Analysis Overview
Threat Level: Known bad
The file https://hellhacks.framer.ai/ was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Suspicious use of SetThreadContext
Checks SCSI registry key(s)
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-22 10:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-22 10:36
Reported
2024-02-22 10:38
Platform
win10v2004-20240221-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Lumma Stealer
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3300 set thread context of 656 | N/A | C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe |
| PID 2660 set thread context of 6108 | N/A | C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe |
| PID 6080 set thread context of 1424 | N/A | C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe |
| PID 5684 set thread context of 5824 | N/A | C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hellhacks.framer.ai/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb833a46f8,0x7ffb833a4708,0x7ffb833a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6936 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe
"C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe
"C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\DeadByDaylight Hack\README.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultd49d094ch5ee2h45feha9afh8604947aaa2b
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb833a46f8,0x7ffb833a4708,0x7ffb833a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,6022931689440036547,17110756404376100192,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,6022931689440036547,17110756404376100192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe
"C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe"
C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe
"C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4684 /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | hellhacks.framer.ai | udp |
| IE | 54.77.133.184:443 | hellhacks.framer.ai | tcp |
| US | 8.8.8.8:53 | framerusercontent.com | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.133.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.178.17.96.in-addr.arpa | udp |
| CZ | 65.9.95.9:443 | framerusercontent.com | tcp |
| CZ | 65.9.95.9:443 | framerusercontent.com | tcp |
| CZ | 65.9.95.9:443 | framerusercontent.com | tcp |
| CZ | 65.9.95.9:443 | framerusercontent.com | tcp |
| CZ | 65.9.95.9:443 | framerusercontent.com | tcp |
| CZ | 65.9.95.9:443 | framerusercontent.com | tcp |
| CZ | 65.9.95.9:443 | framerusercontent.com | tcp |
| US | 8.8.8.8:53 | events.framer.com | udp |
| CZ | 65.9.95.73:443 | events.framer.com | tcp |
| US | 8.8.8.8:53 | app.framerstatic.com | udp |
| CZ | 65.9.95.80:443 | app.framerstatic.com | tcp |
| CZ | 65.9.95.80:443 | app.framerstatic.com | tcp |
| CZ | 65.9.95.80:443 | app.framerstatic.com | tcp |
| CZ | 65.9.95.80:443 | app.framerstatic.com | tcp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.95.9.65.in-addr.arpa | udp |
| CZ | 65.9.95.73:443 | events.framer.com | tcp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| NL | 142.251.36.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| NL | 142.250.179.206:443 | translate.google.com | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| CZ | 65.9.94.124:443 | cdn.amplitude.com | tcp |
| CZ | 65.9.94.124:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | 40.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.94.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| NL | 142.250.179.138:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 52.89.12.0:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 216.58.212.234:443 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| NL | 142.250.27.154:443 | stats.g.doubleclick.net | tcp |
| NL | 172.217.23.195:443 | www.google.co.uk | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 216.58.212.234:443 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 0.12.89.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 172.217.23.195:443 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.251.36.10:443 | ajax.googleapis.com | udp |
| NL | 142.250.179.138:443 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| NL | 142.250.179.206:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 104.19.214.37:443 | cdn.otnolatrnup.com | tcp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.56.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.214.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.89.181.35.in-addr.arpa | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 106.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download2346.mediafire.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 199.91.155.87:443 | download2346.mediafire.com | tcp |
| US | 199.91.155.87:443 | download2346.mediafire.com | tcp |
| NL | 142.250.179.130:443 | securepubads.g.doubleclick.net | tcp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| NL | 142.250.179.130:443 | securepubads.g.doubleclick.net | udp |
| DE | 18.194.22.91:443 | btlr.sharethrough.com | tcp |
| DE | 18.194.22.91:443 | btlr.sharethrough.com | tcp |
| DE | 18.194.22.91:443 | btlr.sharethrough.com | tcp |
| DE | 18.194.22.91:443 | btlr.sharethrough.com | tcp |
| DE | 18.194.22.91:443 | btlr.sharethrough.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| DE | 52.57.124.117:443 | tlx.3lift.com | tcp |
| GB | 216.58.212.234:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.22.194.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.124.57.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| CZ | 65.9.95.74:443 | tags.crwdcntrl.net | tcp |
| IE | 52.212.53.200:443 | ad.crwdcntrl.net | tcp |
| IE | 99.81.54.149:443 | ad.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 200.53.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.54.81.99.in-addr.arpa | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | e0ebc65069b7612fc4f095d9a195eb4c.safeframe.googlesyndication.com | udp |
| NL | 216.58.208.97:443 | e0ebc65069b7612fc4f095d9a195eb4c.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| GB | 2.17.4.21:443 | contextual.media.net | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| CZ | 65.9.95.147:443 | cdn.prod.uidapi.com | tcp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| US | 8.8.8.8:53 | 97.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| US | 8.8.8.8:53 | warp.media.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 23.44.232.24:443 | warp.media.net | tcp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | udp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| GB | 23.44.232.24:443 | warp.media.net | tcp |
| GB | 23.44.232.24:443 | warp.media.net | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | 21.4.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.232.44.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.179.250.142.in-addr.arpa | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | hblg.media.net | udp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | mnadshield-a.akamaihd.net | udp |
| GB | 88.221.134.27:443 | mnadshield-a.akamaihd.net | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | 82.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| FR | 178.250.7.13:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | c.pm-serv.co | udp |
| GB | 95.101.143.242:443 | c.pm-serv.co | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| NL | 185.235.87.65:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.47:443 | gem.gbc.criteo.com | tcp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | l.pm-serv.co | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | premiumsearches.net | udp |
| US | 8.8.8.8:53 | 19.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| NL | 142.250.179.138:443 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | legatorypluralishrtw.shop | udp |
| US | 104.21.89.105:443 | legatorypluralishrtw.shop | tcp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | 105.89.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 188.114.96.2:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 172.67.147.18:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 126.195.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.147.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 104.21.89.105:443 | legatorypluralishrtw.shop | tcp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 188.114.96.2:443 | turkeyunlikelyofw.shop | tcp |
| US | 172.67.147.18:443 | associationokeo.shop | tcp |
| US | 104.21.89.105:443 | legatorypluralishrtw.shop | tcp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 188.114.96.2:443 | turkeyunlikelyofw.shop | tcp |
| US | 172.67.147.18:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 170.253.116.51.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4254f7a8438af12de575e00b22651d6c |
| SHA1 | a3c7bde09221129451a7bb42c1707f64b178e573 |
| SHA256 | 7f55f63c6b77511999eee973415c1f313f81bc0533a36b041820dd4e84f9879b |
| SHA512 | e6a3244139cd6e09cef7dab531bff674847c7ca77218bd1f971aa9bf733a253ac311571b8d6a3fe13e13da4f506fec413f3b345a3429e09d7ceb821a7017ec70 |
\??\pipe\LOCAL\crashpad_960_NJJGIGXMHVJMAZFH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1f6d41bf10dc1ec1ca4e14d350bbc0b1 |
| SHA1 | 7a62b23dc3c19e16930b5108d209c4ec937d7dfb |
| SHA256 | 35947f71e9cd4bda79e78d028d025dff5fe99c07ea9c767e487ca45d33a5c770 |
| SHA512 | 046d6c2193a89f4b1b7f932730a0fc72e9fc95fbdb5514435a3e2a73415a105e4f6fa7d536ae6b24638a6aa97beb5c8777e03f597bb4bc928fa8b364b7192a13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 84b77118e1a3546c93039ce5816b2d78 |
| SHA1 | b5d2b51d82307357380c8ba33524737036431d10 |
| SHA256 | e7adc6d516b137bb875679c517aa831561ac20c972371de07352d6143b4a6333 |
| SHA512 | 435cfd8701ea055cf5256c031b84c0bd50ba2997c3f01517f5802e8747d6d1f76ce8d0da3b8b9611b3bffcc0fe0be235516076df063e87092dbbe19f6205915f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7986060276a824cf3be9894f82873a72 |
| SHA1 | b026529cda00d3671c9223fafd9f1796fbce358b |
| SHA256 | 2561411287473ffd6f8a1943f925ceffb6cbabe0cb3087c214b16c1657c4ca89 |
| SHA512 | befed97daa8afeb2e6c55f296191978bc208e21e135b39cf2c5607cd42aa430fdfea92e65b91204412ec9878b9a4ac91ecf156dc2d0f99d34e5974835c1c1c7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f3cd2fba081662801cee200882503d1d |
| SHA1 | ed4583337b727dbe5c8198df43252c7d4c619638 |
| SHA256 | 373b891b666741f6ddda851eebdc257c906934472593530b787fba11f0f61c9f |
| SHA512 | d8485404b3bba9f71a53cf78db40dcb3ed0af3dba357511ab6ebd83dba5fec760c6671824e5a411e339d764a47669d12fd4a6cf5de23b072c8124ad40f12a314 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c014.TMP
| MD5 | 314d35f09840265dda150fd2cfebc616 |
| SHA1 | e60fc33365ab9bcd0d780e503836b9f2bc9ce32c |
| SHA256 | 2de7eb42b843f6a5a8501f691033f96aee402d58bab8ba7016b66a1da9f8be04 |
| SHA512 | 1d584726168eccd233eea51f38b4a682d95a3de88a575c5d18bcef4bbe5d0667cbd38cdc3199fc99f677c7a413c948ed7d49e644339dd84542a00d2277415d6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 310c16a4b68a75822dc8760572a45135 |
| SHA1 | c46c32d67198e2be26782a8577bf868e030eba97 |
| SHA256 | 220295ad9dfa922a7854cb81c40f6d459379805a1c9935c0fb2a03bd6edb0929 |
| SHA512 | 75774833e464d3be7feb2cd35a81608797cd045d6d9e0ce440d5d5e99aa9af645fda33334575b517d85c19673f0892e951328903ba159b62bc14b4ad4eda2848 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6e028c4c648c4b62b8a4fc78aec69698 |
| SHA1 | af3f20b3218ba0211d50cac25fe79add038bc24d |
| SHA256 | dcdd88d84267e09c3090aacfb1cae6b506e07e839c69ec3dd0a3b856a57dbe27 |
| SHA512 | 7f4c53493f0f038680f739e98916c7ab2cc3884c0d5948440de316298742ad99febf1b391482cdc714d497097d9b40901f6fc8e7dabac083ceccf713191b4463 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | bd7413700347d61e76c331f09e872ad0 |
| SHA1 | edcf8c0e570d8f6dd4251bd68a2800d4dfce4235 |
| SHA256 | 0ea7fbc16f020a826084718b4a536bc6b5d0a8315687b2833f64294d833f25a7 |
| SHA512 | 90028946c4504663bddcd07afd11ac964b4d34cd63d090f4d1dc2d4ce34ef540efeb6a9f7412dd4a9e5691718fa0927e0f3c52a2d1a5a9e4512e19071a9532ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b3922ceeff1864c7ac17bb888525b0c8 |
| SHA1 | cceb98df0a6e1ee1f97827ac0ed111715b02ca91 |
| SHA256 | f442739a563f4c431cdf4234d6edc5984c72ec7d08c47cb6ff520c79597b83e3 |
| SHA512 | f80cbb136f96a5560d431501b4090a35db9f983b65631bcf28902e4403186f3b0c5de25b834db99eee9bfcdf7fca8ae0691cf46ebcbc3dab15f8207e647a7ee0 |
C:\Users\Admin\Downloads\Password - dbdhack321.zip
| MD5 | 0f3e533ec2d54927314cd111feed3fc4 |
| SHA1 | 7c3735c6393df2ccff55b5dc5c6239c54068f926 |
| SHA256 | 800b2a1de43bfa1095a3740d5f57087246a22e7eb9209a7dcafd13351da30779 |
| SHA512 | 928055c3a4eff42fc9c22640122d0008271032528dc45512a7433ea703b3b72a3ae7a68c01b7822a6072f29f0cb128b670e192908667b920bc1589d127d11f44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 815f65b76648d078c66b20a2d36eb509 |
| SHA1 | 9448ace2d6db95fe476a4fb0c18101b039289635 |
| SHA256 | 1f76065b04209c97842b8bfa4bcf77786df20587b09de4b6e1dd4447e1329e4f |
| SHA512 | cdde2a46dcc82a44ad8e75c3576211fc713b458b00822d4d4e22a3a5a6f4d872f63358ca0c8e9620c1aaf43e88643b3b8a08f39bbd4da7352a8c506169ba3d69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2cd0aeb997092aa5242c0e6c9dc87c7e |
| SHA1 | 1160f310ac32964bf5b350e64a30fa35c39f0c74 |
| SHA256 | f8a05178a61cf6f17ae1cbd5e2e5178d488b8b04f1dc15ddddb3082fe7272f95 |
| SHA512 | a6e450e9c8cf0cb43e8a785b02746f52385579ce2ddb848c372121417ae64e3a4393162577eb03fe4a59b43339bdb0c1a52d353ba242898297e35f23e758b32c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 48aad1fa64b36332212c513414964d90 |
| SHA1 | b1ae8c0e52f222e39a588b446cbd05a0b6e2ba38 |
| SHA256 | c998714fbe951dcde31c809da257e6556fa212e8bd69b6a9d695d0c1255d9f6a |
| SHA512 | aed794d8aa20f7ce30e44d2a4febfe5375f4a5d0eda3004eeb90f691c0212a7106772e54b2d00f2867d81e968bb8ea66f607fa2b98d8cb5e32db1e2ce3d0d391 |
memory/656-421-0x0000000000F50000-0x0000000000F98000-memory.dmp
memory/3300-422-0x00007FF780A00000-0x00007FF780DA5000-memory.dmp
memory/656-424-0x0000000000F50000-0x0000000000F98000-memory.dmp
memory/656-426-0x0000000000F50000-0x0000000000F98000-memory.dmp
memory/6108-438-0x0000000000D70000-0x0000000000DB8000-memory.dmp
memory/2660-439-0x00007FF780A00000-0x00007FF780DA5000-memory.dmp
memory/6108-441-0x0000000000D70000-0x0000000000DB8000-memory.dmp
memory/6108-442-0x0000000000D70000-0x0000000000DB8000-memory.dmp
memory/6108-443-0x0000000000D70000-0x0000000000DB8000-memory.dmp
memory/6108-444-0x0000000000D70000-0x0000000000DB8000-memory.dmp
memory/6108-445-0x0000000001180000-0x00000000011B2000-memory.dmp
memory/6108-446-0x0000000001180000-0x00000000011B2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0f9ffe3de2ae0bf054ad2ece42444240 |
| SHA1 | 177689b5942280d486f8df9fd7b1cd5e1ac62f2c |
| SHA256 | c86f3dfeb86e9a287c832db50ffc4a9dc6b8bcf6dc779ab1170fc4f5c5ac2c38 |
| SHA512 | 7839f15d9f8697d7830d1b33731d5652d2d7c7bb16a92338ab722a884ddcb3a25c8a08586203d6e118c512ea5527877c4a4c9861d9e427d7021aab8907196630 |
memory/6108-461-0x0000000000D70000-0x0000000000DB8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 05fcaf23077596c738b88e0ca049ecf2 |
| SHA1 | 4777f932ed60ff5a054ac709c3c65795e0db3e67 |
| SHA256 | 2096b116004202b14bcc71dc3c8ba2b242a63cc4be476f80f75099134edbb918 |
| SHA512 | d1bb07e1f833c4becf9960d4c32d0b3219389a0e9d4755f3a3187c6a72271c41704a04accdaf17924f916fbce9647ba970ebcd5a9d8e964d9c68fc421a477152 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a8acb5a4fbc9e792d22685e39a1cd75e |
| SHA1 | 8cd1f0a7fb07f135464756c3f2ed3f18a1431df2 |
| SHA256 | 571afd2ea4701ac99c3fb881f9067685190393cd4a508fa115296a189d743ffe |
| SHA512 | c6c2e136e59998b217f472c672c7f9c7afe2ea880e0ba93c743c2bbeb6a8da89c628e94266929398909e43f4c996a3240f5a42956fb070f646f8f9fc07cf5ee9 |
memory/1120-505-0x000001DB77200000-0x000001DB77201000-memory.dmp
memory/1120-507-0x000001DB77200000-0x000001DB77201000-memory.dmp
memory/1120-506-0x000001DB77200000-0x000001DB77201000-memory.dmp
memory/1120-511-0x000001DB77200000-0x000001DB77201000-memory.dmp
memory/1120-513-0x000001DB77200000-0x000001DB77201000-memory.dmp
memory/1120-512-0x000001DB77200000-0x000001DB77201000-memory.dmp
memory/1120-514-0x000001DB77200000-0x000001DB77201000-memory.dmp
memory/1120-516-0x000001DB77200000-0x000001DB77201000-memory.dmp
memory/1120-517-0x000001DB77200000-0x000001DB77201000-memory.dmp
memory/1424-518-0x0000000000700000-0x0000000000748000-memory.dmp
memory/1120-515-0x000001DB77200000-0x000001DB77201000-memory.dmp
memory/6080-520-0x00007FF780A00000-0x00007FF780DA5000-memory.dmp
memory/1424-521-0x0000000000700000-0x0000000000748000-memory.dmp
memory/1424-522-0x0000000000700000-0x0000000000748000-memory.dmp
memory/1424-523-0x00000000008E0000-0x0000000000912000-memory.dmp
memory/1424-524-0x00000000008E0000-0x0000000000912000-memory.dmp
memory/1424-525-0x00000000008E0000-0x0000000000912000-memory.dmp
memory/1424-526-0x00000000008E0000-0x0000000000912000-memory.dmp
memory/5824-527-0x0000000001100000-0x0000000001148000-memory.dmp
memory/5684-528-0x00007FF780A00000-0x00007FF780DA5000-memory.dmp
memory/5824-530-0x0000000001100000-0x0000000001148000-memory.dmp
memory/5824-531-0x0000000001100000-0x0000000001148000-memory.dmp
memory/5824-532-0x00000000012B0000-0x00000000012B1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 47e6417a0e4dbbf1556391d97d4a831e |
| SHA1 | 4429c19be3c3fe15e51439e4b34d6ee7a23131e3 |
| SHA256 | 92fb8db4ebf1bd17bd41db7dd62f19bb2e5c866c89344ad465abad4eb0fe6a4d |
| SHA512 | a7c2bf7f17a1c2d20a3f7a61d74bea8a57e5c9dbb1ce2749587fbea9391531176b97499c6dbf1fb1a59d83ab06a93a8207a23eaa6e38d8378ad199557baaf36a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a18dd1f3b4b39efc0a9739c4dd9b5489 |
| SHA1 | 38b009a8f2e1a07b0dc55a0fed8b0ab7c684aa54 |
| SHA256 | 4121f74cc97a41ab233bdce91a552af0f365ca9e68e69e6a7f9367b71c7e0d13 |
| SHA512 | d08e302c01485b4ccdcdb7a296d007e0bf479c77ece597eda9fe6c9a6b008a4aa6c199ec2f76ff809d4f35a916e0f55c7fabc249fc2fec0c8394c0013ea28ab4 |