Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/file/y0gyidy1hc9zkov/Password_-_rusthack7615.rar/file was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Detect Lumma Stealer payload V4
Executes dropped EXE
Detected potential entity reuse from brand slack.
Modifies registry class
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-02 04:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-02 04:10
Reported
2024-04-02 04:13
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Detect Lumma Stealer payload V4
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO0C89A549\Cheat.exe | N/A |
Detected potential entity reuse from brand slack.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/y0gyidy1hc9zkov/Password_-_rusthack7615.rar/file
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa09f346f8,0x7ffa09f34708,0x7ffa09f34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Password - rusthack7615.rar"
C:\Users\Admin\AppData\Local\Temp\7zO0C89A549\Cheat.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0C89A549\Cheat.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| GB | 142.250.187.206:443 | translate.google.com | tcp |
| US | 172.64.128.8:443 | www.ezojs.com | tcp |
| US | 18.239.190.222:443 | cdn.amplitude.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | 72.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.128.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.190.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.89.181.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 172.64.192.4:443 | go.ezodn.com | tcp |
| US | 172.64.192.4:443 | go.ezodn.com | tcp |
| US | 172.64.192.4:443 | go.ezodn.com | tcp |
| GB | 142.250.180.10:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 35.165.65.105:443 | api.amplitude.com | tcp |
| US | 172.64.192.4:443 | go.ezodn.com | tcp |
| US | 172.64.192.4:443 | go.ezodn.com | tcp |
| US | 172.64.192.4:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 95.101.143.19:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.184.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| GB | 104.115.32.236:443 | ads.pubmatic.com | tcp |
| US | 35.165.65.105:443 | api.amplitude.com | tcp |
| GB | 142.250.187.226:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 172.64.193.4:443 | bshr.ezodn.com | tcp |
| GB | 142.250.187.226:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 4.192.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.32.115.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.65.165.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.193.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | ut.pubmatic.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 185.64.190.82:443 | ut.pubmatic.com | tcp |
| GB | 142.250.187.206:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.10:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | rt.marphezis.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| NL | 185.89.210.180:443 | ib.adnxs.com | tcp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 18.239.209.27:443 | cdn.prod.uidapi.com | tcp |
| US | 18.239.208.47:443 | tags.crwdcntrl.net | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 18.239.208.19:443 | hb.yellowblue.io | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| IE | 54.155.211.205:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 5577f62f1ab8fc05fb81f8b4e07f2164.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | 5577f62f1ab8fc05fb81f8b4e07f2164.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| GB | 142.250.200.6:443 | s0.2mdn.net | tcp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.209.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.30.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.135.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.211.155.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| GB | 142.250.187.226:443 | securepubads.g.doubleclick.net | udp |
| FR | 185.235.86.26:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.214:443 | gem.gbc.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | download1530.mediafire.com | udp |
| US | 205.196.123.218:443 | download1530.mediafire.com | tcp |
| US | 205.196.123.218:443 | download1530.mediafire.com | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| NL | 81.17.55.108:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| FR | 154.54.250.151:443 | ads.stickyadstv.com | tcp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| US | 8.8.8.8:53 | static.smilewanted.com | udp |
| DE | 3.73.17.159:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| FR | 5.196.111.73:443 | sync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 218.123.196.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.17.73.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| IE | 54.77.210.83:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| DK | 37.157.5.133:443 | cm.adform.net | tcp |
| IE | 18.203.27.132:443 | ap.lijit.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 52.46.151.131:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | us.shb-sync.com | udp |
| US | 8.2.110.33:443 | us.shb-sync.com | tcp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 18.239.208.71:443 | s.ad.smaato.net | tcp |
| US | 8.8.8.8:53 | 83.210.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.27.203.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.5.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.111.196.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.151.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.110.2.8.in-addr.arpa | udp |
| US | 18.239.208.71:443 | s.ad.smaato.net | tcp |
| US | 8.8.8.8:53 | 71.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adclick.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | slack.com | udp |
| GB | 18.169.61.189:443 | slack.com | tcp |
| US | 8.8.8.8:53 | d34u8crftukxnk.cloudfront.net | udp |
| US | 8.8.8.8:53 | a.slack-edge.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | reveal.clearbit.com | udp |
| US | 18.239.190.42:443 | d34u8crftukxnk.cloudfront.net | tcp |
| US | 18.239.208.126:443 | a.slack-edge.com | tcp |
| US | 18.239.208.126:443 | a.slack-edge.com | tcp |
| US | 18.239.208.126:443 | a.slack-edge.com | tcp |
| US | 18.239.208.126:443 | a.slack-edge.com | tcp |
| US | 18.239.208.126:443 | a.slack-edge.com | tcp |
| US | 18.239.208.126:443 | a.slack-edge.com | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| GB | 18.134.250.23:443 | reveal.clearbit.com | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | 189.61.169.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.190.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.178.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.250.134.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.208.239.18.in-addr.arpa | udp |
| US | 18.239.208.126:443 | a.slack-edge.com | tcp |
| US | 8.8.8.8:53 | a11179690159.cdn.optimizely.com | udp |
| US | 8.8.8.8:53 | cdn3.optimizely.com | udp |
| US | 8.8.8.8:53 | api.demandbase.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| GB | 104.84.92.152:443 | a11179690159.cdn.optimizely.com | tcp |
| GB | 23.64.33.30:443 | cdn3.optimizely.com | tcp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| NL | 18.238.243.68:443 | api.demandbase.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 152.92.84.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.33.64.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.243.238.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | logx.optimizely.com | udp |
| GB | 216.58.212.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube-nocookie.com | udp |
| GB | 216.58.212.238:443 | www.youtube-nocookie.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.212.238:443 | www.youtube-nocookie.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.schemaapp.com | udp |
| US | 8.8.8.8:53 | www.mczbf.com | udp |
| NL | 18.239.50.86:443 | cdn.schemaapp.com | tcp |
| US | 18.239.208.90:443 | www.mczbf.com | tcp |
| US | 34.111.140.246:443 | logx.optimizely.com | tcp |
| US | 34.111.140.246:443 | logx.optimizely.com | tcp |
| US | 8.8.8.8:53 | data.schemaapp.com | udp |
| US | 18.239.208.90:443 | www.mczbf.com | tcp |
| US | 18.239.208.7:443 | data.schemaapp.com | tcp |
| NL | 18.239.50.86:443 | cdn.schemaapp.com | tcp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 6321597.fls.doubleclick.net | udp |
| GB | 216.58.204.70:443 | 6321597.fls.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 86.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.140.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| GB | 216.58.204.70:443 | 6321597.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| NL | 185.64.189.116:443 | ow.pubmatic.com | tcp |
| NL | 185.64.189.116:443 | ow.pubmatic.com | tcp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| US | 8.8.8.8:53 | 116.189.64.185.in-addr.arpa | udp |
| DE | 3.73.17.159:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | t.pubmatic.com | udp |
| NL | 81.17.55.108:443 | ssbsync-global.smartadserver.com | tcp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| NL | 185.89.210.180:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| NL | 147.75.84.158:443 | sync.a-mo.net | tcp |
| NL | 147.75.84.158:443 | sync.a-mo.net | tcp |
| NL | 147.75.84.158:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | ads.us.e-planning.net | udp |
| NL | 193.3.178.3:443 | ads.us.e-planning.net | tcp |
| US | 8.8.8.8:53 | 19.158.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| GB | 2.23.160.20:443 | hbx.media.net | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 8.8.8.8:53 | 3.178.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.23.2.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | udp |
| GB | 142.250.200.6:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads4.g.doubleclick.net | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | udp |
| GB | 142.250.187.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 142.250.178.2:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 40.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12632256.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.238:443 | play.google.com | tcp |
| GB | 142.250.187.238:443 | play.google.com | tcp |
| GB | 216.58.204.70:443 | 12632256.fls.doubleclick.net | udp |
| GB | 142.250.187.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| GB | 142.250.178.2:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.6:443 | s0.2mdn.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 254.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 20.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | udp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 142.250.187.226:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 216.58.212.238:443 | www.youtube-nocookie.com | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| GB | 142.250.180.10:443 | jnn-pa.googleapis.com | udp |
| US | 172.64.155.119:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | bakedmatela.fun | udp |
| US | 8.8.8.8:53 | killredls.pw | udp |
| US | 8.8.8.8:53 | keewoolas.pw | udp |
| US | 8.8.8.8:53 | moskhoods.pw | udp |
| US | 8.8.8.8:53 | dayzilons.pw | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9f44d6f922f830d04d7463189045a5a3 |
| SHA1 | 2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c |
| SHA256 | 0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a |
| SHA512 | 7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d |
\??\pipe\LOCAL\crashpad_2024_ASTJZSYKISWNUDPC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7740a919423ddc469647f8fdd981324d |
| SHA1 | c1bc3f834507e4940a0b7594e34c4b83bbea7cda |
| SHA256 | bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221 |
| SHA512 | 7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f2211b41e449b5291a62a10ac1715d77 |
| SHA1 | b83db34f276994d985f068aed6770e7909bdcc05 |
| SHA256 | 68da518149668b1b599cbf60f9e97848a8adf0378bacae5472f56daa08418598 |
| SHA512 | fe3ddc46644c9532f0f84aeb4dc8e776bfcadc5e4f8c75c21e9b4e4aa69ee9d0673699b2a1684d4b14729f8e9c275675de6d814dd04033763fdab72117111925 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 55bb2c6f3988f55ec2b85654a9abaa89 |
| SHA1 | 40068b126d465b3db22e3df00498980bf2f7ba5f |
| SHA256 | f4b4f4dd53efc7efd78213678c1ee97365052f3de6de818fe5bf704e1f49a244 |
| SHA512 | 74fea3ac610d34b79a7b2cc8f04c069e677ef6ca25556b5107880494d883714f53f90bd37a71c7460def01fd2becf4033e3c2a137ea13796d3ec8fea49951ca6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f59f2d8256e29e7c0fcbb7f8368c84f7 |
| SHA1 | b45720b9e383078ac929959c1ecb1597209584e3 |
| SHA256 | bd5ff7801ae4bbe5a1f61020aec13768fc4d8d5b2b1f4777fd929a3d6252115c |
| SHA512 | 18bc9eb9e5443b512296cb08d0dba42f886ecf552e8be10e3f5bf5beab7695d6bdbed10fa1076cecd0cef9159a54a96caae20c142989c04e252179fcea05e264 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7003947925c15af921307c604e24d787 |
| SHA1 | 55ac0401837b0004660f5cf9f193bf5739349ed4 |
| SHA256 | b9ec20ce4d318c97d46e84ee3449a1fe13585d26a0f475398aa1e4a1077f1fdb |
| SHA512 | 0df68a20d064994659d16f48067d9f6ad7c87ad805607229c4e8f5cde6b5294d9e1444b2f26a7ad3c8d4b4d40b16199f14f731358f290198f322d67f2e980cdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4b7ffe2794a6ad2e8ab50e362b789180 |
| SHA1 | 451170d9d9c754366849be16bf3821632e302907 |
| SHA256 | 68ddf5bed36aab4d1ef6fa8b2fecc04940d1e61465e6b58e0863a4d74f76944f |
| SHA512 | b8db48f93ff200c924d53183bb18e8880e8856118a0ccd8baca8d9ea89fe3770e7da139cba1026f41975bf7b3083c647ef09f248f376f55a3f4bc630565fe49f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b759.TMP
| MD5 | 020d6183673cc6cdd6ecc9a68190f551 |
| SHA1 | 3217b25c2365462493f9130ac0cc5b2805ae5fe7 |
| SHA256 | 6a3f30a386a046b67217ee985328e3b2c678be417a81c77fb6775d2cb0cab650 |
| SHA512 | 49f43ff4923cae099c01eedfdb1cbe6c201e93769ac33e0566724d91ec19480e248b2117653d2764686a3a55772a9d84931f286f00887b21e1edc9350935775f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe57e05d.TMP
| MD5 | a0bfeab40fe64267fd36c9e965ffab34 |
| SHA1 | cf18c4b5b536af0ee7131a4831946bf87699b925 |
| SHA256 | f6d44ae7879a6fb78e206f74c510b025ee6295a3ce4fd6fe98439f06b94ec613 |
| SHA512 | 2a41c92abe8b794c38cb7b805abcac43b4ac07ca9ccef00f504105ed297a327afd9e8e853c77c18be4ab2099010828a1faec6a3b6d163bbea62a6823724c76fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
| MD5 | 343859b4ad03856a60d076c8cd8f22c3 |
| SHA1 | 7954a27de3329b4c5eefd4bdcb8450823881aad6 |
| SHA256 | 8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f |
| SHA512 | 58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ed776adf2e5b599bea170ac09cd0dfdb |
| SHA1 | 5cb652bd33e33d3a1751232404a7b8243fe012c9 |
| SHA256 | 314fb9160a887e9e32fb1b39d9125ea3715bc53ac05785b029325992c122c365 |
| SHA512 | 02b62c77f5dcc36466d6bac088751e561cb7594233a67857c5a84b49def86fca4e15f7282d0144991612f3d0b46670bcf7cdbd6530d566088fa05d9ab7cebdac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1b49a4304b1e5d404928909f44746201 |
| SHA1 | e558266eb58d66d42a61ae9f7b22df4814ad964e |
| SHA256 | 589fce9636d9811b1634f98a595de3000127301de7e792367523d68078f6795a |
| SHA512 | bdfc8e54efe58b880bfc0e9df09ada11a78d0957fa5e3ef4dbbec65ceb059bc87e8c571479af33e28b50a1413d8dc1e75fd66c90819e802b9074d3b971eb63b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_prebid.a-mo.net_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | c30d2da9fb20e32f49471c06ab0b4683 |
| SHA1 | 0d1aa96700760ed1564756a24a0eaba66fa27430 |
| SHA256 | 28c0929af10cee967c8c4b07c6e0cffd475fd6b02ee0fa430d6394c80b8fbe1e |
| SHA512 | 431314c00a7de250551d1015b256bcdb50859d43e86729a8ef72470d619a5ef146e6cd74183dba953e0b30e6393116c48aad1b54323905ccc795e831c1c08720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 74c240d81e71ae376913677111b6fc7e |
| SHA1 | 9002418d668b0b5c3541a86fd6195693384b9fe3 |
| SHA256 | e0c7d5f46ac580b10c72b512709965137f941d206ab0995d13a77a0e3f5055ea |
| SHA512 | 66abaa43ad96f7466d1affa8bf039c90d2bd6fb64898e506fe0889ddfb3554d89a1c3e9f652724cb791c5c104ca68879e8145064173a09fe2580e3fa4fb9b64c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | 48f1bb392d4cf86123e80420497fd7f9 |
| SHA1 | d93e1b87852b3664d4863aba65691772e9b516a2 |
| SHA256 | 67dffef53ad5c00c67b5ec3a9f4e603ff710cfe14588087c2703074eaa223369 |
| SHA512 | dc986587ed25b08b194e1232313e6499af0576857786ddb39bdf2a066c36ce654aaa5355d920319d2a46d28735318d471db91c32c316ee426601e9c3506b2d08 |
C:\Users\Admin\Downloads\Password - rusthack7615.rar
| MD5 | 3855744fdda67fc8bc5da8b9855099e7 |
| SHA1 | 248d4fc090c65d0231e53d4fae84e0ef895d5554 |
| SHA256 | c3eb1fbc5e4536fecf46121419c0aadf786c0e4db748f07800a8df0dbe767b56 |
| SHA512 | 4fb996d00c9cde76d2cf2768c3f43867a8eb46919490e4c7ebd2d29a935aafd7c3b3208a8e67150411190ca2f1bfb24c9182b8e49c8dd6f0958b1fc642766f13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bbdf9f827502315755720f7641f818c6 |
| SHA1 | e7aab523f391f6a8f2e9f3e09a54e625618adc67 |
| SHA256 | ecdb0ec145d31e68dd70ba77543b5f222879ae72df954262a1deefc977c79af7 |
| SHA512 | 9485cfc6a52fe85f64da02e79a5b085266917f17714312db72fc8f5ac9e6443dea7e8cff710091a55abc600f19cc183a30e424978a12cc4daaf844b649a3dff1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0b48c63d90ab85c561616e842c8e9c04 |
| SHA1 | 17f3ec4dbf28b8958d7c6b15bdd3f638399ff344 |
| SHA256 | e696f4baaa7b95ad71512f582cc7bced63d67e25379541e3fbedb4f5c67b31ac |
| SHA512 | 12d782c8de2b0fe9cdec149dcf9fffcb533cd29d8861b7d170d5ac7f12becac74ad54008206e7662868f95979e7c13746c96407af1fabe5fea6bed9cf6f8dc73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 972ca55662bcc8ae1d9927478c63f186 |
| SHA1 | 2cad6c9e649b272e34a47c197d7a38fb131a3bef |
| SHA256 | e9d04cfe80661578ee2e3db52e1f6b27fa6ad82d5f191d40ca83f79f76163112 |
| SHA512 | 3a68aca230624fdd6be28a100eb07cd96ed29f8bc5a495efcbc7d592805083ce297724bbabf6b79f950830bba4622d1f5f5c90426be8a70db130dedbc8ecaec2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f45a2984cf6aac9c5534087343adf61b |
| SHA1 | 6d3f3accb555d304b3b91283a0dd8c6aab4d7e2e |
| SHA256 | 2bf5733522dce97ff61bb660372a1290352cff372bf7e623c7d068fe7ad4030a |
| SHA512 | 1f159e295b165f494eb826e35c7d0efc497debb683b083b0b0affb78369d5d89b78d496ebb1506e1850f4f3a67605d08bc3f0060f2c446252d94605732922792 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a39f44ddb1dd0de94225519c141c0629 |
| SHA1 | ad94c2216b7afd6906f175053fe842ce0f37aa74 |
| SHA256 | 59ad3a1d55e0127411f510dc4fc4fec278a1e22dc0394bb1e4eb30e2b86d22e0 |
| SHA512 | aa99cd1cefa9ae39a41a448b3b07a654c1bf7896546b9126c8911863f75d7d39104551a3e15dbeaec06aba3bfd1057690d2c9b5c98b68b624bc93be3990cc2ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 31d9e0dc5ab6f0bac3458d14f5b9d5e4 |
| SHA1 | 83b2e3d6ee0ca369ac16803e8515ce38bdfe13bd |
| SHA256 | 07ff393ee331d32e37234b8874cb10e587c7acb1d6119f0cc4c8be4c31b77419 |
| SHA512 | 1e5ba64839fd8bf1351dd8ed21193e09ff7078c6ee4d9fb37e11347f8c9168a5db44ad064ca335e3265c6e0a5caa5ffbd6f030c6ee9f10a6502236e0ea65ae44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 391a04be092e9cb85bb4ddaa12f62798 |
| SHA1 | 110ebb68a6b6abe4e3a6a0186fd0f42cce83bbd8 |
| SHA256 | 346d1e7fb75c1a07cfac26282fb433d3cb9ea548d21b6dde7957f5a787fd780d |
| SHA512 | 6539383f4ca95be503facfe2b774b8d0647c4cdf1860176b7ae3700d6f8a977586eeb80a4861c49a16f47209b9049c0eaf4ed497b23df75e745213a7f79ed473 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a4b3551bab612104ddace80fb33f4f84 |
| SHA1 | 28bfb9a7628b21ddea7f7a3a270930a5bd135410 |
| SHA256 | 20031a6ef6a9bb72b653ee8e2b94bd55363f8bcea527550ad0fe5932921336dd |
| SHA512 | 0b603d1ac36ad1a512f751b4ca937fcfa487abaa846175dbbde5ca50bd8f8b023f5a180760abbc89d06eaa62a32787598c4b53b1ac7cf33125f296083006034b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ed4b24f920ba8c2c2a3a7f796ee18d89 |
| SHA1 | a520bf9899186e048c702315d685b23c2e7f15c0 |
| SHA256 | 054ad15e8a38d0bc1853d6efd49399359e0ed40725116e45c43b090560a62daf |
| SHA512 | d1327277542f652efea1ba2690d078212c42d9fe3be9caf33e4d018c4f0cfc6e9d215f9bf5a08aa8480da60f04e8440f4bf995d9c72edb2426fcfae1678b0b9b |
C:\Users\Admin\AppData\Local\Temp\7zO0C89A549\Cheat.exe
| MD5 | 57f87e9b995f252db533eef34964e6dd |
| SHA1 | 1ca4adcbeb8f0cec08fffa6381f252780d818af4 |
| SHA256 | 42b01349cc6daf4d06658de2995317737ac4ea73c4594473939e5716e4e03165 |
| SHA512 | e81ae0707d81020387968f64b70e8f3ba35644f593a43744fa842b823457d39e8b291ebae425c493a12565993bf1afafdad65021d903c2b9d56441e8d6364587 |
memory/2948-772-0x0000000000400000-0x000000000049D000-memory.dmp
memory/2948-773-0x0000000000570000-0x00000000005F8000-memory.dmp
memory/2948-778-0x0000000000570000-0x00000000005F8000-memory.dmp
memory/2948-779-0x0000000000400000-0x000000000049D000-memory.dmp