Analysis Overview
Threat Level: Known bad
The file https://github.com/h2w3stcoa/EulenFiveM was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Legitimate hosting services abused for malware hosting/C2
Program crash
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Checks processor information in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-25 11:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-25 11:57
Reported
2024-02-25 12:00
Platform
win10v2004-20240221-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Lumma Stealer
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1790404759-2178872477-2616469472-1000\{6C816575-3B86-4BCB-931E-F6AF42CC44C2} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/h2w3stcoa/EulenFiveM
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86f1146f8,0x7ff86f114708,0x7ff86f114718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\EulenFiveM-main\EulenFiveM-main\Loader.exe
"C:\Users\Admin\Downloads\EulenFiveM-main\EulenFiveM-main\Loader.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5220 -ip 5220
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 1092
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Downloads\EulenFiveM-main\EulenFiveM-main\Loader.exe
"C:\Users\Admin\Downloads\EulenFiveM-main\EulenFiveM-main\Loader.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 6048 -ip 6048
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 6048 -ip 6048
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 1092
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 1080
C:\Users\Admin\Downloads\EulenFiveM-main\EulenFiveM-main\Loader.exe
"C:\Users\Admin\Downloads\EulenFiveM-main\EulenFiveM-main\Loader.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5556 -ip 5556
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 1148
C:\Users\Admin\Downloads\EulenFiveM-main\EulenFiveM-main\Loader.exe
"C:\Users\Admin\Downloads\EulenFiveM-main\EulenFiveM-main\Loader.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2620 -ip 2620
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2620 -ip 2620
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 1052
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 1092
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6760 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| DE | 140.82.121.10:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.121.82.140.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | gemcreedarticulateod.shop | udp |
| US | 104.21.80.171:443 | gemcreedarticulateod.shop | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secretionsuitcasenioise.shop | udp |
| US | 104.21.16.152:443 | secretionsuitcasenioise.shop | tcp |
| US | 8.8.8.8:53 | claimconcessionrebe.shop | udp |
| US | 172.67.199.120:443 | claimconcessionrebe.shop | tcp |
| US | 8.8.8.8:53 | liabilityarrangemenyit.shop | udp |
| US | 104.21.83.220:443 | liabilityarrangemenyit.shop | tcp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.16.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 104.21.80.171:443 | gemcreedarticulateod.shop | tcp |
| US | 104.21.16.152:443 | secretionsuitcasenioise.shop | tcp |
| US | 172.67.199.120:443 | claimconcessionrebe.shop | tcp |
| US | 104.21.83.220:443 | liabilityarrangemenyit.shop | tcp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 104.21.80.171:443 | gemcreedarticulateod.shop | tcp |
| US | 104.21.16.152:443 | secretionsuitcasenioise.shop | tcp |
| US | 172.67.199.120:443 | claimconcessionrebe.shop | tcp |
| US | 104.21.83.220:443 | liabilityarrangemenyit.shop | tcp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 104.21.80.171:443 | gemcreedarticulateod.shop | tcp |
| US | 104.21.16.152:443 | secretionsuitcasenioise.shop | tcp |
| US | 172.67.199.120:443 | claimconcessionrebe.shop | tcp |
| US | 104.21.83.220:443 | liabilityarrangemenyit.shop | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| GB | 92.123.128.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 171.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.147:443 | r.bing.com | tcp |
| GB | 92.123.128.147:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 133.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.75:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | downloadmoreram.com | udp |
| US | 104.21.73.238:443 | downloadmoreram.com | tcp |
| US | 104.21.73.238:443 | downloadmoreram.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | rlv.zcache.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 151.101.0.241:443 | rlv.zcache.com | tcp |
| US | 151.101.0.241:443 | rlv.zcache.com | tcp |
| US | 8.8.8.8:53 | 238.73.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | asset.zcache.com | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.8:443 | syndication.twitter.com | tcp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | 8.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr2---sn-1gi7znek.googlevideo.com | udp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| CH | 74.125.108.199:443 | rr2---sn-1gi7znek.googlevideo.com | tcp |
| CH | 74.125.108.199:443 | rr2---sn-1gi7znek.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 22.169.217.172.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9cafa4c8eee7ab605ab279aafd19cc14 |
| SHA1 | e362e5d37d1a79e7b4a8642b068934e4571a55f1 |
| SHA256 | d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166 |
| SHA512 | eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6 |
\??\pipe\LOCAL\crashpad_2968_GLERLXHLDPFFEBWQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3bde7b7b0c0c9c66bdd8e3f712bd71eb |
| SHA1 | 266bd462e249f029df05311255a15c8f42719acc |
| SHA256 | 2ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a |
| SHA512 | 5fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8f2dfa339291d328eaa73ef14d567942 |
| SHA1 | 1ec2b7b32226d3ae01a5533a6bd52752fff605b2 |
| SHA256 | 17df6d2f8227a568a0bec23fd205abc85b81a0b2043c3b5d18bfe0eaf7afd465 |
| SHA512 | 2ff5a8b8f8280c0875401f0f002fdc85e127670851b984d349f9c5ff2bb1947ba589ca28d6a65527658c5c4da2bd447f7ca223d721aa52821040a0a8819ebab8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\EulenFiveM-main.zip
| MD5 | 9c3d1987f15cd1e39dd4029e0a3635fb |
| SHA1 | 66c169a9ee2eddd3b8d4929dca4dc768f3d34273 |
| SHA256 | 3f1b2a109a62411239af74481963d5b93d9b53cd4ffeeabb36015156f129e609 |
| SHA512 | abf9f345e2f132728dfd50ffe7ca81be67c0e41513878f8dff13fae6ec51205764877f39b1db439cdaff96b14708446daf0b539457d0e53dadf7bb9a7a134108 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1b79a275fb0038937ac735550a7ed74c |
| SHA1 | eb8599dfdba82eac0842fd2f0f849a1783aa3457 |
| SHA256 | 8231d4779d19bfec3ebb539d471af2da41cb71cd87c5a862aeb10fb30b88887e |
| SHA512 | 58ef331971562c81eafc9fcca315a58ddbe98fbe2b674647cadcffe2a34eb88930d91b2d784481f95838e54b7f41183cc6008a04778b5c6845cf59b61ea0064d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 00616ccecbfe535ee4de3037534671aa |
| SHA1 | 68eb4df877a9d281f94f1b6d5cd52688eba6894b |
| SHA256 | 01e328b4442693424503b38004ffee48abca7f0d74963518176f18e485c01d01 |
| SHA512 | 14c331028ac65399b257438a44dbfd2209930fc294d4683a69764c5ceb4c7cef48a0a2ac4b85df5fcabe693a331333986a115a6af719a78624eca50388797aed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 06adcb314ec57536ccd34941a0713366 |
| SHA1 | 515ebca3ba0003bb018bc1b65c6643874e79f927 |
| SHA256 | 0164dc975be7cc850da145c080f911fff3288c277fc843ef9b40bb168636a9ab |
| SHA512 | c5c5054d6bf6cc600be7b2cedacd100558123d744df40dda60ddd4df4690c79754ece20cc22e18d19c0700b540d6f10f36d10280f9f7fb7fc07895dd8fed859e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7372c0a0327fe75206a94e3284c170dd |
| SHA1 | a58211a3dad64ac822c1aef1f97d305c1a02d0eb |
| SHA256 | ce8c4eaff8b943105a30c6dcb8bebef5d10854ee7400ba5c5065fbf47a9f7340 |
| SHA512 | 2a78fc60045968d39e97fd2e3b277cfaf2eb4045dca22a3d2defb91483bf34a1304374dd75b163b767b5b18d289aae4dd45532081d562277e3398225fa1c5c40 |
memory/5220-193-0x0000000000FF0000-0x0000000001087000-memory.dmp
memory/5220-200-0x0000000002CC0000-0x0000000002CC1000-memory.dmp
memory/5220-199-0x0000000002CC0000-0x0000000002CC1000-memory.dmp
memory/5220-198-0x0000000002E70000-0x0000000002E71000-memory.dmp
memory/5220-201-0x0000000002CC0000-0x0000000002CC1000-memory.dmp
memory/5220-202-0x0000000000FF0000-0x0000000001087000-memory.dmp
memory/5624-206-0x000002A363250000-0x000002A363251000-memory.dmp
memory/5624-207-0x000002A363250000-0x000002A363251000-memory.dmp
memory/5624-205-0x000002A363250000-0x000002A363251000-memory.dmp
memory/5624-211-0x000002A363250000-0x000002A363251000-memory.dmp
memory/5624-213-0x000002A363250000-0x000002A363251000-memory.dmp
memory/5624-212-0x000002A363250000-0x000002A363251000-memory.dmp
memory/5624-214-0x000002A363250000-0x000002A363251000-memory.dmp
memory/5624-215-0x000002A363250000-0x000002A363251000-memory.dmp
memory/5624-216-0x000002A363250000-0x000002A363251000-memory.dmp
memory/5624-217-0x000002A363250000-0x000002A363251000-memory.dmp
memory/6048-231-0x0000000000900000-0x0000000000997000-memory.dmp
memory/6048-236-0x0000000000A30000-0x0000000000A31000-memory.dmp
memory/6048-237-0x0000000000A30000-0x0000000000A31000-memory.dmp
memory/6048-239-0x0000000000A30000-0x0000000000A31000-memory.dmp
memory/6048-238-0x0000000000A30000-0x0000000000A31000-memory.dmp
memory/6048-240-0x0000000000900000-0x0000000000997000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c2ef7501908bd85085bc5510e696d779 |
| SHA1 | d27275e2f26d3b15d0e6f50188eafebe9811ad79 |
| SHA256 | afb5299c3b69d23b4ba8862855271759022be4d6d638157b9e47ee1498f8bd9b |
| SHA512 | 57981b923c81b624bd4e6121fde52b499cc4978beb68f4575589166d8fee1cf7fac4c3eb26ad93ae258fbc0fba34da92ddaf4eb3f356262421b515c53c768bb1 |
memory/5556-264-0x0000000000E80000-0x0000000000F17000-memory.dmp
memory/5556-269-0x0000000000FF0000-0x0000000000FF1000-memory.dmp
memory/5556-270-0x0000000000FF0000-0x0000000000FF1000-memory.dmp
memory/5556-271-0x0000000000FF0000-0x0000000000FF1000-memory.dmp
memory/5556-272-0x0000000000E80000-0x0000000000F17000-memory.dmp
memory/2620-273-0x0000000000B10000-0x0000000000BA7000-memory.dmp
memory/2620-278-0x0000000000930000-0x0000000000931000-memory.dmp
memory/2620-279-0x0000000000930000-0x0000000000931000-memory.dmp
memory/2620-280-0x0000000000930000-0x0000000000931000-memory.dmp
memory/2620-281-0x0000000000B10000-0x0000000000BA7000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590a76.TMP
| MD5 | 6e71e7038af87a68ddb1d5b12b74d1ea |
| SHA1 | 47cd08b341963bcd13c77a5e04a98043f45ea7a0 |
| SHA256 | d32b2f2489c6c6b0509adc2886013a2633d3d861ff2fa2c7279670406d2b837b |
| SHA512 | 672e41e3b82b9059ae0a98bc334e134b9f7b4bb533e80ea9dafc4dc3f915261757fba9f44d35620948e0034082cff39cd2d55652015746fb51dc2ff13d4be657 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dea1d352724a30dd4a70d54d47602203 |
| SHA1 | c34fc893b418846f51e691beaa8db7de85ea71b2 |
| SHA256 | e50d4b877fa107a0b71c3c8633aab10caa966a27966744120ec9af95646cf688 |
| SHA512 | 554a740213a6ef6b57797780170619ab640e509dda9c028c895ab5c1429e3cbb2efc607a9fc05a95d6900d27b3151818a60488cd729be45637cface41e7b9362 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 1db559d5a90934ca4269e4a6dcf5e60f |
| SHA1 | fdd6707c372b71e2d75a928d824ec2ed5794faad |
| SHA256 | 3106f79cb71ac20b0fe040ff0f0a5b9fff409fa283e85fbf35c6c98ee77d721d |
| SHA512 | 8a9f4135d271569dac43930523bee499050a22bc65dd3dcd0a79f72a667b9c6bf07cb987210bcbbe3525473f94c0efd95bbc2d20ac6e0b34488370bd8d87d751 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | a127a49f49671771565e01d883a5e4fa |
| SHA1 | 09ec098e238b34c09406628c6bee1b81472fc003 |
| SHA256 | 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6 |
| SHA512 | 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 452cee87a193d291cf0394c0a8f961c9 |
| SHA1 | 5ed43fad7737f776e85433d7fe7aa70d37eb4606 |
| SHA256 | 6c31786e9b268be9d7e56b3e519845551550a8b0df4d3f55fbaf947378446c61 |
| SHA512 | 355afabaa3be9194b4d47800be51e0ccecd9a857364fa57063b0866ee7595d33def0aed28eff297e582d16978e1ffb61921f3ee723e7c5e940dd48197b472500 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | eeb2da3dfe4dbfa17c25b4eb9319f982 |
| SHA1 | 30a738a3f477b3655645873a98838424fabc8e21 |
| SHA256 | fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3 |
| SHA512 | d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2bb93cbd2455961403987a7ed733c5ac |
| SHA1 | e590b80a1143f1bef58a516adc924c7b1988b32c |
| SHA256 | cb4e0be6116870e38fa83ef56500158249af1ec9491c73994011aaafe8a52bce |
| SHA512 | c3dc8132c3fb512af274748293199e8f9dcf9b9b9d751eabec13da05ed506cfc6526b0defdd154faff349761d672dfc4f5ec772fb9e606198bcce6c7d39e62f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 27b364020c0bc649bb8ff54d253185c3 |
| SHA1 | edb7cee9671fadc40e6b305cd35039a1d2182599 |
| SHA256 | f550e3a5db642febeea1e0a028cf5347cc3e726fccff28587ab0aa70154521ff |
| SHA512 | 2ce7bbfdcb5a11ff8502a1d7a9f88d27bfb5d7d10510bb8f628c42ea14067f83965e42fb64e7739529ef1f8ffe28c203d5a7884bb07558577d0b7fd03a74351b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 966eee6de0db214290eef1b4a44a9471 |
| SHA1 | 3cbb44940380cbb6f65410922679c3a8f7944aa2 |
| SHA256 | 25e7f17f567d79442b3c7e937dc0e27ac190cdaa90c1ff30c30af08fc239774c |
| SHA512 | 8c81861f1aa566a5b1de02a7061abc5b286bb4ca2748baf8bc1b632abbf9d14a97076447f6550d7ec085072f691d49bd0dfc71be798bde2bbdd3361057ccb8a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6445ef8f2a24dd5a8874b7013d593998 |
| SHA1 | acb067c670e3edff7dd877145f7385c331c1a483 |
| SHA256 | 62f6354b15a2f8d08abe04fb51ee38a5dc7a8e1de12aa3140fb986bfaaff4cc6 |
| SHA512 | 679c0c4489dec99d23f6330c63d14dada25a9b5bd6caa96dce74238241dbecd6f9296305139b021d799688114098e3fc953727b48abd493342180da439dd4b74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 442ab769f7fda0231bed67da7bf15ac4 |
| SHA1 | 9a7ef6eb9d85ff9541811eff54568bef64cb57c0 |
| SHA256 | ea4984a29ec4343fa885cc14406a8690347861146d6f6941ee48dabf240fa557 |
| SHA512 | 102ca1cba4c216945e8cd0bf9b9550792144361fc1f8578af40f09168caac870ed6c7ab1e4edeae2946190be8420643e2a30a6ef5d6ba36b15f42969a8c9d1bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f5867b4ca33ca8c60ed1710c21288f5e |
| SHA1 | 1c618cb643a85c269a30ff884fab330609afcda1 |
| SHA256 | 9d77b03692ea3e5917afc1092c694bef00cc51bfd9d1666d5ff22a81661e9110 |
| SHA512 | d62620cbdc149eba756f9ba62d631283fbec469d65c30cfd6d73c272416747e4ce5be267dc53820bbd427806df83bafe48c0a6021aa4366969616910111fd690 |