd4efdfadbb8142a43e1c22463ca9d7b1449729470d8dfc234ef6e321 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | da5db80bdb7f549c1e38917eb25a5cb7 |
| SHA1 | afbf3960cf476792169fdbb89afb7df5d11deb57 |
| SHA256 | 911dd9f335d9816521add4a09cb0b5f8e4e74f22f0c13ca94e4b3103e9d08f6b |
| SHA512 | bb950f5cdd8a6a92a9f11426e75ea9f4b2b1b3fee3ff96ad7b18b246d584201647d7e2c2a3b17ad10b63f1576cd97d02205ac9ad31d07d00b7b12a2717d437b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b18113bae41620431f81fdf679569144 |
| SHA1 | 468acc494f5d2b0605dc83c22b3c99e8d392cb85 |
| SHA256 | 2e63a6aaa4c5e892bf06254c3be3c90f6f933940267a334440795eaeea1773b0 |
| SHA512 | f27425b1d175fa278380de95aae42925b2a07caa17a0ccff224b6493c15bae0791e756c671012998c7c8293b696d3e68c2d7515940cc4fda93bafb06bb840e92 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2iR4834.exe
| MD5 | ef5c1ec128ac1822358d9281dcf3b710 |
| SHA1 | e0c8a7594d258b02e691f0bf85a289490ee4c110 |
| SHA256 | 183181709acea935fa0e22bcae4c80d05d090283ada960a0a386aa930c588ed9 |
| SHA512 | 82b5bb583c02c55aa425a939307bc17bd89644d2f6271a3cd7fe640423bee61f1e1ece424e12633b8e82ea78012da838aefbee5321b0d4013f2ff2707ebcc05e |
C:\Users\Admin\AppData\Local\Temp\posterBoxP3Se2FWnqnbrI\ZunTSaNJLBVfWeb Data
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Temp\posterBoxP3Se2FWnqnbrI\QdX9ITDLyCRBWeb Data
| MD5 | 44de9f4a837691e623c12425421c22d1 |
| SHA1 | 5229b2b16468353e9ae72ae2d97840448b055e55 |
| SHA256 | 683050f55ee81e6cdd868cad8df884f327f903bca54f06f19e24d196d514fcae |
| SHA512 | 5f15e672310ef2f67e7517e4b23d3d1500fe18c4e53785ed8191d0b74139ccb2142e5b7495ec966e207fd46ead84bbd929d2d169b71d9477fbac4b383b0b55c5 |
C:\Users\Admin\AppData\Local\Temp\grandUIAP3Se2FWnqnbrI\information.txt
| MD5 | 9cf1a5b308ba159c968fbec7a0612ce5 |
| SHA1 | bfb02065c775a8b3982d7fb322c411d0c5461453 |
| SHA256 | ef6d0c2f65487145a52f3592c35c81286d28a00bafbf530021a6aa20d5051bc6 |
| SHA512 | f6bb45c484b1f871497a038423be1c727f93f58d6d374e7451df2af0457b21fe4a1172ba7511cc1b6af8125e56526563161523950bca9a5ca083decd03bfc72a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5e1eb8ceee44f19dc2aa684e8c10677a |
| SHA1 | 845e0d3e7460941646484cde4be93b056fffbd2d |
| SHA256 | fa0b11cdfc83c33c585d6655de35f3d2111fbbb4b976e4523e06300d6b181a8b |
| SHA512 | 870ec9a6dc55a634b8c38fb607b607e8e982f130c5697b32870f195810a59243273f55bcaeb298bc458a7ba0b1bcfa43ae9ec19f5804334889dc5b5b093beb99 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Wm7lA87.exe
| MD5 | 700a9938d0fcff91df12cbefe7435c88 |
| SHA1 | f1f661f00b19007a5355a982677761e5cf14a2c4 |
| SHA256 | 946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818 |
| SHA512 | 7fa6b52d10bcfc56ac4a43eda11ae107347ba302cc5a29c446b2d4a3f93425db486ed24a496a8acd87d98d9cfb8cad6505eb0d8d5d509bc323427b6931c8fff8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5e28dc45c43ee6e58bf619bb6b77cc52 |
| SHA1 | 0054a91c6990025334f50280be6e47ab9f60c3fb |
| SHA256 | ebae59df0a45236bcda4a6d5a76b03edb54ee857c68c0412edf8916bd7a4bda6 |
| SHA512 | 9986b46e5de4720c647adafef70918ebabcd3247a624cb56bf6d2e035835bdc7a88cac8a742699d6dc6161417a950a103b17c7fde263ac331c6ca4bf5b5ab121 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | d7b2b29ef1d9a33e61e1167984c8ca3e |
| SHA1 | 9a0da1a3cf9003ecf6aba220a8a00ca34a7ebd34 |
| SHA256 | 7d4bbec0e8bf4e62f352750240a0bc0f7844d58fea590bc6a9fc972c3b752dc2 |
| SHA512 | 3cc40b7e35c0749e419b035a73768c8f76bace77ed44be6a59469a032b643da15162733e5aaa94064494b055858a24e4f79326a863f31f1c28eab44cec35cbec |
memory/4656-505-0x0000000000C50000-0x0000000000D50000-memory.dmp
memory/4656-506-0x0000000000400000-0x0000000000892000-memory.dmp
memory/4656-509-0x00000000026A0000-0x000000000271C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | a8fc4cc08013b8d471ef0e8c6a00fd2d |
| SHA1 | f6d551a5f1535a0f38f60d0e829b7fbc55ec7645 |
| SHA256 | bbe0ebfeffd46e680308c9578085e3cfc46144c97da0a4acd1392809884f081f |
| SHA512 | 8e2ea50636169bf0b3ad247c678b3c68aabe3b116f0c3b0cfedce10261efe98e4eb9f7d6f68652f359f19a349d449dd22fa52562d5c420dffce055686107d927 |
memory/4656-532-0x0000000000400000-0x0000000000892000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 909324d9c20060e3e73a7b5ff1f19dd8 |
| SHA1 | feea7790740db1e87419c8f5920859ea0234b76b |
| SHA256 | dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278 |
| SHA512 | b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | d55250dc737ef207ba326220fff903d1 |
| SHA1 | cbdc4af13a2ca8219d5c0b13d2c091a4234347c6 |
| SHA256 | d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd |
| SHA512 | 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | b3ba9decc3bb52ed5cca8158e05928a9 |
| SHA1 | 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0 |
| SHA256 | 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4 |
| SHA512 | 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 07afb6901921d64c33e1c18dd31766d8 |
| SHA1 | 2a1461b1f05949cf31b8bf8b269bf0d7c4ec11e6 |
| SHA256 | 92d67c3d85861707973d54f7e4e79adc31189f97082c4179ff69395a4d7ec3c8 |
| SHA512 | b8929211cd26480c13b1eccd40a6bf0fe8976552dfb6484549ed161a94ab60de893d612611ded390d64367c8a75bbe354b385d485c889ad1d8880ff51eab8fa2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5806a2.TMP
| MD5 | 20a62d11a9794492a7c1ef1347d36cf2 |
| SHA1 | 7cbac994ba8a922027509785c0081326818c7ebd |
| SHA256 | 736e6ca32a63555d43742271555946d30b60111d89c4e2e0fc7a0fa686616eae |
| SHA512 | 4575224011d5be70c71bdae8d6232987172b917f6a03d1a82a6e479ecd72acb922faef594b2db4060d3f8ccecbffe5d346e0c4bdb5014f860d2d271055fac0c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c6e7464f3dbe9d5d392f7c2e7d362b52 |
| SHA1 | a77712c151ecd8a7097958b05fdb531c36ead588 |
| SHA256 | 0b63d7585d16fc52b7fe718afe12cad2358cc4b43ad060e9001617236cc0065a |
| SHA512 | d58445da238da136f835d35f5121af2f5122f280fd7c0fc82faaa9777dcb455c5799224968ed3e62b3983b85470dd1296c106c4b4f089522bbd5aa8ff6cdbf0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 6194f09fe59f1d96124dea3f511146ec |
| SHA1 | 40b1360046531dc18f2b1c6243270e2364dbf01c |
| SHA256 | fe80b8fb4d0bffbad0f4675c07469d4741d8e787489751085fd971f3bf67c088 |
| SHA512 | 44936510c6a36736ece7b6b069a972276efdbd8909f18be9859b12fc6fff61ae61317a7c2010bcd148018ec50d56024efab4b2ce09ecab2a609f8f0cf7a59564 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | de3c4008daf9abfdab6677c24c5b42a4 |
| SHA1 | 03e77561e750d22ec09f5fa507a788cc6f8a43dd |
| SHA256 | 58ccbf31b7e8d6be352654bc556676adf5cc4d17277133e2f618383b5bb05e9f |
| SHA512 | 039087d22d10c36644298927bd882517730344538365f2791ca932adfb95c1315108a0298d7684d1dffad936a0414b20203704ebdbd4265f69421b772ea34f79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 563e1b9f2712ee5e1b66685dc37bc7c9 |
| SHA1 | e0964d9d0f55ff4e23ba8f3177c5d991aa71bf3f |
| SHA256 | 09ecff1db9eca5d0b50027d4d165c32bbfbeaef3a314aeaf17caf42691757062 |
| SHA512 | 1a91ab201072e079b60bf2b20215f412e809c18ce5d1f16949be115e46f4303971158fa5adc5cb6ac4e0a10475be1d63cc97a4331d8f00474b4ebc15f8764115 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ab12757c32d2ea4917f3e55601c0247d |
| SHA1 | 0a8714d90c1c0ea1343c46d68bbec95ddd6bf2c0 |
| SHA256 | 9eb5e768d7537a24890c2d3c75c9e65e0f499c3ed90aff8022f62087b76a2d04 |
| SHA512 | 0649924eba9e01bbf4b9bc0f6f653713148e17ea9ba520b4d72b36a8fae3cc8883b27d0abc556029d8b68f0ef5351c1814b7262db1318f11a156a57ef219ee2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fbf092d5c52791acb8eedc4cb53ba7c0 |
| SHA1 | 6207b427554ce1bd40a45c5cb32f5a669bb211f9 |
| SHA256 | 9491b79ce62764368d3999b80bb7d24206822f8c06fd018ff573f184ea62d004 |
| SHA512 | b92a2f13b0132f1433c904b522378c32872bf8ee699c30337ecfc11f97f5b30fe22d810ef0693f3ab69655ca6b5dc14f8478382767f91d54b09789f2773fc517 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb8b76614644a27679f61eac58bc1783 |
| SHA1 | 893eb9d9269af600db21133eaa34086a0b34eeba |
| SHA256 | 1fc9c8c8e843096c8b0a5b6c2619352127c25b1381d4ec6795836b6c3fc040ce |
| SHA512 | 51962b7590211f79f8533c128313031c154e0ac21873be1136f80e9b54d824dedc4fef9c5425222f238b27c400de916a963952c51ad1be8bae4c19219c895350 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7be8c2ddd1f5e4ba8b73ebbf9b9c76c8 |
| SHA1 | ec047f94e1c0b0270647e63a15581bd05d8a88c4 |
| SHA256 | 6d0762554abc46ad9f5efddae4c5f36eba72dfbeffc2aad9ad5710af55db3916 |
| SHA512 | a447258a947681846b4c231f48dd85bc1e2a479eac0a2d760a1696dca80f10c15a9bd6b5800a054553b97a1c7aaba5d850073d2510e4a921df8cd3b36d01f281 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c422b4b4164c25eb3de5fb591ab108e7 |
| SHA1 | 8c163d6cc80d13b8178bfa0db4f1c5e77ed76cc4 |
| SHA256 | cb9d4ad3da6381eeb182f4e35a2516a3e9e34a931f34e1e904c4dd6cbd556c09 |
| SHA512 | bdac03ffbf1e4d4e1defd319c61c287373a01f2bbc8970f5732613d34201ed1aef2616d7292c64fc38e5f1e92700bbc754ebe3a4201eac0fa2e5f6d6c95b7af7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587a0d.TMP
| MD5 | b08b5a952c741285dcfc3e099b51e919 |
| SHA1 | 77fdef3fbe0fd0cbc5705fa51798f6c8e353b49e |
| SHA256 | 1fc233d39cb5014768be2a9d41848c05bfc6bfc551286d0a5a11eb8280890c30 |
| SHA512 | 01f63c6c7a578eb3dca7c938988a739e33b259423a2c54472c1837a25a163b56d7c1a75d47f91bada1d2e08d8eedc329c9b2d2198de709efa6975e0a106238d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 618ace90ee7ba690d6d8dfa1655606c6 |
| SHA1 | 9500362ad68377d37c05c3f5c1550540a9447154 |
| SHA256 | e75c10e156e59502484b859e5d6aeb9936b61fd7c0070f4fd132ab6173e96a9e |
| SHA512 | 9ddccfa60f5de32346741143e56a6bd3c235310c54db3775089b3224b3b3a42788f8014a56c6897629794df268443ed475d653bd4ac945d9025bacf8c810872f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 85e87a7dfa6e484723dcf4ba9180c346 |
| SHA1 | 29346405db5bde6556096ca99126a2776d2c8e0b |
| SHA256 | 82683d2a1c598ba6a1bc56762c5d730e535d89b2ab929e04a54fffcb16ac0719 |
| SHA512 | 3e41086f1d7c7f1766f57734d8ca46f3f928a7987e9a383401b6c573529fd1ca70ecb89cb8e9f2a5cfe10db4fd2cfbf013b10ba455b2556e0c838be43080ab14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\e8aea797-61b7-4b4e-af7b-91f68c6574bb\index-dir\the-real-index~RFe58a062.TMP
| MD5 | 053bbd7a38832e683d9a6a35825eda62 |
| SHA1 | 90080a9d389782c523cdc77394a7396b2fbc1a4d |
| SHA256 | a143f51c0551b6d3ba6321c9491f889a6e9a2ce125a913cdc470bf6217d74366 |
| SHA512 | 7a3eb7c58e40b10dcd28571be4881d545a1e2060ce87789c70b8c386af51a84daf86a0617da39a29147cda3915a56c60e4af203bfebe8c4b14ebe0aeaa9dc5a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\e8aea797-61b7-4b4e-af7b-91f68c6574bb\index-dir\the-real-index
| MD5 | 56ea0aad7a386b50fd0e57f2fa4eb2f8 |
| SHA1 | c8239ddcfbaae7984b905b293605ae3323bbf5e7 |
| SHA256 | a0dabfecad9a6534b2831656408138ec9ee9f9944f13720097f36c10342d006b |
| SHA512 | 3da03aaef5b12630280a4425223e6008304bf10a47705bd2407c29cf3e6b2fa503b3ff0b65dbc6d6f63255e0bbdedbb8a65408d739f204b815a5bd226f6b263f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 446b9ecedb08f8eadd721eb3dd541171 |
| SHA1 | 878f11c97c66b883191e8c61c99ce88b6c7a6f4a |
| SHA256 | 65854a857eb7b446580a4ca88789da9aa4ce536b9ee497d67f34e7fcdb4e9d5b |
| SHA512 | 82e67cf53e14d829aff207fcb4f0e0f027d9703628faef0e5efb3cbe5235520109935144a912968e068e3d49c22a1d0ae0ed3f42f09069714a5ac145ec2c3c72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b3c9e6b25a72a5b1e8692ab9185b319a |
| SHA1 | 2ce96c63b5d19581ad3f24765322c1062509ae02 |
| SHA256 | 2cb327b6b6ae393ccbed96e43ddf17249fd89edd844fea116dd5dfd412715684 |
| SHA512 | 1dc82a3793d8a7ab5ee40b2c46b61ab7b999ca00107f561581cdf00096a266308fbbb0f81109ec07c01f386b77a429b7058956ed4808f9bed742bb7579b83737 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a571a7175f70722dac3f72990891337e |
| SHA1 | c39b3c69b5316e9c20cda6409d70dff95f206c6c |
| SHA256 | 973191d2a0408eb1019203bd7f37afb3a5e574564187bda0905fe61789056a7f |
| SHA512 | b35862db3deb3b455004603fbee6b672262161a3c408b7c36d820e578536eabe8c1ef553b0ae6a23fea04b6de413741ecf2207368fe0aaf26c5d869772258abd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 26a6ba58140bce6f24136bc98bbc6723 |
| SHA1 | dfa16b1df1b6157717a7597eef0d3c84cd437ce6 |
| SHA256 | 2b277b2e4d8cf3ecc02f3c72e6120e3faca3fa2de8ff84af6e6653f271d66acd |
| SHA512 | e8ae0e8908e757b67d2957d5dd86d468df564d08dcff05a1971e89726f6d5700a79aa635eb3f2d6860f6956eb278b72788de2cd7fd9ab5a09123f541d4a3338d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 92505b9075bdd51668acdc5186ab536e |
| SHA1 | 1701807191790f087e4bb3641efaf821b2fd3985 |
| SHA256 | 4e737a3118fe297265e96a2c9b5a283269899d90caa392fac4441fcf78ea1636 |
| SHA512 | b3c31719007e7daafa5a5d9f593fb549a042ee820faf4c6607e0c0ea61f5dad810a66280120e623c9b2e3d4a7695763f90982d3ffd5d33ee84ce473420782def |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7472442d7ea8e947f624dbcb28b26054 |
| SHA1 | 6ea01093abea268ba6b3fe9379ff52f7cfb3f719 |
| SHA256 | 8b9da02b3985ca608d6443dd2efc51530d2bc28e93ebc0b5201ad218d4aed18d |
| SHA512 | 2eed98cb64699f4d4dae4b175d0c59fef8b01211a4a3d211d2c682928c4b1a6488f429cdaf8b5edce0cd106ecabaf59c361c725b1457315266d814e06a8f6fd9 |