Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/folder/7z8jii73j03wu/Roblox was found to be: Known bad.
Malicious Activity Summary
RedLine
Lumma Stealer
RedLine payload
Reads user/profile data of web browsers
Executes dropped EXE
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-29 02:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-29 02:07
Reported
2024-02-29 02:13
Platform
win10v2004-20240226-en
Max time kernel
304s
Max time network
304s
Command Line
Signatures
Lumma Stealer
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Exploits\SoftWare.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Exploits\SoftWare(2).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Exploits\SoftWare(2).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Exploits\SoftWare(2).exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\SoftWare(2).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Exploits\SoftWare.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Exploits\SoftWare.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3624 set thread context of 5712 | N/A | C:\Users\Admin\Downloads\Exploits\SoftWare.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 5212 set thread context of 408 | N/A | C:\Users\Admin\Downloads\Exploits\SoftWare.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 3568 set thread context of 5628 | N/A | C:\Users\Admin\Downloads\Exploits\SoftWare.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Exploits\SoftWare(2).exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Exploits\SoftWare(2).exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Exploits\SoftWare(2).exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\SoftWare(2).exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/7z8jii73j03wu/Roblox
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae68d46f8,0x7ffae68d4708,0x7ffae68d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ROBLOX Cheat\" -spe -an -ai#7zMap14328:86:7zEvent539
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,16383818548627274424,17467781173802832122,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2600 /prefetch:2
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ROBLOX Cheat\" -ad -an -ai#7zMap705:86:7zEvent23649
C:\Users\Admin\Downloads\Exploits\SoftWare.exe
"C:\Users\Admin\Downloads\Exploits\SoftWare.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Downloads\Exploits\SoftWare(2).exe
"C:\Users\Admin\Downloads\Exploits\SoftWare(2).exe"
C:\Users\Admin\Downloads\Exploits\SoftWare(2).exe
"C:\Users\Admin\Downloads\Exploits\SoftWare(2).exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9aefc31ch45dah4291hb0bfhd09434066ed9
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffae68d46f8,0x7ffae68d4708,0x7ffae68d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,17685702121227393945,8996245312334071279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,17685702121227393945,8996245312334071279,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,17685702121227393945,8996245312334071279,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultdcab1a28hbe92h40f5hbe41h35be0cfeef08
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffae68d46f8,0x7ffae68d4708,0x7ffae68d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6852088231494043000,6355897313911677873,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,6852088231494043000,6355897313911677873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,6852088231494043000,6355897313911677873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\Downloads\Exploits\SoftWare(2).exe
"C:\Users\Admin\Downloads\Exploits\SoftWare(2).exe"
C:\Users\Admin\Desktop\SoftWare(2).exe
"C:\Users\Admin\Desktop\SoftWare(2).exe"
C:\Users\Admin\Downloads\Exploits\SoftWare.exe
"C:\Users\Admin\Downloads\Exploits\SoftWare.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Downloads\Exploits\SoftWare.exe
"C:\Users\Admin\Downloads\Exploits\SoftWare.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| IE | 74.125.193.105:443 | www.google.com | tcp |
| IE | 209.85.202.95:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| FR | 18.161.108.61:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.108.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| IE | 74.125.193.100:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 35.166.217.53:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | 51.97.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.217.166.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| IE | 74.125.193.95:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| IE | 209.85.203.157:443 | stats.g.doubleclick.net | tcp |
| IE | 172.253.116.94:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 95.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 157.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.116.253.172.in-addr.arpa | udp |
| IE | 209.85.203.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| IE | 74.125.193.105:443 | www.google.com | udp |
| IE | 172.253.116.94:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| IE | 74.125.193.95:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 172.64.97.6:443 | www.ezojs.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.19.214.37:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.97.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.56.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.214.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.89.181.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 172.64.192.4:443 | go.ezodn.com | tcp |
| US | 172.64.192.4:443 | go.ezodn.com | tcp |
| US | 172.64.192.4:443 | go.ezodn.com | tcp |
| IE | 209.85.202.155:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| IE | 209.85.202.155:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 3.66.239.118:443 | tlx.3lift.com | tcp |
| DE | 52.28.129.74:443 | btlr.sharethrough.com | tcp |
| DE | 52.28.129.74:443 | btlr.sharethrough.com | tcp |
| DE | 52.28.129.74:443 | btlr.sharethrough.com | tcp |
| DE | 52.28.129.74:443 | btlr.sharethrough.com | tcp |
| DE | 52.28.129.74:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.192.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.239.66.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.129.28.52.in-addr.arpa | udp |
| IE | 108.128.158.24:443 | ad.crwdcntrl.net | tcp |
| IE | 63.35.74.224:443 | ad.crwdcntrl.net | tcp |
| FR | 52.222.144.22:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 24.158.128.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.74.35.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.144.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| GB | 92.123.240.21:443 | contextual.media.net | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 21.240.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.127.47.198.in-addr.arpa | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | 615ce8ad4a36f30d56ffb8b3b0ab263b.safeframe.googlesyndication.com | udp |
| IE | 172.253.116.132:443 | 615ce8ad4a36f30d56ffb8b3b0ab263b.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| FR | 52.84.42.47:443 | cdn.prod.uidapi.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| IE | 209.85.202.132:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| DE | 141.95.98.64:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| IE | 209.85.202.132:443 | tpc.googlesyndication.com | udp |
| IE | 209.85.202.149:443 | s0.2mdn.net | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| IE | 74.125.193.105:443 | www.google.com | udp |
| IE | 209.85.202.149:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | 132.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.42.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| IE | 172.253.116.156:443 | googleads4.g.doubleclick.net | tcp |
| IE | 172.253.116.156:443 | googleads4.g.doubleclick.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| IE | 172.253.116.156:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| IE | 209.85.202.95:443 | translate-pa.googleapis.com | udp |
| IE | 74.125.193.95:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 185.235.86.56:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | download2344.mediafire.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 185.235.87.225:443 | gem.gbc.criteo.com | tcp |
| US | 199.91.155.85:443 | download2344.mediafire.com | tcp |
| US | 199.91.155.85:443 | download2344.mediafire.com | tcp |
| US | 199.91.155.85:443 | download2344.mediafire.com | tcp |
| US | 8.8.8.8:53 | 56.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.155.91.199.in-addr.arpa | udp |
| US | 104.19.214.37:80 | otnolatrnup.com | tcp |
| US | 104.19.214.37:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| FR | 52.222.144.90:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 172.67.174.4:443 | www.ovardu.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 18.195.47.29:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| IE | 209.85.202.102:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | 90.144.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.47.195.18.in-addr.arpa | udp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | 102.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.85.84.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www-static.operacdn.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | tags.creativecdn.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| GB | 88.221.134.88:443 | snap.licdn.com | tcp |
| FR | 18.161.111.18:443 | static.hotjar.com | tcp |
| FR | 18.161.111.18:443 | static.hotjar.com | tcp |
| GB | 88.221.134.88:443 | snap.licdn.com | tcp |
| GB | 89.187.167.9:443 | tags.creativecdn.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ams.creativecdn.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| NL | 185.184.8.90:443 | ams.creativecdn.com | tcp |
| FR | 216.137.52.59:443 | script.hotjar.com | tcp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| DE | 18.195.47.29:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 59.52.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.173.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | r.clarity.ms | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.174.119.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| IE | 209.85.202.154:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 154.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 118.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.195.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| NL | 45.15.156.142:33597 | tcp | |
| US | 8.8.8.8:53 | 142.156.15.45.in-addr.arpa | udp |
| NL | 45.15.156.142:33597 | tcp | |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| NL | 45.15.156.142:33597 | tcp | |
| NL | 45.15.156.142:33597 | tcp | |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | udp | |
| N/A | 96.16.110.114:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0764f5481d3c05f5d391a36463484b49 |
| SHA1 | 2c96194f04e768ac9d7134bc242808e4d8aeb149 |
| SHA256 | cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3 |
| SHA512 | a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224 |
\??\pipe\LOCAL\crashpad_2380_RIHRKYCHODEGXLES
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e494d16e4b331d7fc483b3ae3b2e0973 |
| SHA1 | d13ca61b6404902b716f7b02f0070dec7f36edbf |
| SHA256 | a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165 |
| SHA512 | 016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d73d3e0566910fe8ad0bf26e39862f84 |
| SHA1 | 9afa707fdff3a91e4fdd4661ef91234685c47668 |
| SHA256 | b9e1e5df6e4a7604af667b625602a3f2f8c6eebe008b4a48f5d2d9ee77422109 |
| SHA512 | 9296f247b672b73fca61ad46c27c1c3ee3d03f9dbb0001071d37337c0d04c30de62bcf9a45f1c3e72a9efb803c5c41dc3d4ee8422928eb89e479bd681bc5c40f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ee1babdbc3751ff1db61abef160a5574 |
| SHA1 | e9c4be116001fdcd408e38303f338112f436bd93 |
| SHA256 | 5aafbe02fd8c759c8c7310bd3346fe1a11d32c6c62ad1b0280e6cb097f900fd3 |
| SHA512 | a59bbec43a4b9ebe95399ff66632ade72c23021686fecbb4635385d3da326d4742673622a61111775ba220b18e3e1a0522a50cd53d6408dc65eccbb27fb8de19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 825e7637d570f5801bc4398e8076c7a2 |
| SHA1 | 50336314eac13c3ed64f1d0a29c72c44b339adba |
| SHA256 | 4ae25f49574884ab1eb097cc7b97387e3303e03912cc31fec92951d7d441775b |
| SHA512 | c3f5ddf0154bc88092add9f0358a51bff31235573ecfdca338a20668449ef772a14afc0dbe2eec668f5aea24ea8a8c2cbb64d694e0e43508b33d818b86cccda8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 786aac28d5c0120358007b97190cb0f2 |
| SHA1 | 459e0aae2b1321f596ac49fa51979120a8c35aef |
| SHA256 | 8170cce4c1cc4d9017f8a075af0414db3705bae7832c136df76131672393884c |
| SHA512 | 6b93ab6154c6750df8f94aee9c46e46f5c993e6608ed21f5eeb341331b474d5ab249b947e701ef236e32d1d6a7f8f9953c66fcdb14d8eaed2ca867e4f2324676 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f0057cadd8ef0d7598dd646c162801e6 |
| SHA1 | 7c46a66cc8c51da7258f171a3141f496f2ad4371 |
| SHA256 | 87e8cf3ea863eed4dc7ba1498209f123737e74a631d898ae7de0e8075ebeb3f0 |
| SHA512 | 61d36805409a67ec4dff86ce4d1a64615499e43ee4c1ee7aa1356f4c06b0cf8ee14602dfa6794aff903cd993067277fb8be1d47490687c1c393fb0d466b670b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | 35b04490d0be628d5f5ae0b757b976c7 |
| SHA1 | 747773b5b94958f79c3b1b60d9eb89ba1a7ffc7b |
| SHA256 | 32f56eedb9550407ef47bd7c756dfb204fefd18c00f52d827ffdac875d48bc1a |
| SHA512 | 2d86c83e72c95c66bfa3866c727ecd15df87c5970b9d3d19bd078f4283d48dc569f9240241acc4df124f49584857d2243e9a24d5015af533cfa33f97a9e2e6e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 802a6aa727db68e91e6ce83590a4a4c4 |
| SHA1 | 7356fd19b13bc18235313d7eced44bf43929db3c |
| SHA256 | 7441111b13064e59e61d0933a9c29314d6b58e07d53072697e87ec221ea177e4 |
| SHA512 | 24adba72ddd0664c7f51c4cebde9626f8e746d22069e7cc51723a386602a827dd2fbb238f905cd16d8b68d8148af078dba8395cf6b60de58f3d13f5026455443 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bdb2.TMP
| MD5 | 3654e245c8898d5c3ea2aaf692aa6a11 |
| SHA1 | 15934d56218bf6c3d78084cbb2cbf252f93ecc1e |
| SHA256 | 641292fda335d47cac761ca6581ec4e3f8cedb4b038b0faf00838ba4d398be8d |
| SHA512 | 01d266627722a5f607237b4db3b947b6944a5a288dbf43d45b4877b0dd837ba8bd38e1567a73fb301e4a4fa2d23f7453d1c1880b542000ebe8bcada1e71be824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cfbcc45392a06786dff7ab4612fa802a |
| SHA1 | 0b6d9e05b1f7f0954db0ba857f267cee7a48688f |
| SHA256 | 456d85d1c2db8e3cf2b2bad1c88d888e44851ffc11d7d9463fe610c1274cf203 |
| SHA512 | 60d53722b12a69779a3201a1ec45b1511c0431b4f00ef1ce62bdb8bf92e5e9075cd2a1925a9c0ab204f4212e2afd3acffd8bcb69147c913dde9dec31737e2dbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 291c5813a3bea47d8c4ab1aef1037e2e |
| SHA1 | ca30fbb46356345e5f16ebb287ad075cfc83cb71 |
| SHA256 | 79778502919a00f05744fe195a4367820771012cf4cde63d07d40b1742b8faa9 |
| SHA512 | 642c0967220694f6da97a229ce5d21410d649e5ee8720fc14794ff8b3406c1dc345833822f612f38b1cff3ee561d44e8a28596316e1e6762b668204a6fd808fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3f95fc446fa122e0584bab2a7421a39a |
| SHA1 | 5a20e6d9a2abc0e043182397d4258d740ae10c05 |
| SHA256 | e20d6a9e3291aecc3732cf112840221c67c8bb3bb8f7478f1f03aee4ef4023e0 |
| SHA512 | 156061b8a25c26303fc819d854f7d6511c254f77b2c07a1346c78311dbb8e544ebeca6f737567ea33b95a4a6828d2e2e78cff5c9b5b585c04db9d4ca690097d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a4ca047d3142c2e341bfd457c4d9ca71 |
| SHA1 | 91e872294488ca35b61f60ec0d252b431535e7d2 |
| SHA256 | 19e9f33bd6f4b897304dc6904581d69ebc6581d9b939af4ed9fa857f542723c7 |
| SHA512 | 842364d642d2284f92410988d009a98ca3eaac99b4648f328441480873e11710054f68826f875a35344349180ccc012695804bdde70eefd44fc811db53597b19 |
C:\Users\Admin\Downloads\ROBLOX Cheat.zip
| MD5 | 6606815c7a5d3a4529895658575f8df3 |
| SHA1 | 47c3ab50bdf70f4f68b3a85221eeb276a477b91e |
| SHA256 | c3164fcd0dbe1241c0a1fa0ea299c0f22debf4e98deb4fe03c8e5f2f0f2540a3 |
| SHA512 | 6a15161e4a1afcdc545182fb955844bc03163715b4d3fd8bdfd3184d7d572f02e69c1322d689d976416b0fee40dd0d4453d8598b8a02952a1a0128ab0503d41e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 589b47eefc8701e6ef77b11eaae1276f |
| SHA1 | aa6f4b5aa5832ad58468735dabbb6fa48e510db4 |
| SHA256 | ed76fa402595f297bb4eedcd26acdc686c80a81e0ea1bb67f16079ff66a462cb |
| SHA512 | 0a793ccf453debde614b61b76d0c65b2be68e5ec5dbff5ea8410420d808dc10ac08f12a62ff6bf72f83e9cf73e29b497ac26f9acccfb2c786dca7b244094d7c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a58da2cdfd7de089fbaebe18b8ac2a22 |
| SHA1 | 71fa0c882419b9a3df32236e14faf0ba82ac94f0 |
| SHA256 | 86266384991482e5ab495e0dda518c013344adee5bd4dfb2096a7f3954f9fd3a |
| SHA512 | b609f063e6ab48e53fa1ecb5181b1b7f95c1ec337f8ea58077cd20506cdc27fffd50b87fafdab480c6a2f573d00c2802bdbda336eb4afccc288e882fd0e120a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f8177faee10c9f204e6b362bda8a2b4a |
| SHA1 | c8e5a45b3757de75e78a923a51dd55689770254d |
| SHA256 | cda47de31ccc8b2a714d8cbccee1bdad3ac48cad3b23d022b1861a56d9c3fafa |
| SHA512 | c4a64c77ea48959410b46890546353f55f020514e027a6e72492cf350ea26e9b9fa506b632905effe15a89be8c42c2e2ef3410e623bc5958c4327cf3b134a2a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 088b40f626d8dccc7a7b097e6d7e047c |
| SHA1 | 16930625b10b37473351a3ab1bec3a553435c32d |
| SHA256 | 187664e1ae48eee7377f5a6e9bdd9a86410574144a41e18307f9b107f79e9b72 |
| SHA512 | c895c07575872f57fbe76d4fef56d3b43aef8c1199199193e4f44005f5c5d5227d075fa7fea77c92816fab24ecfca76697fba52cb1252274feb8bba304707088 |
C:\Users\Admin\Downloads\ROBLOX Cheat.zip
| MD5 | 27ced9976a7852e308951577a974f8f9 |
| SHA1 | 47aab63a1f980e929d9b0060d22fce3c95b81e7e |
| SHA256 | acde91e2cead3071050d4e5b482563bdaddb404196815d7179e18dc7056d6c58 |
| SHA512 | 2989970256e38ed6f96825542e7fffc142c4589965f0f4e5fe31eacf115c162a8a4525375b2087e0fedc47708fc6469ae474eacb194097e740f6f4eb9e96b2d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 444bb03dfaaf2138734dcfb1f3f6af40 |
| SHA1 | 4f25ea6396dbb141d8447de3158b932b2a0b07a2 |
| SHA256 | 8e9908d5a2810cfec9378018c5326be18321d902bbb81b9fc2d492ff18ac03b1 |
| SHA512 | b49473d0d9ba1ad5ef778baf21b0ab7f5d9851691aaba428054b100d6d38e9094a1ee8ef17682468f7cfad532ec6e6cd114f69dee8964121954d010b6173cf34 |
C:\Users\Admin\Downloads\Exploits\SoftWare.exe
| MD5 | 6f2c4c928bb515d6bcd936c6458e67d7 |
| SHA1 | 41bea8749e547d7e577f2b3fc680c256a2983d33 |
| SHA256 | c6ef15e55aef8d916f53432b2a70d5b9187ec23d7df6a5670e7c608d2124c993 |
| SHA512 | 15599fd393b26e7ecf58327830906d0cce9ea848b9c55fb732ca50f424532546e99b82bcafc0f69923d17011845274f3b93dff979bf01773697f1789f7a05654 |
memory/3624-724-0x0000000074EA0000-0x0000000075650000-memory.dmp
memory/3624-723-0x0000000000200000-0x0000000000254000-memory.dmp
memory/5712-727-0x0000000000400000-0x0000000000448000-memory.dmp
memory/3624-731-0x0000000074EA0000-0x0000000075650000-memory.dmp
memory/5712-732-0x0000000000400000-0x0000000000448000-memory.dmp
memory/3624-733-0x0000000002910000-0x0000000004910000-memory.dmp
memory/5712-734-0x0000000001240000-0x0000000001241000-memory.dmp
memory/5712-735-0x0000000000400000-0x0000000000448000-memory.dmp
C:\Users\Admin\Downloads\Exploits\SoftWare(2).exe
| MD5 | 842f7c7750ff34981ecbe18f388512f5 |
| SHA1 | a56dfb377c77dac1f123fb794491b072d432d88c |
| SHA256 | cda3a89966be8aab97969312ff57b32d3f1b78d092c2961ba93be29a31cdd8d9 |
| SHA512 | 4ab6ae15cb5efbaf6f8b63b6f8ae3dc66d7d97e1b13ce1c74251b44e1c56d7115184158c8c31050c4e99ae821141b22b9b63f844cd9cc060a6ffffbf66f8c1c4 |
memory/5900-738-0x00000000005A0000-0x00000000005F0000-memory.dmp
memory/5900-742-0x0000000074EA0000-0x0000000075650000-memory.dmp
memory/5900-743-0x00000000056B0000-0x0000000005C54000-memory.dmp
memory/5900-744-0x0000000004FA0000-0x0000000005032000-memory.dmp
memory/5900-745-0x00000000052A0000-0x00000000052B0000-memory.dmp
memory/5900-746-0x0000000005050000-0x000000000505A000-memory.dmp
memory/5900-747-0x0000000006280000-0x0000000006898000-memory.dmp
memory/5900-748-0x00000000054C0000-0x00000000055CA000-memory.dmp
memory/5900-749-0x0000000005270000-0x0000000005282000-memory.dmp
memory/5900-750-0x00000000053F0000-0x000000000542C000-memory.dmp
C:\Users\Admin\Downloads\Exploits\SoftWare(2).exe
| MD5 | 13f0fd496d19e4cb01debf27689160c0 |
| SHA1 | 17ca9ef82cf85434fbcb694eb8a01222265e8333 |
| SHA256 | 47312fccd717d317a621e8ff2cff017257c1d83f9f1c327d0ebd708a0a14fa91 |
| SHA512 | 29461ee4a147aa9993ea3f39804e45a5c3ffb1fd9c55e1b6ba79c6d47e92dc16f43fdca6f6d144ff345d939b1d2538381bf2d452f7ed0a1ca3b46ed842a925a4 |
memory/5900-752-0x0000000005430000-0x000000000547C000-memory.dmp
memory/4452-753-0x00000000007B0000-0x0000000000800000-memory.dmp
memory/4452-757-0x0000000074EA0000-0x0000000075650000-memory.dmp
memory/4452-758-0x0000000005120000-0x0000000005130000-memory.dmp
memory/5900-759-0x0000000005DD0000-0x0000000005E36000-memory.dmp
memory/4452-760-0x0000000006B00000-0x0000000006B50000-memory.dmp
memory/4452-761-0x0000000007020000-0x00000000071E2000-memory.dmp
memory/4452-762-0x0000000007720000-0x0000000007C4C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 448a69c7609ad3a4e48bbbbd4dd0e1ca |
| SHA1 | ba5cf456c51d93ab533dde1fe488e395fd6c92f9 |
| SHA256 | a0b4e37bce7a22b5c7c214a1f9abc78a6106aae042f9d2600e55989af4778f90 |
| SHA512 | d25c2eaa3c5e7656056e38ca1a15801460aa9e97bcd66135c6db8b8b6b9e664dc8dbf300818d584928ca1a069f21c98d23762993729671c4c6eaecb486854b5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | e5ef362dbcf019d1e82be9b7d1bcdd6a |
| SHA1 | 3ae959a88b494d09767348b9e9eb97704d7a8b40 |
| SHA256 | 444cb14b18f6489295eb1a5ab2bd0a7f79b81cf152dfc8872044b344378e7bee |
| SHA512 | b65fc4c6d39ee0df3f23b9f6f6830324f7daa18cc304c694c79899040e7d748a43e2b411ca13206fed4fa0a99fa31ff8e9fd1471523f8136b86b378f294fa98c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aa0ad16f3562b9b898f2527c98ce182e |
| SHA1 | 813683109cde64ba42354323ea4f17c03e024ac0 |
| SHA256 | 7bf4e8a0937308eeb99301940dc18324f7d1b7366c4f28fd60379876e9b99589 |
| SHA512 | 202884bc1e159a19c8fe1c2b4b98d8865cf3b0f42fe9b41fa7bd3e76324eb9a91ab6a8f8c79a7712eb3741e36f7731b6e71ddc70f21b416a4abb3f291fe84147 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | caaa2f16047aa3396a8f7516e6fc54e5 |
| SHA1 | c07695624848e659d97a8e3782f90628bd68e466 |
| SHA256 | f4fc4f9753b0cd830abbf8438c98b0749daf39748468770ba030f6e736a28ab5 |
| SHA512 | 07ac0de27e24071ca9f0f8d761e6b12fe1f325f9271111865616ea1a959f7f00d735b2de9d9aa0de338a0d936940fd16d4f3d08eb8451d90c92c13c92fffb816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | d14f56a65cfba58de2a110f49c695142 |
| SHA1 | 8a72e88b26d284d346ecc6abb714d14eff245e24 |
| SHA256 | 0804db8aeb6fc6e32a073a047c65b430850101c6fc31e7b42c7f96ec62a1df50 |
| SHA512 | c5c98a3d58da869730cb233fdbaab29e5196df974e477429ce34503a0981ea65079bb9cb0c6fa2381c7e6e18c33107c94feb24fed87b1516c2be460c647695b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | a1347ebb40e3e9109f17dc19b304dfc9 |
| SHA1 | c23698f6da6c9d997fca4511e0a53798eea5d9c9 |
| SHA256 | 66f7afa02c58bfc17df0997dc78976b6730f782e8e8c813fc9f96b665410984f |
| SHA512 | d09b7dcfb4cb14f2e3f1775125d1de961932ef1313248c8a5b4a7ebc15bbc1ea2a88cb6031affac45c9fe2ca4c6c3838352e6d6be91333b95602fa52e93db06e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 10c7d0189b0559cf0668bcbd1b560e93 |
| SHA1 | a3fb0c790310a4900f4de525a8d5ff930d92948c |
| SHA256 | 0b413086e1c2f4de1038eccbc16f1d6ca19e4eb2f84947c0515308737704777f |
| SHA512 | 0541dfbf8b2a107f736e429d55d8c5be389e8ed439ebbb6a891f0e5036994cd4a128520aff34309507d84c8edfd907004753e03c7770fd786fd4a322433c3288 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 83ff0d02248f7ae59390d291d6824079 |
| SHA1 | c16901059d89da6765ccd3a5822b780fa46b59c4 |
| SHA256 | c626491054c5606e170a3d6222a0d76a8794f5d086bb7b16da84b3b462c52729 |
| SHA512 | 62a5176851caa47f21a554e66061e0264a789f44fc23c28a4e73ff5ab0a5fd954fe28b49f53a6b3cdcfd611a5c0ccb064116b788311a6fbdd4bdb6a86460b4f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | daa5a2b5f68f42fe0572a64f06a61dbd |
| SHA1 | 26665cd872bdba769299d25b9c1e93198d2a8386 |
| SHA256 | a39dd56554993ace99b2ff2d590fd35047f1ac3b31b12138d3a4077afb12f683 |
| SHA512 | 72aa17bee1ca9bcfb611559d07cc7546a444a26c3eb61cd4f099fba6acf1bc2807b4e024914aded3b7fe062df108559a1a81b438c2c4dd7c23050103a12e703e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | f596eaba9c44f657d6da6ff3ad8a6b23 |
| SHA1 | 2f0da64c6645d5d4e6a9c66f69f16837aa84e6ec |
| SHA256 | b009912794d13cdc3f23d01c150774cf344e5c81c0ed56a01dbd38355ad87f43 |
| SHA512 | e54f772e51b9c7718a5102c30cbc91203947b1811eb0ecd355c5ad28bf8d52de966479c6cb81c775f6ee7499cc9f7b5a12aaa355adb0c37dbcbfd716a4646a9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b273df5def1f6826d13111647d679a17 |
| SHA1 | 19fb8c202bade63bb39e85ee65b4967a48429cbd |
| SHA256 | 8a51b944cae443d26609bc538ac9d51cf40498f83d87ffccae4b28b213fe86a5 |
| SHA512 | 5ddcb58b6560e29b28e9dd17a0d21d0e0feecd6b514f81b53254cc3af8d182c592122d66f869b7154e96de4cac05153407a0401e7d337b2634cad5ae4b6327aa |
memory/3624-834-0x0000000002910000-0x0000000004910000-memory.dmp
memory/4452-837-0x0000000074EA0000-0x0000000075650000-memory.dmp
memory/5900-838-0x0000000074EA0000-0x0000000075650000-memory.dmp
memory/5900-841-0x0000000074EA0000-0x0000000075650000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e79f3de42e348a44ade1535a3d9cfe6a |
| SHA1 | 6296b5d1a50ba63064bab0c0646d540a103f3fcd |
| SHA256 | 4a762a3b6bde7a865b66283ee03cbdd5b3b07c58e7b96e9ce01e0fca8fe215af |
| SHA512 | 54823bd8cf638a912d9723178a130529d34908a68e0f86bc82ab02ac68a710a4abdd7fdeda5ef3574baa83b86a4a1355620ddd750026eb0d248dd1d91c649677 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d0a022f9810d6748e863a78e10328ce3 |
| SHA1 | 52cb941003894e3abcd9e35ebc0abdca3bae6a48 |
| SHA256 | 16640cccaa2560055d552d97ed87a51d0f0936b7c06a114353ec94ea991746ad |
| SHA512 | 3af6ceb8cd67f7249402865f793b463a35516b688b0e1d5f0cb023df1897b51a95e0d7e1097d1a7732f0b9ab7b6c3db790347ba856db18a5a416f50e129cc162 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e3ecc15cc5ca7a297db9b0e06612aa27 |
| SHA1 | cab0172effac3a31724b0deb6d67aa76336f4a9b |
| SHA256 | 8913be8fa4ded1b150b116db601cd13f54ffca4dbb70528ff1b68e53c8be6b4c |
| SHA512 | 1059ea52fb1e06bdf64645b99b1dcbabea47f9c434f2fec9565b7df77629a3e872cde28e895bc895259baff11a2db4b4cb763ce988e6c9ec2874970bfe7dd983 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6f452ad5-479f-4b2f-8a90-9c34c9fe93fe.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 805dbd7f0561db2a4e375c57787b5756 |
| SHA1 | 9ec2ec74e52fae74f21455f1890c6cb73d9737d0 |
| SHA256 | e5a673168af6b31b77b3aeb0f708e3161889bf6e5341841e4083140b7fb0b183 |
| SHA512 | d2e7866e890b040ac4d6a2175e912f5aa1da146c9b3f2d047f8705fdcf7997c9bae96a768a29cdecef3731d5e374b0484dbf7611f345e9ba94fe4f221cd01cc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 1ddd500a902535b36637c2761673d286 |
| SHA1 | 8543da2b8eec55fccff72a2b7128eb4294304cda |
| SHA256 | 363d8dc38b4643b42d84fbebb3f9584351a305cfed66d2d877bdaacd64d1e158 |
| SHA512 | a5676938e21f5aa254472947c821f8a34beaf9988dac9abb2338df89104fde997c80237bf6d06ef213219849452fe2e342279a6fd017b66c4a0f834caa46900e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\index
| MD5 | 7cb6c303c483676001c7cd793e4f92a4 |
| SHA1 | 343d1b2ea05d03d0a6de3dd16c706e00c4f0ba98 |
| SHA256 | 9bd60fc958c51469141ba43e67f912b2289bcc3274c6cbb8a8d1bf761951e2d7 |
| SHA512 | b31aa1810aeeb6129f94aa54358a684d900c19a3b21c9ef037e0c3df17b4ae0ef4ff0925057d902391bae3ab689c591ce6295508d8a70702b01bdead5af7a5c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | bb37d8e7295b6aa89a9a31b9a242051b |
| SHA1 | 6fd74c3ac17db0553adde9d2920ada21b13d16d5 |
| SHA256 | 1e17480b5c68f640354a0524e623619d9ba042346c35c169ebe96e14538bcff0 |
| SHA512 | e54eba8c41fc581d81ebe1e40473896e86c000181c826a7484acbb7ae604decffc36ac558e71ed30c087a79726df8236f951d45affa50eae5677199dd54b2ef3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | c50303a1991af707812eeb6dd86fcf09 |
| SHA1 | f7fa8fbf750624de26bb1d3f1f73b8f8f93a2a56 |
| SHA256 | d60600c9b44b65bd4db44faafe450c1d3b600c83d490cc536bc6cb323be009be |
| SHA512 | a23da68f3fd95794ae693fc90813e46eb0117ff41512d76714f82313c0e7df39149514e4200c966cffc822043ca5aa24b26f4f5cc802db226ca8929490b70167 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9f85c169809a75d9d80e7c784d550cf2 |
| SHA1 | 1c78960a198ee97e199ec8c16ef2ad2abadd7d64 |
| SHA256 | b6629581b75c6b7c6b9c5858ec6b45518e153ff306e4c23587cc70d2678a6c50 |
| SHA512 | 7215b898c6c3866f0c280d7c54a5b5fd54f22cbd1fc80d3c95901701342cffba28d7e06b71d25bef27c2b76cdb0b0f6228b2ef2e351dd2763153dd8fa181470c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4df4574bfbb7e0b0bc56c2c9b12b6c47 |
| SHA1 | 81efcbd3e3da8221444a21f45305af6fa4b71907 |
| SHA256 | e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377 |
| SHA512 | 78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a |
memory/4888-907-0x0000000000B90000-0x0000000000BE0000-memory.dmp
memory/4888-911-0x0000000074F40000-0x00000000756F0000-memory.dmp
memory/4888-912-0x0000000005760000-0x0000000005770000-memory.dmp
memory/4888-913-0x00000000058E0000-0x000000000592C000-memory.dmp
memory/5180-914-0x0000000000AF0000-0x0000000000B40000-memory.dmp
memory/5180-918-0x0000000074F40000-0x00000000756F0000-memory.dmp
memory/5180-919-0x0000000005260000-0x0000000005270000-memory.dmp
memory/4888-921-0x0000000074F40000-0x00000000756F0000-memory.dmp
memory/5212-923-0x0000000074F40000-0x00000000756F0000-memory.dmp
memory/5212-930-0x0000000003000000-0x0000000005000000-memory.dmp
memory/5212-929-0x0000000074F40000-0x00000000756F0000-memory.dmp
memory/408-932-0x0000000000ED0000-0x0000000000F02000-memory.dmp
memory/408-931-0x0000000000ED0000-0x0000000000F02000-memory.dmp
memory/408-933-0x0000000000ED0000-0x0000000000F02000-memory.dmp
memory/408-934-0x0000000000ED0000-0x0000000000F02000-memory.dmp
memory/408-935-0x0000000000400000-0x0000000000448000-memory.dmp
memory/5180-937-0x0000000074F40000-0x00000000756F0000-memory.dmp
memory/3568-940-0x0000000074F40000-0x00000000756F0000-memory.dmp
memory/3568-945-0x0000000074F40000-0x00000000756F0000-memory.dmp
memory/3568-946-0x00000000032C0000-0x00000000052C0000-memory.dmp
memory/5628-947-0x0000000000400000-0x0000000000448000-memory.dmp
memory/5212-948-0x0000000003000000-0x0000000005000000-memory.dmp