Analysis Overview
SHA256
66954378817928c48d4296a2b7bb60e7a899a5a18529b43cf35a64196e3ed754
Threat Level: Shows suspicious behavior
The file Luna Grabber Builder.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
Drops startup file
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Unsigned PE
Detects Pyinstaller
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Detects videocard installed
Enumerates system info in registry
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:33
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:33
Reported
2024-04-07 19:36
Platform
win7-20240221-en
Max time kernel
120s
Max time network
133s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2144 wrote to memory of 1720 | N/A | C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe | C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe |
| PID 2144 wrote to memory of 1720 | N/A | C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe | C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe |
| PID 2144 wrote to memory of 1720 | N/A | C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe | C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe
"C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe"
C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe
"C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI21442\python311.dll
| MD5 | 53b1a9474ddc3a31adf72011dc8da780 |
| SHA1 | 36f476d318acca6a12d3625b02cb14ab19534db7 |
| SHA256 | 357e545f47b605682328566a8df692dc22e4ea2ab37686788c3416b3813addc7 |
| SHA512 | 290c070eaf324476bfda676fc547ee42479a239b11192b654604862d53de1f1752a2f1b212dc15b3a22787a6469d6ec22ced98b7bb7d5f7c618602bbd12b7881 |
memory/1720-104-0x000007FEF6090000-0x000007FEF667A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 19:33
Reported
2024-04-07 19:36
Platform
win10v2004-20240226-en
Max time kernel
146s
Max time network
157s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Luna Grabber Builder.exe | C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Luna Grabber Builder.exe | C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-513485977-2495024337-1260977654-1000\{7D7A03A4-151B-44A2-9A89-98C5BE04CE91} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe
"C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe"
C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe
"C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic os get Caption"
C:\Windows\System32\Wbem\WMIC.exe
wmic os get Caption
C:\Windows\System32\Wbem\wmic.exe
wmic cpu get Name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8276646f8,0x7ff827664708,0x7ff827664718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8276646f8,0x7ff827664708,0x7ff827664718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 104.26.13.205:443 | api.ipify.org | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | 205.13.26.104.in-addr.arpa | udp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.123:443 | www.bing.com | tcp |
| NL | 23.62.61.123:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 123.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.153:443 | r.bing.com | tcp |
| NL | 23.62.61.153:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | th.bing.com | tcp |
| NL | 23.62.61.56:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 153.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.17:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.16.155.36:443 | whatismyipaddress.com | tcp |
| US | 104.16.155.36:443 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | ds6.whatismyipaddress.com | udp |
| US | 8.8.8.8:53 | app.fusebox.fm | udp |
| US | 8.8.8.8:53 | 36.155.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.185.250.142.in-addr.arpa | udp |
| US | 104.26.13.133:443 | app.fusebox.fm | tcp |
| US | 8.8.8.8:53 | a.omappapi.com | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| US | 8.8.8.8:53 | a.pub.network | udp |
| GB | 143.244.38.136:443 | a.omappapi.com | tcp |
| FR | 52.222.149.52:443 | cmp.inmobi.com | tcp |
| US | 104.18.20.206:443 | a.pub.network | tcp |
| US | 8.8.8.8:53 | maps.whatismyipaddress.info | udp |
| US | 104.26.5.215:443 | maps.whatismyipaddress.info | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| US | 104.26.5.215:443 | maps.whatismyipaddress.info | tcp |
| US | 104.26.5.215:443 | maps.whatismyipaddress.info | tcp |
| US | 104.26.5.215:443 | maps.whatismyipaddress.info | tcp |
| US | 8.8.8.8:53 | optimise.net | udp |
| US | 8.8.8.8:53 | api.floors.dev | udp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| US | 34.111.152.239:443 | optimise.net | tcp |
| US | 34.160.128.112:443 | api.floors.dev | tcp |
| US | 8.8.8.8:53 | d.pub.network | udp |
| US | 8.8.8.8:53 | 227.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.184.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.13.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.111.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.5.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.152.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.128.160.34.in-addr.arpa | udp |
| US | 34.160.152.31:443 | d.pub.network | tcp |
| US | 104.26.13.133:443 | app.fusebox.fm | tcp |
| US | 8.8.8.8:53 | api.omappapi.com | udp |
| US | 172.66.41.8:443 | api.omappapi.com | tcp |
| US | 34.111.152.239:443 | optimise.net | tcp |
| US | 34.111.152.239:443 | optimise.net | udp |
| US | 8.8.8.8:53 | onesignal.com | udp |
| US | 8.8.8.8:53 | static.libsyn.com | udp |
| FR | 99.86.91.41:443 | static.libsyn.com | tcp |
| US | 34.160.128.112:443 | api.floors.dev | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| DE | 142.250.185.130:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 31.152.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.41.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.181.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.91.86.99.in-addr.arpa | udp |
| US | 216.239.32.181:443 | analytics.google.com | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| US | 34.160.128.112:443 | api.floors.dev | udp |
| US | 8.8.8.8:53 | cdn.whatismyipaddress.com | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| DE | 18.197.41.136:443 | api.cmp.inmobi.com | tcp |
| DE | 142.250.185.130:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| DE | 172.217.16.196:443 | www.google.com | tcp |
| DE | 142.250.186.131:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 130.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.41.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| FR | 52.222.169.27:443 | sb.scorecardresearch.com | tcp |
| US | 8.8.8.8:53 | cdn.confiant-integrations.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | freestar-io.videoplayerhub.com | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 104.18.43.90:443 | cdn.confiant-integrations.net | tcp |
| US | 172.67.74.207:443 | freestar-io.videoplayerhub.com | tcp |
| FR | 13.249.10.203:443 | c.amazon-adsystem.com | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | 27.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.43.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | fid.agkn.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 34.160.46.1:443 | fid.agkn.com | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| DE | 91.228.74.159:443 | secure.quantserve.com | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| FR | 52.84.174.40:443 | config.aps.amazon-adsystem.com | tcp |
| FR | 3.162.36.191:443 | aax.amazon-adsystem.com | tcp |
| FR | 3.162.36.191:443 | aax.amazon-adsystem.com | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 8.8.8.8:53 | 207.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.36.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.10.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.46.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.36.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s2s.t13.io | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| FR | 18.244.28.79:443 | rules.quantcount.com | tcp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | 614832f4f07549cdfe4efa4236d0cef2.safeframe.googlesyndication.com | udp |
| DE | 172.217.16.129:443 | 614832f4f07549cdfe4efa4236d0cef2.safeframe.googlesyndication.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| IE | 52.95.126.160:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | p.ad.gt | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | ids.ad.gt | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| DE | 142.250.185.66:443 | cm.g.doubleclick.net | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| NL | 213.19.162.80:443 | token.rubiconproject.com | tcp |
| US | 104.22.4.69:443 | ids.ad.gt | tcp |
| US | 104.22.4.69:443 | ids.ad.gt | tcp |
| DE | 37.252.173.215:443 | secure.adnxs.com | tcp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| IE | 54.217.116.3:443 | ad.360yield.com | tcp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 178.32.197.57:443 | sync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| DE | 142.250.185.66:443 | cm.g.doubleclick.net | udp |
| US | 104.22.4.69:443 | ids.ad.gt | tcp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | tcp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | pixels.ad.gt | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 104.22.5.69:443 | pixels.ad.gt | tcp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.140.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.126.95.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.173.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.116.217.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.197.32.178.in-addr.arpa | udp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| DE | 216.58.206.33:443 | cdn.ampproject.org | tcp |
| DE | 216.58.206.33:443 | cdn.ampproject.org | tcp |
| DE | 216.58.206.33:443 | cdn.ampproject.org | tcp |
| DE | 216.58.206.33:443 | cdn.ampproject.org | tcp |
| DE | 216.58.206.33:443 | cdn.ampproject.org | tcp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn.browsiprod.com | udp |
| US | 8.8.8.8:53 | c.pub.network | udp |
| FR | 18.155.129.106:443 | cdn.browsiprod.com | tcp |
| US | 34.160.152.31:443 | c.pub.network | tcp |
| DE | 172.217.16.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| US | 8.8.8.8:53 | events.browsiprod.com | udp |
| US | 54.69.143.81:443 | events.browsiprod.com | tcp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | yield-manager.browsiprod.com | udp |
| FR | 3.162.38.127:443 | yield-manager.browsiprod.com | tcp |
| DE | 172.217.16.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| DE | 142.250.185.130:443 | securepubads.g.doubleclick.net | udp |
| FR | 18.155.129.106:443 | cdn.browsiprod.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DE | 142.250.186.130:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 65.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.206.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.143.69.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| IE | 99.81.223.226:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| IE | 54.76.201.167:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | ai.browsiprod.com | udp |
| US | 8.8.8.8:53 | cdn.springserve.com | udp |
| FR | 52.84.174.100:443 | cdn.springserve.com | tcp |
| FR | 52.222.201.40:443 | ai.browsiprod.com | tcp |
| FR | 52.222.201.40:443 | ai.browsiprod.com | tcp |
| DE | 142.250.186.130:443 | googleads.g.doubleclick.net | udp |
| US | 34.107.140.113:443 | s2s.t13.io | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 8.8.8.8:53 | 226.223.81.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.201.76.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vid-io.springserve.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| IE | 34.249.161.119:443 | vid-io.springserve.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| IE | 34.248.34.72:443 | ads.yieldmo.com | tcp |
| NL | 72.246.172.22:443 | contextual.media.net | tcp |
| NL | 72.246.173.47:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 119.161.249.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 216.239.32.181:443 | analytics.google.com | udp |
| US | 54.69.143.81:443 | events.browsiprod.com | tcp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.34.248.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.172.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.173.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.239.69.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI27402\python311.dll
| MD5 | 53b1a9474ddc3a31adf72011dc8da780 |
| SHA1 | 36f476d318acca6a12d3625b02cb14ab19534db7 |
| SHA256 | 357e545f47b605682328566a8df692dc22e4ea2ab37686788c3416b3813addc7 |
| SHA512 | 290c070eaf324476bfda676fc547ee42479a239b11192b654604862d53de1f1752a2f1b212dc15b3a22787a6469d6ec22ced98b7bb7d5f7c618602bbd12b7881 |
memory/1656-106-0x00007FF829B40000-0x00007FF82A12A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27402\VCRUNTIME140.dll
| MD5 | 870fea4e961e2fbd00110d3783e529be |
| SHA1 | a948e65c6f73d7da4ffde4e8533c098a00cc7311 |
| SHA256 | 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644 |
| SHA512 | 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88 |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\base_library.zip
| MD5 | 948430bbba768d83a37fc725d7d31fbb |
| SHA1 | e00d912fe85156f61fd8cd109d840d2d69b9629b |
| SHA256 | 65ebc074b147d65841a467a49f30a5f2f54659a0cc5dc31411467263a37c02df |
| SHA512 | aad73403964228ed690ce3c5383e672b76690f776d4ff38792544c67e6d7b54eb56dd6653f4a89f7954752dae78ca35f738e000ffff07fdfb8ef2af708643186 |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\python3.DLL
| MD5 | 2ad3039bd03669f99e948f449d9f778b |
| SHA1 | dae8f661990c57adb171667b9206c8d84c50ecad |
| SHA256 | 852b901e17022c437f8fc3039a5af2ee80c5d509c9ef5f512041af17c48fcd61 |
| SHA512 | 8ffeaa6cd491d7068f9176fd628002c84256802bd47a17742909f561ca1da6a2e7c600e17cd983063e8a93c2bbe9b981bd43e55443d28e32dfb504d7f1e120c0 |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\_ctypes.pyd
| MD5 | 8bc1c4b20231b171ded3cba344b23d11 |
| SHA1 | a1610e87b3d37d898115bbe89127715f7fa5f1f5 |
| SHA256 | ba96086707c00ac6ad11a678ec87ae139a94d953665486cba79e5da18fccc5f9 |
| SHA512 | aa683ad0881b697aade8a5d19ffdc26e8aef1457db532a1c966e2dbe148fabf948d22f22181a16ea9280f682a2a24f438fbd27d2b370ce4208010a84bf4af748 |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\libffi-8.dll
| MD5 | 85eb80a41bc7dac7795e3194831883d6 |
| SHA1 | 94d8f9607b8cc0893ab0798aeb02ae740e3f445e |
| SHA256 | 19f877901640af18a27d340002744a2a1709e106b3972b9ca5336ece43a91522 |
| SHA512 | 42205da7e5af87c5e7f9198db5d198173142876b541dc8abe0ea9e0a23041366e7e85b545efe97447aac6774feb1a40069580051928d3541cec0ff5e99cca8a7 |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\_bz2.pyd
| MD5 | b227a77a065cbdf53d89072b91ad5d36 |
| SHA1 | ca2b8fd5b8f84298fd147b3d8f850cd9d3b7678f |
| SHA256 | fafee9f3f6a8f9dc1859f482a401c1301bc64632c5164db460f6dcfe010cf69d |
| SHA512 | 91f44f35360859fcc5f77a33fa9606c67ea353f97bac907078966afe7224d9197444ef3a79845ff3610cba9ba8703f39d83006a6795176f9a7d154a7ff7ae037 |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\_lzma.pyd
| MD5 | b44fd0cc6537cf62cd93f26f0225b73f |
| SHA1 | b851300f9436ca003b7738d511bd0d0a99f7bdfc |
| SHA256 | 134ead1985e01aa08fc0cf9429a3bdd2e8bd0ccd012a708bdb207452b81ee6ed |
| SHA512 | 8f3e79411790303dc0283846548ff33c541489dc6878902756b147d644afb6369e2721bc2ae913c6eb742346fcb0a7545df46ed6da8a13b15339e51e15117ec3 |
memory/1656-116-0x00007FF83CED0000-0x00007FF83CEF3000-memory.dmp
memory/1656-122-0x00007FF83CDF0000-0x00007FF83CE09000-memory.dmp
memory/1656-121-0x00007FF8392B0000-0x00007FF8392DD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27402\_socket.pyd
| MD5 | 5fadaa05ce39e7bd808049556f6b95a5 |
| SHA1 | 32b27e7c54bebbe8012126d3c0dd20f98689af88 |
| SHA256 | 8cfe616dd8710ea5f2742f1306f64922826673c9a60e0b7b6f2552ac31088f9e |
| SHA512 | 1784faae9e641937afd73d7a7699ad1313b93353fb20a67965722ccc7a37aee34e3f053e6df35508c9e0a7ba6db48516ac475c3d1fac4dfe043beba3c0e6b59f |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\select.pyd
| MD5 | 4fb899c990d705b5d2f96947c1cdbc17 |
| SHA1 | 0cfbf51732a5e55422d5a70b446e0208c6c852a6 |
| SHA256 | 3fcd54d75627f5cdbe2398bb6bd7008d5b1041cc84aa9a40424f1caa290638a5 |
| SHA512 | 718a832577447b93262ea2269a6fbeddea3daf17e0134e56fb72a71c4de42014c9cbcd46a54521b92c8ba161fcbe7a92ab4132b37d7dd804a70f3fb4814065ee |
memory/1656-128-0x00007FF83CDE0000-0x00007FF83CDED000-memory.dmp
memory/1656-126-0x00007FF8390A0000-0x00007FF8390B9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27402\pyexpat.pyd
| MD5 | 4038b06803d4243ff3f6d0e276a8aee0 |
| SHA1 | ca495b25b0cbeb573e070bb69a0b8403911a05a9 |
| SHA256 | 9dc23d7670e00840af9356d765cf4ede03ba656da6d9ed93034ebae0d3c7663b |
| SHA512 | 36e3b32f6284bcbcf2cd0231a24aaa4e49593610f3133dd018df962f5522e24bdfec2d7cd9cf4e4d780095db604030ce7824780d9d449f2234c5d877d5d34246 |
memory/1656-131-0x00007FF839060000-0x00007FF839095000-memory.dmp
memory/1656-120-0x00007FF83F3F0000-0x00007FF83F3FF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27402\_queue.pyd
| MD5 | 5a68de9bfe3b02de63dbb20656b16b53 |
| SHA1 | 7eb26047fdd3307a82b406ea177b22ddbf1a14bc |
| SHA256 | 0f6f50993bdff1247a7cadf20934f214265dfb3712340326a2240767fe5e0fb7 |
| SHA512 | d6ed9a4208587c3482fe8652420773964ee9a2ae7e8de2aa0efba2b57eefd60a3bf7ddb6ab3de00797e963dc6c1a67ae426387cb14719900ccfb7cb0e8808215 |
memory/1656-134-0x00007FF839650000-0x00007FF83965D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27402\win32api.pyd
| MD5 | 874f878ff5665fc0a840a7e37ab27961 |
| SHA1 | df359473227821779930ce365c0eaf9e65f7bcdb |
| SHA256 | e32e0f712cc0d030591dbda368069f3e9798261108e615d6e60db361b62abbf6 |
| SHA512 | db1f3cd2af1bb21064b3c42ca62fb13a722fee2350dbeaf341e5ed726593baffca8bf018bf2f8c186ba8e67a155101fa95922a892fceb6dd0ee652bc0520cd9a |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\pywin32_system32\pywintypes311.dll
| MD5 | ba9a2334567d7cfa62b09e3ae1b975c1 |
| SHA1 | 97eaa4d70a8088f978f23d0ca0da80920001da61 |
| SHA256 | 639da13941becea3367632e3b1de46cb864bd7774cfefb4d5bc9a03831c3c656 |
| SHA512 | 561adae64ac11ae28ead424931996438264bbaaeddd21757bbe01c17b1c41e99c6e509b881891ece78f09d3590783d00fb1fcab29e9d12b681ed7d1877dc5809 |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\pywin32_system32\pythoncom311.dll
| MD5 | 2e1f0350a846bc85ff5fde64b5f9c5ac |
| SHA1 | e601f4828ed00ddfd82c9bfaeea4d494cfa7256f |
| SHA256 | 92d02b537ad6058ed417b5a71aa70aeae9d6da5009afb254511f0af61baa171e |
| SHA512 | 68bf5f3f80e374f97258f659df525bdb76610ddd5524c7a9199bbbf71855a78374a72a820b7fbef3de55651fdfe193dcf9baacd74e4338f52102fdd76cade364 |
memory/1656-140-0x00007FF838FA0000-0x00007FF838FCC000-memory.dmp
memory/1656-142-0x00007FF836D90000-0x00007FF836DBF000-memory.dmp
memory/1656-143-0x00007FF829720000-0x00007FF8297E2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27402\_ssl.pyd
| MD5 | 6eab88efb66abaa42a3f6ec2f0ada718 |
| SHA1 | 10f21dd91c309df77a5c1399fb059c8e70749fb4 |
| SHA256 | 03d67916ef72469257a1e4f7c891a63769f1289d0104eb4f19508704f0200317 |
| SHA512 | 14259bb728a75eae6ea93e2591f9e9aaa8677fe00f349210803db0e9fb42cfdb53e1d257bd9295905629b87c5741cd8409cb45a08129dd5838510670e13bbb53 |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\libcrypto-1_1.dll
| MD5 | 14c89f5cf35732f5eae8c381935b53d8 |
| SHA1 | be143c04a004e86b439f495a01dbf4661566187e |
| SHA256 | 67a7ceab9a00047b3986855a438acf51faff86b6f13980fd282e5b312ae9e54e |
| SHA512 | 9a631dec362730273ddb4ed39dbe8adcc1bf87b53932dcb81e07fe4d5197fe56fa20c98a261cc950f4e4766ccfa8a9db93d6a975d10afbe1a0758b19ee879252 |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\libssl-1_1.dll
| MD5 | 12ce2e61d0b52bec18225c1a7542d5a4 |
| SHA1 | 9b34515971021d678ffc6087cc968c93a16895dc |
| SHA256 | 17096a9f8be7cb4bc65318c2b64643949720965fadaf7d128895ccdd7215c896 |
| SHA512 | e28eeeb8f51f82b596cb8dca5cc0d538b647487cce7304a32ed7730fff6b3968ffd6c6a00f57607c2ac12766286251004e8a8452ea299dca86336b5ed725be41 |
memory/1656-149-0x00007FF829B40000-0x00007FF82A12A000-memory.dmp
memory/1656-150-0x00007FF835790000-0x00007FF8357BE000-memory.dmp
memory/1656-151-0x00007FF8298C0000-0x00007FF829978000-memory.dmp
memory/1656-155-0x00000220C9430000-0x00000220C97A5000-memory.dmp
memory/1656-154-0x00007FF829000000-0x00007FF829375000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27402\_asyncio.pyd
| MD5 | 18c820001b120056058fd7c2b5d89234 |
| SHA1 | 7847db19f7a4afde1de89197bbf3abfdfaa91fc9 |
| SHA256 | 30c9424b4e821600ba9de7480357cc9c2aef992667b91214272caf9798042bd6 |
| SHA512 | e198d6596b03c14151a51fca173f781292c707135fba906f4243d1bdb796aa6a2f809f6f5f70e03d65adc6d31183682e448b08d52ba403b5f45997c498bb0c81 |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\_overlapped.pyd
| MD5 | 9ef7e3555c1b95a819bf150959445b10 |
| SHA1 | 0b0d939508840682ba468c3e43a376130f0c548f |
| SHA256 | 6c9043bdd88ae252aa375e0031347fe4586c8a320836628d382822046ae1f2b6 |
| SHA512 | 947c8c2fb95bf1a8261cb9266beb315b2cf803f2071fb15dfe9140576e70302caad53be595d580fc5cd7632f523ea64dcaf21c7e0ee7ea384b8e1a898fb35cc0 |
memory/1656-162-0x00007FF8390A0000-0x00007FF8390B9000-memory.dmp
memory/1656-163-0x00007FF830200000-0x00007FF830215000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27402\_sqlite3.pyd
| MD5 | bbe2a08a0e997eacc34735fc2c9df601 |
| SHA1 | 0d0fcdb43a038ab9ef2dd46e00187a41e96c1489 |
| SHA256 | 28add6e21b62ff80168e83efc537454f56ed55b8c758f4342cd36d51c89ae5df |
| SHA512 | e799cefaca9b1908d78f61b0ba2a829c10318d0c1d9b031c73a71e3ed86c24c73f9bfa2a22e997f91b53c0e8aef972de5cc4698f26e1247530cd191bd57f4e1d |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\sqlite3.dll
| MD5 | dd904ba8cbc5933ca8dcfd08724a4d23 |
| SHA1 | 0b1acb031846e8eed30e3f508cdae4c25ee96fc4 |
| SHA256 | 94ce8d7282fe94377edd09998ed23107b072c3562785116c4e79ce7391b3511e |
| SHA512 | be665d19e4b4afa873689ad391dfb96101a27d513872fc63302d47ae0ee8e8631230f03ba9e01f06d6b6caf1b4243e65ad285e72b956481c88d475958b5ac83e |
memory/1656-169-0x00007FF829870000-0x00007FF829893000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27402\psutil\_psutil_windows.pyd
| MD5 | 21131c2eecf1f8635682b7b8b07a485f |
| SHA1 | fe245ad1bd5e56c81c40f555377c98a8d881d0eb |
| SHA256 | 4b3b5d15d13a96e3643a7be25cf6135d1a2fd13f41f6431239e0fa89b0d2ed7a |
| SHA512 | 1591cda50008fea7532f3ace4abdac0279a12b03426459d0a8454ed773fa92b032f79b633804757291eeaabb05ade90a2a9b7a5c2cc9e385c5ce1cf8ac099b77 |
memory/1656-173-0x00007FF829850000-0x00007FF82986C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27402\_hashlib.pyd
| MD5 | d6ede55082df871c677d0da68a49684f |
| SHA1 | 61b73740621d7ac9f677cdee1b776d14a7e9c2ff |
| SHA256 | 1aba7710685d8d86e182c5faeab604e71fcb3fff1b6ac905152cb4f1331f36fd |
| SHA512 | 337e880ae4859f72e86223785c628f40b84848ed6fa2a016031d16151fe655e1cd7008b4935cf5ad2c10decd25352eed04a0b9574289b0fd5ff3bc29b7550864 |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\charset_normalizer\md.cp311-win_amd64.pyd
| MD5 | 9ebd5ab917ec3d5f33c1749f44e01a49 |
| SHA1 | 8c5a98fda8e867d0308db487ed0b97945794fd92 |
| SHA256 | 85074082800b56a0ab994af38af0c36ac510b20be67392bab3cbefd1d24ec9f8 |
| SHA512 | b46b6ecd47ba9ef4739fafbbfa0123f6b7f950ebce05c3b768bb39c50d7ce57f96ff2fd12819a36e8d472f5e43a2ce7d5c6b6b721cac929e97078b5fc1be2444 |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\unicodedata.pyd
| MD5 | b895bb4056e6f35014aa7c6807fe09c1 |
| SHA1 | 528757e7173de08735da1737011b5d670c41976c |
| SHA256 | 2a544f5d327d76529c808fe40b6ba35433b569ad5216814e51f31804ec0cc1f6 |
| SHA512 | 8c06697f2a5c5b055d6e936ba5a63163e3641e3d45b5ffffd32fe0a78ba3a743b36a2b7c2369a4e25cf733b54c0ac69285045d59d1ce4e129ca6e0bba63a93da |
memory/1656-184-0x00007FF828860000-0x00007FF828885000-memory.dmp
memory/1656-185-0x00007FF828740000-0x00007FF82885C000-memory.dmp
memory/1656-186-0x00007FF839650000-0x00007FF83965D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27402\_cffi_backend.cp311-win_amd64.pyd
| MD5 | c4a1f9801e8a4d1e45988844bb1bb5e3 |
| SHA1 | 5fb9956110bb03bbc42a908d33b7beeb40154f4f |
| SHA256 | 919c377454f3a9917fb7b638fcf212dc46ad5992153fc18d304007370eb423f4 |
| SHA512 | 53269794bffad0d3bdeb523660c838f86bcafb62678beece5c13c8408d4d6670cde69389f3629766a5803abb475f2097b5dbe053102ccb2c5c47e0bac51266d1 |
memory/1656-190-0x00007FF8286A0000-0x00007FF8286D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27402\Crypto\Cipher\_raw_ecb.pyd
| MD5 | c493716c33f4078a3784efd5e6d8d7b7 |
| SHA1 | c80237c7130036ada30a0af9cbb3c83a31aaa0f3 |
| SHA256 | bcb8976ff5a25b85d9f860f53626cd3c98f39e8e0615e5a84972b41b7aa3e4ec |
| SHA512 | 2c3e94e8ac1406a8d097cb6c8ea59bb68a908560ce35580d8b7049c4f169c142121f9181400135a3fc9248d3b55aac9172dd149d30b183567880fdc31ae38148 |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\Crypto\Cipher\_raw_cbc.pyd
| MD5 | 4b2831906da6ba560812f71ccbd2cc26 |
| SHA1 | 056a1a0251a1835c22e03b746e9c3977c0b88ff8 |
| SHA256 | f2e586d236a96e9a1f15de48acc988052af63ca8408fc167ee08e2a82c3f9a86 |
| SHA512 | f89f133e61c993e05510f0257131a885d856aefd18c934cbde4e070b3645b1b619db2eb92e706112aa98154ba453195f35486ffac56731aac38103aeb55198b5 |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\Crypto\Cipher\_raw_ofb.pyd
| MD5 | 3dd725d468e7835f9fce780ee81e86fd |
| SHA1 | 08193dcd4d353bfaa0c18aaef5e906cd7be2d2cd |
| SHA256 | 579b8b07eb0eb02f3fd276ff26d06b952988804a4e860ad966f83a9deefe7e7e |
| SHA512 | 2820ae8d06f6c5cc5e21eb5c5934c35903fe63b62c161fd5358481ac052c5663b38975fc39e701c8fa061e72ac824e480cfaf74ea92b9887f2d7386514992008 |
C:\Users\Admin\AppData\Local\Temp\_MEI27402\Crypto\Cipher\_raw_cfb.pyd
| MD5 | b151e41644336c2f59a6945d52d3436f |
| SHA1 | 34e2b2c51f02e3a341c4b0e8e3e126283f81b1a5 |
| SHA256 | ba18aa282f38c9cfaf5ff6157ed3c99757a9bc961c41a81eead4c0df6942ab9a |
| SHA512 | 6bebb26dc1bfe0ed3ae15676e2135e13e724798b8cf260e6869fae8cc0c10fc72c8c7e6cc6a1397faef6d40824bcad96a9df6c634437a9d0fac67d1cc74bf5e4 |
memory/1656-198-0x00007FF836D90000-0x00007FF836DBF000-memory.dmp
memory/1656-188-0x00007FF8387A0000-0x00007FF8387AB000-memory.dmp
memory/1656-199-0x00007FF829720000-0x00007FF8297E2000-memory.dmp
memory/1656-201-0x00007FF836D80000-0x00007FF836D8B000-memory.dmp
memory/1656-202-0x00007FF834E20000-0x00007FF834E2C000-memory.dmp
memory/1656-200-0x00007FF838660000-0x00007FF83866B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27402\charset_normalizer\md__mypyc.cp311-win_amd64.pyd
| MD5 | c23f8204409f8d98381d8c5edc453e4f |
| SHA1 | c1f71d38cd7e50b07c535b100eb0d066b4712445 |
| SHA256 | be32849eef60ae7c278c7c429df73af30ca7f0e5ae66993fd742f4679bcce701 |
| SHA512 | 0654ff2f33cdc4735e652b8c72c56840d18a6b931382d1ff0aaed89fc52cf4db943943469d668e4c7b92726bc9b999b9fb8d9beeb5364ae37bc542ce134be1db |
memory/1656-213-0x00007FF82FB50000-0x00007FF82FB5C000-memory.dmp
memory/1656-212-0x00007FF832250000-0x00007FF83225B000-memory.dmp
memory/1656-178-0x00007FF8297F0000-0x00007FF829804000-memory.dmp
memory/1656-176-0x00007FF839060000-0x00007FF839095000-memory.dmp
memory/1656-171-0x00007FF828E90000-0x00007FF828FFF000-memory.dmp
memory/1656-167-0x00007FF8298A0000-0x00007FF8298B2000-memory.dmp
memory/1656-218-0x00007FF828680000-0x00007FF82868C000-memory.dmp
memory/1656-217-0x00007FF828690000-0x00007FF82869B000-memory.dmp
memory/1656-219-0x00007FF828670000-0x00007FF82867D000-memory.dmp
memory/1656-221-0x00007FF828650000-0x00007FF82865C000-memory.dmp
memory/1656-220-0x00007FF828660000-0x00007FF82866E000-memory.dmp
memory/1656-224-0x00007FF828610000-0x00007FF82861C000-memory.dmp
memory/1656-223-0x00007FF828620000-0x00007FF82862B000-memory.dmp
memory/1656-222-0x00007FF828630000-0x00007FF82863B000-memory.dmp
memory/1656-225-0x00007FF828600000-0x00007FF82860C000-memory.dmp
memory/1656-226-0x00007FF8285F0000-0x00007FF8285FD000-memory.dmp
memory/1656-227-0x00007FF8388E0000-0x00007FF8388EC000-memory.dmp
memory/1656-228-0x00007FF8283A0000-0x00007FF8285F0000-memory.dmp
memory/1656-229-0x00007FF828640000-0x00007FF82864C000-memory.dmp
memory/1656-230-0x00007FF838FD0000-0x00007FF838FE2000-memory.dmp
memory/1656-231-0x00007FF835790000-0x00007FF8357BE000-memory.dmp
memory/1656-232-0x00007FF8388A0000-0x00007FF8388CB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\9f2xdur649\Minecraft\User Cache.txt
| MD5 | 90de5a993afd41eb1d8a01c91501d245 |
| SHA1 | accd080b861316ecf97dca452e4ec1150ae56608 |
| SHA256 | 9b5180c04360197d0973f4be3d4f759254bfa39c42303ce1424063ed80245216 |
| SHA512 | b8c6abade3a01f315acd0001cde73f929c691eecb186efe55c4b55b99b51a154dc1360000db12bb15e4e2c4a48658892a21cb17c855b833d0fa5edf27e8d5740 |
memory/1656-245-0x00007FF8298C0000-0x00007FF829978000-memory.dmp
memory/1656-246-0x00007FF829000000-0x00007FF829375000-memory.dmp
memory/1656-247-0x00000220C9430000-0x00000220C97A5000-memory.dmp
memory/1656-248-0x00007FF829B40000-0x00007FF82A12A000-memory.dmp
memory/1656-253-0x00007FF8390A0000-0x00007FF8390B9000-memory.dmp
memory/1656-260-0x00007FF835790000-0x00007FF8357BE000-memory.dmp
memory/1656-261-0x00007FF8298C0000-0x00007FF829978000-memory.dmp
memory/1656-265-0x00007FF829870000-0x00007FF829893000-memory.dmp
memory/1656-266-0x00007FF828E90000-0x00007FF828FFF000-memory.dmp
memory/1656-270-0x00007FF828860000-0x00007FF828885000-memory.dmp
memory/1656-272-0x00007FF8286A0000-0x00007FF8286D8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5c6aef82e50d05ffc0cf52a6c6d69c91 |
| SHA1 | c203efe5b45b0630fee7bd364fe7d63b769e2351 |
| SHA256 | d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32 |
| SHA512 | 77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7c6136bc98a5aedca2ea3004e9fbe67d |
| SHA1 | 74318d997f4c9c351eef86d040bc9b085ce1ad4f |
| SHA256 | 50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2 |
| SHA512 | 2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd2a4528117702bd4a1a7185792e8fec |
| SHA1 | 30c6d444ca096ca63b44aabea7e3cd9488e55702 |
| SHA256 | 22f1e92585a106b7ad8663e3b070221bd0d724de406302ba5f2de8382999922a |
| SHA512 | 67bd5ac44f38affa8e6453193c31f17ba47c009d82711c69c53d621829a5dabcf47e4cf6878c165dbb62f9e6e3d7caa57aae5b9f1b251fb1e029ab1ef12e1f4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5cc8791744f0897ee62ab5d170e233f3 |
| SHA1 | 9e6be311cc33e016170db1612d5960a099550800 |
| SHA256 | 983670bd8f7268901eb5819afd72edca434cc4acdf751d0d8cc487d23bcbed35 |
| SHA512 | 726529b24efd2a1f05289e9e16cac31f87a611daeac20f04645229e0667d84f5570594445a757f96d84b53fea63acde5a28f32e5bfd686414a9704af1e990c9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ed047bcb4bdc39dba6d09e9828463925 |
| SHA1 | c1edcb771e68d483950313ae276e8d429ba37a14 |
| SHA256 | b9adda7d8d3d93aee84c92be6ba3fd1ab99ef00b2e593d7c497d149f7a2e81df |
| SHA512 | 064ae49ef30d81130987df27b18ecce854c5471bbe9dd147ff364e6d5584677a36ce69805a1f93d17bda7a8e0a9b2e998674bcd2ebbf594718c03731769188db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d41c03b457da0dd5ee23e19ee9cd2025 |
| SHA1 | 4bdb0dcfdae714a3b1d3048b5477eef4d9159087 |
| SHA256 | 36bd82ad0be222196ef3540364440d9ad8befb5af9d665dd8d522fbbf243e8f5 |
| SHA512 | 5134427dd60996200af1684f8f572ee3cb84373c32502a9d7a817f6394bbed2df7fd22be193da8edd5826a09953d774d7db025593a5489f8cd42a424cadea584 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 451352f1647636715cd9c957e4fa7dc3 |
| SHA1 | 6b1d326f650f35515d0e2c52a1b1034da8184a7b |
| SHA256 | 145f5624bfe043f580ff6670301e8151868dd2ed2fc642f5df1e004a29483049 |
| SHA512 | e5cfe4f2d5066b200e649d8223db97a0301eac046ac9499b12825272a105e2a2111766a8fb94717369f645d6413cb5fd7061c43832ee094c3a0a30bc62b23180 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 27bd3ff179a28ea96e7124991f87d372 |
| SHA1 | bc9ee846bc2368ea0aa617b0727df6d67b25e88e |
| SHA256 | cd085252349a44d65791d6c5765cc4ab00ea401969d2ea957be8372ed92f843d |
| SHA512 | 933f55a9ad09db446db298f1c7c977ce0a69c29dc4e1d8349b6c81b9f54e174bfcffa943c1a457a7dcab1ea1c649f5b2788e40ed687690abec1cea041843a2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58da00.TMP
| MD5 | 1623b614a5f6cee73022845626287d9a |
| SHA1 | 677026540821b833209c82c601392b547d0fafe8 |
| SHA256 | 0a19f8c84be83c35d9df057a8c9276991970ac9165b24a0bb8a152d2f2de11bf |
| SHA512 | 665a2a9a84e39b4c4a099aaf073435753535b8bc2ca2b47eeb9701b0b685c7ec11b5f322dbb617cc0a5dc867daee93f566addf6731b695475102826825014c19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f8da11e536554964510e547220ff9a12 |
| SHA1 | de2231679792ad6bfbf0d3fa89cef140fb7560be |
| SHA256 | b4f93de208364acc566504bd9778cf47b1fea9106f34f42d7928b413997c7a4a |
| SHA512 | 582044cdc0b24b6dc0c20ffd4cdebf689a2ef318cf65f3d6ce12a5acd45ab63a7c6c5575dec37d39b3095f86d481f357929aadb91f0db1caff90c81c33ce5f54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 75d176818fe5a3b080b53360268597ab |
| SHA1 | decbb6f71affb7048dbb4b1833844cc99450025e |
| SHA256 | 889ff5de9b321c4dc8f0f6039ccfc1a6efa3913d5825cab1903395003b9187fe |
| SHA512 | 4cab43d4d57a3fdd5cd40846e9862127c8baa8fb2cf6a78432bff6a2af951d86ee5286b335ab3179859894a779718399544b7684cd2064835e1a2f8795a50509 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fe417554f92c9abf679bc951e2af27a0 |
| SHA1 | cdb7da98103b15d32f9fec684a7a26f035592c2e |
| SHA256 | 42485e6006a59b1d6268bd6607f30680993ef4be7bbb1d019c6f586a6a2f0f11 |
| SHA512 | 481395eca89eaa71224b3516299cc944506b22d7259f52ee83f0ac80bdafcc7166dd9a026b0e43a1af16f008ee5b8c859c132976d670829d7424cb9a9f88ca06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a0903ae947a95315b49d95687d894219 |
| SHA1 | fbdd255d5f43bddf3d1b11081ef6cd7619d6f372 |
| SHA256 | 0164f5e791f4f99edd5d2aa6aabd3179dc1ec5fe295884b09e3bb58a141fd4cc |
| SHA512 | 8f728866a2cb5ab847bc54f73c5476388c0c6c0871b5fd807a65c13230144ec291989646d76564359ab9e01f97e5e661196e1bf048373a6f8501c9735750be98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cd78aacd99f47875baacda6aca01d828 |
| SHA1 | 8bcf6a2215e1f286475e9d683116d115331fa075 |
| SHA256 | c2fd7613f520ed3a4a9fe8100a383681d89dc1af5c0f8e476f0f841b1b0a54e7 |
| SHA512 | 1c7e6194f92020c81637adf23cca40b98ecc21011728a24694baf779beec0e78cbd0fd58734e4c414f2a9eacf562f5893406f8093890fc26f6bc80826c254b3d |