Malware Analysis Report

2024-11-30 04:52

Sample ID 240222-mncnsafg81
Target https://hellhacks.framer.ai/
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://hellhacks.framer.ai/ was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Suspicious use of SetThreadContext

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 10:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 10:36

Reported

2024-02-22 10:38

Platform

win10v2004-20240221-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hellhacks.framer.ai/

Signatures

Lumma Stealer

stealer lumma

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 960 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 960 wrote to memory of 3020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hellhacks.framer.ai/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb833a46f8,0x7ffb833a4708,0x7ffb833a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6936 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe

"C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1

C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe

"C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\DeadByDaylight Hack\README.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultd49d094ch5ee2h45feha9afh8604947aaa2b

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb833a46f8,0x7ffb833a4708,0x7ffb833a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,6022931689440036547,17110756404376100192,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,6022931689440036547,17110756404376100192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe

"C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe"

C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe

"C:\Users\Admin\Desktop\DeadByDaylight Hack\CheatInjector.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,5735126174410322267,6379297670768256578,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4684 /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 hellhacks.framer.ai udp
IE 54.77.133.184:443 hellhacks.framer.ai tcp
US 8.8.8.8:53 framerusercontent.com udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 184.133.77.54.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 94.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
CZ 65.9.95.9:443 framerusercontent.com tcp
CZ 65.9.95.9:443 framerusercontent.com tcp
CZ 65.9.95.9:443 framerusercontent.com tcp
CZ 65.9.95.9:443 framerusercontent.com tcp
CZ 65.9.95.9:443 framerusercontent.com tcp
CZ 65.9.95.9:443 framerusercontent.com tcp
CZ 65.9.95.9:443 framerusercontent.com tcp
US 8.8.8.8:53 events.framer.com udp
CZ 65.9.95.73:443 events.framer.com tcp
US 8.8.8.8:53 app.framerstatic.com udp
CZ 65.9.95.80:443 app.framerstatic.com tcp
CZ 65.9.95.80:443 app.framerstatic.com tcp
CZ 65.9.95.80:443 app.framerstatic.com tcp
CZ 65.9.95.80:443 app.framerstatic.com tcp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 9.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 73.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 80.95.9.65.in-addr.arpa udp
CZ 65.9.95.73:443 events.framer.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 104.16.113.74:443 www.mediafire.com tcp
US 8.8.8.8:53 74.113.16.104.in-addr.arpa udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
NL 142.251.36.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 10.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 translate.google.com udp
NL 142.250.179.206:443 translate.google.com tcp
GB 163.70.147.23:443 connect.facebook.net tcp
CZ 65.9.94.124:443 cdn.amplitude.com tcp
CZ 65.9.94.124:443 cdn.amplitude.com tcp
US 8.8.8.8:53 40.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 124.94.9.65.in-addr.arpa udp
US 8.8.8.8:53 translate.googleapis.com udp
NL 142.250.179.138:443 translate.googleapis.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 52.89.12.0:443 api.amplitude.com tcp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 216.58.212.234:443 translate-pa.googleapis.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
NL 142.250.27.154:443 stats.g.doubleclick.net tcp
NL 172.217.23.195:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 216.58.212.234:443 translate-pa.googleapis.com tcp
US 8.8.8.8:53 0.12.89.52.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 195.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 154.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
NL 142.250.179.196:443 www.google.com udp
NL 172.217.23.195:443 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com udp
NL 142.250.179.196:443 www.google.com udp
NL 142.251.36.10:443 ajax.googleapis.com udp
NL 142.250.179.138:443 translate.googleapis.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 www.ezojs.com udp
US 104.21.63.106:443 www.ezojs.com tcp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
NL 142.250.179.206:443 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 g.ezoic.net udp
US 104.19.214.37:443 cdn.otnolatrnup.com tcp
FR 35.181.89.222:443 g.ezoic.net tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 101.56.16.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 166.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 37.214.19.104.in-addr.arpa udp
US 8.8.8.8:53 222.89.181.35.in-addr.arpa udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 106.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 download2346.mediafire.com udp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 199.91.155.87:443 download2346.mediafire.com tcp
US 199.91.155.87:443 download2346.mediafire.com tcp
NL 142.250.179.130:443 securepubads.g.doubleclick.net tcp
US 188.114.96.2:443 go.ezodn.com tcp
US 188.114.96.2:443 go.ezodn.com tcp
US 188.114.96.2:443 go.ezodn.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 prebid.media.net udp
NL 142.250.179.130:443 securepubads.g.doubleclick.net udp
DE 18.194.22.91:443 btlr.sharethrough.com tcp
DE 18.194.22.91:443 btlr.sharethrough.com tcp
DE 18.194.22.91:443 btlr.sharethrough.com tcp
DE 18.194.22.91:443 btlr.sharethrough.com tcp
DE 18.194.22.91:443 btlr.sharethrough.com tcp
US 34.120.63.153:443 prebid.media.net tcp
DE 52.57.124.117:443 tlx.3lift.com tcp
GB 216.58.212.234:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 87.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 91.22.194.18.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 117.124.57.52.in-addr.arpa udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
CZ 65.9.95.74:443 tags.crwdcntrl.net tcp
IE 52.212.53.200:443 ad.crwdcntrl.net tcp
IE 99.81.54.149:443 ad.crwdcntrl.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 200.53.212.52.in-addr.arpa udp
US 8.8.8.8:53 74.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 149.54.81.99.in-addr.arpa udp
FR 35.181.89.222:443 g.ezoic.net tcp
US 8.8.8.8:53 e0ebc65069b7612fc4f095d9a195eb4c.safeframe.googlesyndication.com udp
NL 216.58.208.97:443 e0ebc65069b7612fc4f095d9a195eb4c.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
GB 2.17.4.21:443 contextual.media.net tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
CZ 65.9.95.147:443 cdn.prod.uidapi.com tcp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 8.8.8.8:53 cdn-ima.33across.com udp
NL 178.250.1.3:443 static.criteo.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
US 8.8.8.8:53 97.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
NL 172.217.168.225:443 cdn.ampproject.org tcp
US 8.8.8.8:53 hbx.media.net udp
US 8.8.8.8:53 warp.media.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 23.44.232.24:443 warp.media.net tcp
NL 172.217.168.225:443 cdn.ampproject.org udp
NL 142.250.179.129:443 tpc.googlesyndication.com tcp
NL 142.250.179.129:443 tpc.googlesyndication.com tcp
NL 142.250.179.129:443 tpc.googlesyndication.com tcp
NL 142.250.179.129:443 tpc.googlesyndication.com tcp
NL 142.250.179.129:443 tpc.googlesyndication.com tcp
NL 142.250.179.129:443 tpc.googlesyndication.com tcp
GB 23.44.232.24:443 warp.media.net tcp
GB 23.44.232.24:443 warp.media.net tcp
NL 142.250.179.129:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 oajs.openx.net udp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.82:443 id5-sync.com tcp
US 8.8.8.8:53 21.4.17.2.in-addr.arpa udp
US 8.8.8.8:53 9.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 147.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 225.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 24.232.44.23.in-addr.arpa udp
US 8.8.8.8:53 129.179.250.142.in-addr.arpa udp
US 34.120.135.53:443 oajs.openx.net tcp
US 8.8.8.8:53 hblg.media.net udp
NL 142.250.179.129:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 mnadshield-a.akamaihd.net udp
GB 88.221.134.27:443 mnadshield-a.akamaihd.net tcp
US 34.120.135.53:443 oajs.openx.net udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 27.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
FR 178.250.7.13:443 gum.criteo.com tcp
US 8.8.8.8:53 c.pm-serv.co udp
GB 95.101.143.242:443 c.pm-serv.co tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 178.250.7.13:443 dnacdn.net tcp
NL 185.235.87.65:443 ag.gbc.criteo.com tcp
FR 185.235.86.47:443 gem.gbc.criteo.com tcp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 242.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 65.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 47.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 l.pm-serv.co udp
US 8.8.8.8:53 image6.pubmatic.com udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 8.8.8.8:53 premiumsearches.net udp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
NL 142.250.179.138:443 translate.googleapis.com udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 legatorypluralishrtw.shop udp
US 104.21.89.105:443 legatorypluralishrtw.shop tcp
US 8.8.8.8:53 technologyenterdo.shop udp
US 104.21.80.118:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 detectordiscusser.shop udp
US 172.67.195.126:443 detectordiscusser.shop tcp
US 8.8.8.8:53 105.89.21.104.in-addr.arpa udp
US 8.8.8.8:53 118.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 188.114.96.2:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 associationokeo.shop udp
US 172.67.147.18:443 associationokeo.shop tcp
US 8.8.8.8:53 126.195.67.172.in-addr.arpa udp
US 8.8.8.8:53 18.147.67.172.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 104.21.89.105:443 legatorypluralishrtw.shop tcp
US 104.21.80.118:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 172.67.195.126:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 188.114.96.2:443 turkeyunlikelyofw.shop tcp
US 172.67.147.18:443 associationokeo.shop tcp
US 104.21.89.105:443 legatorypluralishrtw.shop tcp
US 104.21.80.118:443 technologyenterdo.shop tcp
US 172.67.195.126:443 detectordiscusser.shop tcp
US 188.114.96.2:443 turkeyunlikelyofw.shop tcp
US 172.67.147.18:443 associationokeo.shop tcp
US 8.8.8.8:53 170.253.116.51.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4254f7a8438af12de575e00b22651d6c
SHA1 a3c7bde09221129451a7bb42c1707f64b178e573
SHA256 7f55f63c6b77511999eee973415c1f313f81bc0533a36b041820dd4e84f9879b
SHA512 e6a3244139cd6e09cef7dab531bff674847c7ca77218bd1f971aa9bf733a253ac311571b8d6a3fe13e13da4f506fec413f3b345a3429e09d7ceb821a7017ec70

\??\pipe\LOCAL\crashpad_960_NJJGIGXMHVJMAZFH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1f6d41bf10dc1ec1ca4e14d350bbc0b1
SHA1 7a62b23dc3c19e16930b5108d209c4ec937d7dfb
SHA256 35947f71e9cd4bda79e78d028d025dff5fe99c07ea9c767e487ca45d33a5c770
SHA512 046d6c2193a89f4b1b7f932730a0fc72e9fc95fbdb5514435a3e2a73415a105e4f6fa7d536ae6b24638a6aa97beb5c8777e03f597bb4bc928fa8b364b7192a13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 84b77118e1a3546c93039ce5816b2d78
SHA1 b5d2b51d82307357380c8ba33524737036431d10
SHA256 e7adc6d516b137bb875679c517aa831561ac20c972371de07352d6143b4a6333
SHA512 435cfd8701ea055cf5256c031b84c0bd50ba2997c3f01517f5802e8747d6d1f76ce8d0da3b8b9611b3bffcc0fe0be235516076df063e87092dbbe19f6205915f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7986060276a824cf3be9894f82873a72
SHA1 b026529cda00d3671c9223fafd9f1796fbce358b
SHA256 2561411287473ffd6f8a1943f925ceffb6cbabe0cb3087c214b16c1657c4ca89
SHA512 befed97daa8afeb2e6c55f296191978bc208e21e135b39cf2c5607cd42aa430fdfea92e65b91204412ec9878b9a4ac91ecf156dc2d0f99d34e5974835c1c1c7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f3cd2fba081662801cee200882503d1d
SHA1 ed4583337b727dbe5c8198df43252c7d4c619638
SHA256 373b891b666741f6ddda851eebdc257c906934472593530b787fba11f0f61c9f
SHA512 d8485404b3bba9f71a53cf78db40dcb3ed0af3dba357511ab6ebd83dba5fec760c6671824e5a411e339d764a47669d12fd4a6cf5de23b072c8124ad40f12a314

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c014.TMP

MD5 314d35f09840265dda150fd2cfebc616
SHA1 e60fc33365ab9bcd0d780e503836b9f2bc9ce32c
SHA256 2de7eb42b843f6a5a8501f691033f96aee402d58bab8ba7016b66a1da9f8be04
SHA512 1d584726168eccd233eea51f38b4a682d95a3de88a575c5d18bcef4bbe5d0667cbd38cdc3199fc99f677c7a413c948ed7d49e644339dd84542a00d2277415d6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 310c16a4b68a75822dc8760572a45135
SHA1 c46c32d67198e2be26782a8577bf868e030eba97
SHA256 220295ad9dfa922a7854cb81c40f6d459379805a1c9935c0fb2a03bd6edb0929
SHA512 75774833e464d3be7feb2cd35a81608797cd045d6d9e0ce440d5d5e99aa9af645fda33334575b517d85c19673f0892e951328903ba159b62bc14b4ad4eda2848

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6e028c4c648c4b62b8a4fc78aec69698
SHA1 af3f20b3218ba0211d50cac25fe79add038bc24d
SHA256 dcdd88d84267e09c3090aacfb1cae6b506e07e839c69ec3dd0a3b856a57dbe27
SHA512 7f4c53493f0f038680f739e98916c7ab2cc3884c0d5948440de316298742ad99febf1b391482cdc714d497097d9b40901f6fc8e7dabac083ceccf713191b4463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 bd7413700347d61e76c331f09e872ad0
SHA1 edcf8c0e570d8f6dd4251bd68a2800d4dfce4235
SHA256 0ea7fbc16f020a826084718b4a536bc6b5d0a8315687b2833f64294d833f25a7
SHA512 90028946c4504663bddcd07afd11ac964b4d34cd63d090f4d1dc2d4ce34ef540efeb6a9f7412dd4a9e5691718fa0927e0f3c52a2d1a5a9e4512e19071a9532ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b3922ceeff1864c7ac17bb888525b0c8
SHA1 cceb98df0a6e1ee1f97827ac0ed111715b02ca91
SHA256 f442739a563f4c431cdf4234d6edc5984c72ec7d08c47cb6ff520c79597b83e3
SHA512 f80cbb136f96a5560d431501b4090a35db9f983b65631bcf28902e4403186f3b0c5de25b834db99eee9bfcdf7fca8ae0691cf46ebcbc3dab15f8207e647a7ee0

C:\Users\Admin\Downloads\Password - dbdhack321.zip

MD5 0f3e533ec2d54927314cd111feed3fc4
SHA1 7c3735c6393df2ccff55b5dc5c6239c54068f926
SHA256 800b2a1de43bfa1095a3740d5f57087246a22e7eb9209a7dcafd13351da30779
SHA512 928055c3a4eff42fc9c22640122d0008271032528dc45512a7433ea703b3b72a3ae7a68c01b7822a6072f29f0cb128b670e192908667b920bc1589d127d11f44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 815f65b76648d078c66b20a2d36eb509
SHA1 9448ace2d6db95fe476a4fb0c18101b039289635
SHA256 1f76065b04209c97842b8bfa4bcf77786df20587b09de4b6e1dd4447e1329e4f
SHA512 cdde2a46dcc82a44ad8e75c3576211fc713b458b00822d4d4e22a3a5a6f4d872f63358ca0c8e9620c1aaf43e88643b3b8a08f39bbd4da7352a8c506169ba3d69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2cd0aeb997092aa5242c0e6c9dc87c7e
SHA1 1160f310ac32964bf5b350e64a30fa35c39f0c74
SHA256 f8a05178a61cf6f17ae1cbd5e2e5178d488b8b04f1dc15ddddb3082fe7272f95
SHA512 a6e450e9c8cf0cb43e8a785b02746f52385579ce2ddb848c372121417ae64e3a4393162577eb03fe4a59b43339bdb0c1a52d353ba242898297e35f23e758b32c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 48aad1fa64b36332212c513414964d90
SHA1 b1ae8c0e52f222e39a588b446cbd05a0b6e2ba38
SHA256 c998714fbe951dcde31c809da257e6556fa212e8bd69b6a9d695d0c1255d9f6a
SHA512 aed794d8aa20f7ce30e44d2a4febfe5375f4a5d0eda3004eeb90f691c0212a7106772e54b2d00f2867d81e968bb8ea66f607fa2b98d8cb5e32db1e2ce3d0d391

memory/656-421-0x0000000000F50000-0x0000000000F98000-memory.dmp

memory/3300-422-0x00007FF780A00000-0x00007FF780DA5000-memory.dmp

memory/656-424-0x0000000000F50000-0x0000000000F98000-memory.dmp

memory/656-426-0x0000000000F50000-0x0000000000F98000-memory.dmp

memory/6108-438-0x0000000000D70000-0x0000000000DB8000-memory.dmp

memory/2660-439-0x00007FF780A00000-0x00007FF780DA5000-memory.dmp

memory/6108-441-0x0000000000D70000-0x0000000000DB8000-memory.dmp

memory/6108-442-0x0000000000D70000-0x0000000000DB8000-memory.dmp

memory/6108-443-0x0000000000D70000-0x0000000000DB8000-memory.dmp

memory/6108-444-0x0000000000D70000-0x0000000000DB8000-memory.dmp

memory/6108-445-0x0000000001180000-0x00000000011B2000-memory.dmp

memory/6108-446-0x0000000001180000-0x00000000011B2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0f9ffe3de2ae0bf054ad2ece42444240
SHA1 177689b5942280d486f8df9fd7b1cd5e1ac62f2c
SHA256 c86f3dfeb86e9a287c832db50ffc4a9dc6b8bcf6dc779ab1170fc4f5c5ac2c38
SHA512 7839f15d9f8697d7830d1b33731d5652d2d7c7bb16a92338ab722a884ddcb3a25c8a08586203d6e118c512ea5527877c4a4c9861d9e427d7021aab8907196630

memory/6108-461-0x0000000000D70000-0x0000000000DB8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 05fcaf23077596c738b88e0ca049ecf2
SHA1 4777f932ed60ff5a054ac709c3c65795e0db3e67
SHA256 2096b116004202b14bcc71dc3c8ba2b242a63cc4be476f80f75099134edbb918
SHA512 d1bb07e1f833c4becf9960d4c32d0b3219389a0e9d4755f3a3187c6a72271c41704a04accdaf17924f916fbce9647ba970ebcd5a9d8e964d9c68fc421a477152

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a8acb5a4fbc9e792d22685e39a1cd75e
SHA1 8cd1f0a7fb07f135464756c3f2ed3f18a1431df2
SHA256 571afd2ea4701ac99c3fb881f9067685190393cd4a508fa115296a189d743ffe
SHA512 c6c2e136e59998b217f472c672c7f9c7afe2ea880e0ba93c743c2bbeb6a8da89c628e94266929398909e43f4c996a3240f5a42956fb070f646f8f9fc07cf5ee9

memory/1120-505-0x000001DB77200000-0x000001DB77201000-memory.dmp

memory/1120-507-0x000001DB77200000-0x000001DB77201000-memory.dmp

memory/1120-506-0x000001DB77200000-0x000001DB77201000-memory.dmp

memory/1120-511-0x000001DB77200000-0x000001DB77201000-memory.dmp

memory/1120-513-0x000001DB77200000-0x000001DB77201000-memory.dmp

memory/1120-512-0x000001DB77200000-0x000001DB77201000-memory.dmp

memory/1120-514-0x000001DB77200000-0x000001DB77201000-memory.dmp

memory/1120-516-0x000001DB77200000-0x000001DB77201000-memory.dmp

memory/1120-517-0x000001DB77200000-0x000001DB77201000-memory.dmp

memory/1424-518-0x0000000000700000-0x0000000000748000-memory.dmp

memory/1120-515-0x000001DB77200000-0x000001DB77201000-memory.dmp

memory/6080-520-0x00007FF780A00000-0x00007FF780DA5000-memory.dmp

memory/1424-521-0x0000000000700000-0x0000000000748000-memory.dmp

memory/1424-522-0x0000000000700000-0x0000000000748000-memory.dmp

memory/1424-523-0x00000000008E0000-0x0000000000912000-memory.dmp

memory/1424-524-0x00000000008E0000-0x0000000000912000-memory.dmp

memory/1424-525-0x00000000008E0000-0x0000000000912000-memory.dmp

memory/1424-526-0x00000000008E0000-0x0000000000912000-memory.dmp

memory/5824-527-0x0000000001100000-0x0000000001148000-memory.dmp

memory/5684-528-0x00007FF780A00000-0x00007FF780DA5000-memory.dmp

memory/5824-530-0x0000000001100000-0x0000000001148000-memory.dmp

memory/5824-531-0x0000000001100000-0x0000000001148000-memory.dmp

memory/5824-532-0x00000000012B0000-0x00000000012B1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 47e6417a0e4dbbf1556391d97d4a831e
SHA1 4429c19be3c3fe15e51439e4b34d6ee7a23131e3
SHA256 92fb8db4ebf1bd17bd41db7dd62f19bb2e5c866c89344ad465abad4eb0fe6a4d
SHA512 a7c2bf7f17a1c2d20a3f7a61d74bea8a57e5c9dbb1ce2749587fbea9391531176b97499c6dbf1fb1a59d83ab06a93a8207a23eaa6e38d8378ad199557baaf36a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a18dd1f3b4b39efc0a9739c4dd9b5489
SHA1 38b009a8f2e1a07b0dc55a0fed8b0ab7c684aa54
SHA256 4121f74cc97a41ab233bdce91a552af0f365ca9e68e69e6a7f9367b71c7e0d13
SHA512 d08e302c01485b4ccdcdb7a296d007e0bf479c77ece597eda9fe6c9a6b008a4aa6c199ec2f76ff809d4f35a916e0f55c7fabc249fc2fec0c8394c0013ea28ab4