Analysis Overview
SHA256
ef1854221606db0f677c86d8f841b178c1564d5f8015f0706322e74fb7d21d7b
Threat Level: Known bad
The file redirect was found to be: Known bad.
Malicious Activity Summary
Detect ZGRat V1
Suspicious use of NtCreateUserProcessOtherParentProcess
ZGRat
Reads user/profile data of web browsers
Executes dropped EXE
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Drops file in Windows directory
Enumerates physical storage devices
Modifies registry class
Runs ping.exe
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
NTFS ADS
Enumerates processes with tasklist
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-04 16:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-04 16:53
Reported
2024-05-04 16:55
Platform
win11-20240419-en
Max time kernel
145s
Max time network
151s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 5240 created 3308 | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif | C:\Windows\Explorer.EXE |
ZGRat
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Executor Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\RegAsm.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2878097196-921257239-309638238-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878097196-921257239-309638238-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Executor2024.rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\redirect.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffca2bd3cb8,0x7ffca2bd3cc8,0x7ffca2bd3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9368 /prefetch:1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11024 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap30797:86:7zEvent15112
C:\Users\Admin\Downloads\Executor Installer.exe
"C:\Users\Admin\Downloads\Executor Installer.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Strategies Strategies.cmd & Strategies.cmd & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 55311775
C:\Windows\SysWOW64\findstr.exe
findstr /V "DEATHSINSTITUTIONSNGBUNCH" Precision
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Garlic + Designer + Rely + Boxed 55311775\g
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif
55311775\Agrees.pif 55311775\g
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\RegAsm.exe
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\RegAsm.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6265651380950395256,12545848639653753388,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4576 /prefetch:2
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E0
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.3:445 | www.gstatic.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.178.10:443 | translate-pa.googleapis.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 3.162.19.176:443 | cdn.amplitude.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | translate.google.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 232.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.19.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.81.224.13.in-addr.arpa | udp |
| US | 34.209.159.134:443 | api.amplitude.com | tcp |
| GB | 142.250.187.234:443 | translate-pa.googleapis.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| GB | 142.250.187.234:443 | translate-pa.googleapis.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| GB | 172.217.16.238:443 | translate.google.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| US | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.112.53.23.in-addr.arpa | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| NL | 185.64.189.226:443 | ut.pubmatic.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| GB | 142.250.187.193:443 | 0bb247fd687c8a4fe414b6e4fc09c1c0.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| IE | 54.171.147.131:443 | ap.lijit.com | tcp |
| GB | 13.224.81.125:443 | hb.yellowblue.io | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| NL | 185.64.189.116:443 | ow.pubmatic.com | tcp |
| NL | 185.64.189.116:443 | ow.pubmatic.com | tcp |
| NL | 185.64.189.116:443 | ow.pubmatic.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| GB | 18.165.151.239:443 | cdn.prod.uidapi.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| GB | 13.224.81.88:443 | tags.crwdcntrl.net | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| IE | 52.30.206.92:443 | bcp.crwdcntrl.net | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.179.230:443 | s0.2mdn.net | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | 125.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.14.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.135.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| GB | 142.250.179.230:443 | s0.2mdn.net | udp |
| DE | 51.89.9.251:443 | onetag-sys.com | udp |
| US | 23.220.112.27:443 | hbx.media.net | tcp |
| US | 23.220.112.27:443 | hbx.media.net | tcp |
| GB | 216.58.212.226:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| FR | 154.54.250.150:443 | ads.stickyadstv.com | tcp |
| DE | 3.120.73.88:443 | rtb.mfadsrvr.com | tcp |
| NL | 81.17.55.171:443 | ssbsync-global.smartadserver.com | tcp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| US | 104.22.51.98:443 | spl.zeotap.com | tcp |
| US | 199.91.155.9:443 | download2268.mediafire.com | tcp |
| US | 199.91.155.9:443 | download2268.mediafire.com | tcp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| GB | 216.58.212.226:443 | googleads4.g.doubleclick.net | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | 98.51.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.159.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 147.75.84.158:443 | sync.a-mo.net | tcp |
| NL | 147.75.84.158:443 | sync.a-mo.net | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| NL | 185.235.87.108:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.5:443 | ag.gbc.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| NL | 193.3.178.4:443 | ads.us.e-planning.net | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| DK | 37.157.4.29:443 | cm.adform.net | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| ES | 212.36.83.246:443 | a.vidoomy.com | tcp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.4.157.37.in-addr.arpa | udp |
| IE | 54.194.207.82:443 | ce.lijit.com | tcp |
| ES | 212.36.83.246:443 | a.vidoomy.com | tcp |
| FR | 164.132.25.185:443 | rtb-csync.smartadserver.com | tcp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | tcp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| BE | 2.21.18.175:443 | eus.rubiconproject.com | tcp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| FR | 5.135.209.100:443 | ssbsync.smartadserver.com | tcp |
| NL | 185.89.210.82:443 | secure.adnxs.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| GB | 142.250.187.234:443 | translate-pa.googleapis.com | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| GB | 18.172.89.43:443 | api-2-0.spot.im | tcp |
| IE | 52.18.240.157:443 | match.prod.bidr.io | tcp |
| US | 64.74.236.63:443 | b1sync.zemanta.com | tcp |
| US | 64.74.236.63:443 | b1sync.zemanta.com | tcp |
| NL | 35.214.130.251:443 | csync.loopme.me | tcp |
| US | 54.158.42.6:443 | sync.srv.stackadapt.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 3.223.41.121:443 | cs-server-s2s.yellowblue.io | tcp |
| IE | 52.50.53.225:443 | jadserve.postrelease.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.130.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.240.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.42.158.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.53.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.41.223.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.33.132.192.in-addr.arpa | udp |
| NL | 35.214.130.251:443 | csync.loopme.me | tcp |
| FR | 178.32.197.56:443 | rtb-csync.smartadserver.com | tcp |
| DE | 91.228.74.200:443 | cms.quantserve.com | tcp |
| FR | 178.32.197.56:443 | rtb-csync.smartadserver.com | tcp |
| DE | 52.29.52.215:443 | match.sharethrough.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| IE | 34.252.234.181:443 | ice.360yield.com | tcp |
| US | 8.2.110.33:443 | us.shb-sync.com | tcp |
| GB | 13.224.81.95:443 | s.ad.smaato.net | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.226:443 | ade.googlesyndication.com | udp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| NL | 109.107.157.17:15866 | tcp | |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| GB | 92.123.128.170:443 | tcp | |
| GB | 92.123.128.170:443 | tcp | |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| US | 20.189.173.14:443 | browser.pipe.aria.microsoft.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| GB | 216.58.212.226:443 | ade.googlesyndication.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bdf3e009c72d4fe1aa9a062e409d68f6 |
| SHA1 | 7c7cc29a19adb5aa0a44782bb644575340914474 |
| SHA256 | 8728752ef08d5b17d7eb77ed69cfdd1fc73b9d6e27200844b0953aeece7a7fdc |
| SHA512 | 75b85a025733914163d90846af462124db41a40f1ce97e1e0736a05e4f09fe9e78d72316753317dabea28d50906631f634431a39384a332d66fa87352ff497f8 |
\??\pipe\LOCAL\crashpad_5060_KFUDDQWIAIWDKVOP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7c16971be0e6f1e01725260be0e299cd |
| SHA1 | e7dc1882a0fc68087a2d146b3a639ee7392ac5ed |
| SHA256 | b1fa098c668cdf8092aa096c83328b93e4014df102614aaaf6ab8dc12844bdc0 |
| SHA512 | dc76816e756d27eedc2fe7035101f35d90d54ec7d7c724ad6a330b5dd2b1e6d108f3ae44cedb14a02110157be8ddac7d454efae1becebf0efc9931fdc06e953c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 796be39edd9d0f37c979f85205b53863 |
| SHA1 | 58f37b48f09b5041f0999ce70087905e662cb842 |
| SHA256 | 404610c9d89b983c7ff2c61f9d38b14a5315210fc3f9cbb1ae7cfad6abe74bc8 |
| SHA512 | 6cfaafb777755664226bc7cd8d2711dc31fb16a77ddce160bcec970b4231f87d1a749449cdce2625b1785ea1feb2fdaa81395c75418e07cf35354c06b8682b73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 58106a0e9b69ef21ad66962bf3db9d1c |
| SHA1 | ba79c0a099762dba61c799a34ac80b734b5ae263 |
| SHA256 | 95572a471008bb8cf63bd1dc275c921179e37dd894e721ab3ea0502c2ef87f38 |
| SHA512 | 197839dad238577e237508766f45f258f50ac395e0059933cfe47388eeb5fc6eccb2e738ee96d38074584cfba448f2f7403d1a6bb70e6bc4a5463db74d634960 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 960f60e75d9b69f94d63a22cd2e210ac |
| SHA1 | ccaace28e74cf261e91325bd246ef3c3fc8bca27 |
| SHA256 | e7b37f66c2a6762f68bbe4f6b321d8072983e1ccf1b68c7435581938b5cd2806 |
| SHA512 | 910d4022b47af0b533d6b9d3602a86dfbfcda85123c0706b109ca33aaf53f18904864cd42aec355716301bcd6f992c30a75ff6620e4c5131e764511bcab942a7 |
C:\Users\Admin\Downloads\Executor2024.rar:Zone.Identifier
| MD5 | cfb4817033fb9183fcb0369b9bd192ac |
| SHA1 | e468fb77166d4ea8e22445c5ffff6d44e814c042 |
| SHA256 | 59f857f7b8948e5a8146c53eeaa11468eddffee329620ff2ee95e9dd14e4009d |
| SHA512 | 12213720d21faff84e4e2db58647dd05e759942756509461767bca81e48a41aa689429d8b03a3ca00bfbdd083d6d3cc7687f2fe43b49db381388a64998b94b83 |
C:\Users\Admin\Downloads\Executor2024.rar
| MD5 | 959d95511ab32d2b0443e6f9b5723e47 |
| SHA1 | 4ad372c71d7c80120cf701363faf2a23ae50d996 |
| SHA256 | 1c4562ddf99b0bc4b00e544b8be6eeb7dae4b23929fcc6c7c3551b99aca938a5 |
| SHA512 | 7da86add4fb75add470d36e1056911b3feeefc8ace71bb6823d709694ab8ef30945561b03389e822c73ae0041843e598b078bfbf257e1b02dfafea6be4866272 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d6e649fcecdc328e2bcdb7061fd457a7 |
| SHA1 | e7289190b14e3df4064d198c179ce83bd70f5774 |
| SHA256 | e8956681adbe97bf587504362220db7d2a6028a09db0fe3713c22ef45618937e |
| SHA512 | 18902096ac070e1737709ce8e75fc3f66f2b8e68cef5d0920a56c681786696fec8653f2c58bc2084e86f99855b5270a0053e53ef87b658b6a58fa603ccdac4e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8dc8b1114ccf21252b71a686d3a1f3de |
| SHA1 | ae66fb7412d9c44c02329c7870af92d16e0dc207 |
| SHA256 | afc45b4987b10a660aa0720620943a4676865a642c99d5957bccc3ee0c8fe8d7 |
| SHA512 | c11d2adb8de9407ff559afddeeac19058f5eb9bd2b6939e3ff3f1f1cc29661cac2851482ef7e61fbe3b60c8beefc0c6e4816aafac927c2349452dc0113ad8920 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579664.TMP
| MD5 | 6f2437f63a1780360177184f6da6c502 |
| SHA1 | da677e44b0694ab9f4d421715b43d3276120df4b |
| SHA256 | 9b0780181513c74c930b7a8a71a6f76fe2c8116eaa9f4c2e4612d4e91e47c15d |
| SHA512 | d595762cf2fef80e25a10c99588bb7b0d91c8bc1c20080f5041ec8334590cb1e55b67426b35d26c2d6c7446978397184340693270d9b9be6f3c120f0ff5fa9c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7649c5e1e4d098684434a9a824a98ff1 |
| SHA1 | 931e719d16b2c2666fb2cf9a93894765d0ba667e |
| SHA256 | 5357665194c508d04bfa4b5742df28b0076cf2f53adf62c8fd660b8e6bf312fd |
| SHA512 | fac1f86e739fb10599a81739fbea12f5551085705df8c2f9cfea520f5d56acb9f2b3b13472062cec4b6445216bdb65f0f66df9609d72039d2878060319223cab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 35f92c8becc4c381bebfbc28ed122f10 |
| SHA1 | f164d88f7ac957a0d7f2ea6d4572cd28366106ec |
| SHA256 | c96e4971abe0358601ce5fd76db443aeb108d684f9d016c5f7b3baed3106fcc2 |
| SHA512 | 147998c24ec6bbeab819c082800affe393cd8b9f99aae7d820af35f63273c31c541f4d79e6f73d5463967f73b7347cd31bbe6137632be42dbdefc13112b618f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | e8c0d56a14c900bd28d936c6eafbbb35 |
| SHA1 | 014da87fac24abf750405bff3c4442ead6403d29 |
| SHA256 | 619f8a7e8f30c5566c5d1bc600f06a14dcb33cecb26dc3d8b734323ab29b436f |
| SHA512 | 19577e8d77e27a2c8f50a0cbd62b68b80f343fe827279e5ecbb7f2a9ff66957a3e3b98c37d42d58f0d6dc472f9c656a886430f2c0b566e75d6787f09c06c4085 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 23e27b25649876f27c181efdeadfc8d6 |
| SHA1 | 9863dad332964fb57e21f951be539fcfeafe7250 |
| SHA256 | 7b1e20c89858082755a93ed4511747464aff17b722a0a4d533e89784ab7b70fc |
| SHA512 | 683f3235691e33cbdee39172b211fa103361ec3c41a9b554834d41ad5ab079993b39bad9c5a5a743652bcea618ff3356c5287dc95817ce2a9d167c8e2a6ada75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 20e860534ffdbec7c0c24d0cd5ec4ea6 |
| SHA1 | c38edcb3924d96b8b77ec00e8ce87c4ef8b1005b |
| SHA256 | 6214b63bbf6f3cd501d7f0c74a7bbe7344131251b271e421a4e30a9e21fe7fbe |
| SHA512 | 6592a86e42ffb58278a63b92de48111bdb8002adf09c2f8c523017360bea859c042ed6edbe21e8972580bd7a15b7278e75d00e42435d6a27bf95f8c9da39a1db |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Strategies
| MD5 | 9922b4c7b218d4c1965d5229d751acf0 |
| SHA1 | 29f1c3faf5b7d127f4fc6ff72d1f4ca2b8024ac0 |
| SHA256 | 052e971edbecb05d42e029bc98371679d759b9aff265195d1e83b98afd61374e |
| SHA512 | 0c9d15a5fdaf76f4fcad059fc240b19f11210e518376302418e909c81b0adf1a66f243f3793652146a033a1036ec543a465c7aff4d67dd6706f238a05cfd398c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Precision
| MD5 | 4c0ab90d7562974eff0a0c36be008c4a |
| SHA1 | 8c9876c26cfd3ea497576c7feb5945aa2dcbdcdb |
| SHA256 | c4f0f098ae7b11270ea13b4affed062d104cb47de0ea4eb73e68f3340c7aa29c |
| SHA512 | e6450d6589d9568213cbebf810eef660856ed14f29c10fb6baa0086258cf9189f65951b664300252b984b1092c69520a986e3d6be68c428503f984171670a1e6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Kingdom
| MD5 | 47bfe377e6467488bbcd4f8a097555df |
| SHA1 | 4b853a58ed2099c209435efcbb2d899e8038e696 |
| SHA256 | 97f1422181308e7fc38618e2106486ed876a726da951260c3fc5a8f4c417478c |
| SHA512 | 04d5ec5b49ade373cd617b85bcb9a46260218567b86b937cab625611d6e5ab53f024a04f451c9789e12704587da745e8553d938dbee1c41030b81d59d33a086a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Cons
| MD5 | 07f0c4eef51329fc5c1b9237a9434469 |
| SHA1 | e4fbf976129ee83c9895d88efec17da50f4f704f |
| SHA256 | 450e1633dcf220973cefd8bb6ba9cad0e3dcc9f1910e63cec0211cfe6202f6ec |
| SHA512 | 4c761974a5b1f4522768b10b302946a118afdd51b4f820a62f1533cfea6e1a5e5bbdec66a4412e2e931bcf875c7dcb4d7d70fcf963f513c7a9ffb1dba0fbcda6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Pledge
| MD5 | 71105d28de31d3ad93dbc93c12002e8c |
| SHA1 | d9046bdeb0e063681b64fbbdb5719c10f896164e |
| SHA256 | 0a8e3a14e5acec2d226ab341c439bd6db66b095c2f7848e5f47b4c4e7ec15827 |
| SHA512 | c03a8b16eeb600c37017b285cc3cead86c5d1901f65e8f2ec0ec0b7e7f05649fe15b59ff619596dc08c5f7cea81fdca6250a0dd168740549949b3787b41716e8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Follow
| MD5 | d44fb9455a83e2e823013e8923980b31 |
| SHA1 | c6401df5f68ff0948a1e304067aaa466e65cde84 |
| SHA256 | 8ed8ab83dc7993dcabf98b160dbdff4778727ccec62c5de4a0fb0f25b3cf3816 |
| SHA512 | 88a5e04cd13a83510f38a84a86912b2f4c2da97668f02e8bcb96aafd78aa73b9ce124f9675c6a3fc640e52aab06a43283dd74de8e5f9528bcc7070729f847684 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Garlic
| MD5 | 7d4e9ed463e3efdef49f420609cec62c |
| SHA1 | 5b46662f2942b3120df19a6d4fbc5b7f4ecee4cd |
| SHA256 | bafa87e1a23430d064d9a0296bf77f1a3e6a9832e5868fe85501fa6a957155db |
| SHA512 | 8de3eba1a6aafa2b57165edef0e3b74c6790f29b971cb89daf8688fca8fb09016a2c56cc5f3dde79834ba254dc47551fa3e247689324facc4d6a638a956408ba |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Designer
| MD5 | d9fc27cb9af1b176f9a4abe89686076f |
| SHA1 | b86a314e48892614ba178e890821f7a737152d40 |
| SHA256 | 8ee688a3d2adb673e07e89bda1c566f17a9af3d576a1d7d820866a225f1e7ae9 |
| SHA512 | ea1d57d1038ca9c32343680e1c294f2f3462d4e6e3ae0846dd3c7a1f2c4bb8c59a1acff0eed020c86787a860f84ce2fa9af7497782707652243a852eb5f34f08 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Rely
| MD5 | f02d4a1db8d9ba37ecfa89176188386d |
| SHA1 | 87cf88e47411e377003505aba23f2bd495dfc02a |
| SHA256 | 9e60a85385a456f9ac132abd11d7162304f0a216c4f639e5424236c5775cebd4 |
| SHA512 | d2485bd81ce0c6266e5d0935490ef2f5ca29a20832d0f2d1830a3f3782a0486802f34c003a15476c2ad78678ef4ffa73a9439bf3105ce458e5f0946fd67a95c0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Boxed
| MD5 | 2cdb98354e2c77801f32a736dbf19863 |
| SHA1 | 2b465e4e2299f7ca04d547f4565ca9c7b1e88eb5 |
| SHA256 | fb4c865fb50a1ba5625ba7abb7221c88a3269f2afac86108dec0ae05c2f28282 |
| SHA512 | 1e5d195823f825c8f31c613842c16ea179adfa1d55119e45b70e4386f1075e9303082372c087080d1ac5a1f33ec24e308eb59b7f121352d0aa26c7095a104ce6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\Agrees.pif
| MD5 | 6ee7ddebff0a2b78c7ac30f6e00d1d11 |
| SHA1 | f2f57024c7cc3f9ff5f999ee20c4f5c38bfc20a2 |
| SHA256 | 865347471135bb5459ad0e647e75a14ad91424b6f13a5c05d9ecd9183a8a1cf4 |
| SHA512 | 57d56de2bb882f491e633972003d7c6562ef2758c3731b913ff4d15379ada575062f4de2a48ca6d6d9241852a5b8a007f52792753fd8d8fee85b9a218714efd0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\g
| MD5 | ee34639bbbdc571f3a65bec1215e3afa |
| SHA1 | 1b96d5c9a925c50a78f01b0cac4ebed0c0fe21c7 |
| SHA256 | c7bb1b26952503ffe03a866ae42bd99b1db11fef35219008ae1995f8cdc65dc2 |
| SHA512 | 1a8c63c9ff49e6f5e633dcea9b4967958f64f00740c0b8320fd6b016362201d85336433d6c02a9f0af13cdae13b3a35868fff96f00dfd163b7c9f710468d2f8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a0c5a5c598f1542d8c156cc88701928f |
| SHA1 | 07c2e9e4a63cc53236036059ca0bec837f95d294 |
| SHA256 | 7961110b715da4d41b962f1877e80c8844a3b2f777bf6b4a372e5b3a49be5925 |
| SHA512 | f2d30a675773c634860eafe3e2606b645a86f1b052c7500fbc19b0e51c25adf7a3c2af14885ae6f775d409f9827cc7a4b0b51c53b64ed44afc139372539090ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5a77fd77bd36c709df445a059fab2530 |
| SHA1 | c1ca85a2c4b36dae1de093b29e739862258e1eba |
| SHA256 | 09acbce257a953c08ab11e7cf9982c7c82a135a826d95440365fd5a6aec98285 |
| SHA512 | eeb6b8d1216bd57a33eba65f4f75c853fc47ca43dcd360c7aee6d211280db1cf5745999a527a681f5d69dc61f29d476e64fb2d51beeb91e19545cbbb8700710b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c20d844b0b174c40_0
| MD5 | 2eca5bd77b0244c24d09d91067c83b05 |
| SHA1 | f1f75bbfdf5bd4e7c286cbd52c5849b9ca745254 |
| SHA256 | 52fc1d702f5249a01e05199b4de9d188ed7b6f14ce98f9795e82d0d111ceac1e |
| SHA512 | f3301848e59040c8c7b3dad40c567fe702d9a65f4390ff0672f80df98e693f9f24fe7eef0540a79480e809dcc6b6ac535852d34c92503f654532805ef5115803 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ba0168fe3a15167_0
| MD5 | b85c392b07d995369f975c0cc4468a40 |
| SHA1 | c390dec8bf5b6adb029bede0da77cf50534eeb32 |
| SHA256 | 9efe21377f545a505ead848d5a760c7174f94200bb8188f61a8570d90b54d521 |
| SHA512 | 43806ad11ede5956a214a908c7850087f90836bf378fe717c8484ef3683aa432f590a8e304c23b76c322f6298f0e555ade07f472a33d5de6e0b3085103bb7355 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\802f15c58efac90f_0
| MD5 | f6ff0336680731c3950e38637a65067a |
| SHA1 | d1afb00ed57edc533ed96c8991508130255fe216 |
| SHA256 | 5f8f8ae142f18be8cb194839ce33f9ef432bb0a5d918ae81251642cf4e382991 |
| SHA512 | 7b356bb2f4f17383a4dcff6dfa168da94bea0f5bdd4fe97b568424a71adddc5e306ac590b76240af37a88b5d1a5b32b135486bc5217b10a2d6c4ef36743d0d7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fc1d50b37e662888_0
| MD5 | a6b29691e544ac93031844d2b377be7c |
| SHA1 | c6fc635ea8973f85db57c7114d82200cc066c551 |
| SHA256 | 3a761fd04d8c839d2df465cbd5db5bbc9adbddb739182ad7ba81471931b3a014 |
| SHA512 | 34a2da420849644f7575a52b729efc331d26e28fbd271a79d56dde5fcf4cf340f337c6565c5990bbd99418aa041bc190ef83c767c5090118312b5b9fabf953c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7635a1d39885c2d5_0
| MD5 | f7044162db2d1c59c71c72f67770d29d |
| SHA1 | ca4911499413645a76c2ef35d510065a2d872767 |
| SHA256 | 8ec1df46cfea6e06085d2a556e4df2b7c85a85b415316d7991d018ce0b90c558 |
| SHA512 | f759c88c0e1b673a002965750ffc748e1196b68aca8e8ec856608d5554cd4767124c9fa709b4418ebd4af0f3077a2645ab434d31de25b2fb2602eac82fdff657 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\751b15a431d66bdc_0
| MD5 | 214d7578117ed49a3081d09e1a03010c |
| SHA1 | e0d2eb32a62b939817d4ea2e7171e5b250214ba0 |
| SHA256 | 6038b9a81201a3b738cfc67c6ee5866cedd80cbd9273df141d66d50e068f2404 |
| SHA512 | a6d3054848839b8005898fe6587f3098d9b7a5d1c3c7e25fd8d369ef2b9f288354a299d4872b88c208df735783d5f0e31af17ff0a11e0cd9946abaa78422b722 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1cd981e70c1d510f_0
| MD5 | 42aff308cb29bf7cf5649ceeb723d572 |
| SHA1 | 9bfb824dfcd51b5ea250428942352ab510f21ec6 |
| SHA256 | 35a59a1d3a278f60beebac35c22b177be7ba3c48c8ee9347e66e80cfe692b7e0 |
| SHA512 | 2bce9c3dd7da2e5c4160f12baa223b3087e2c48bc3717f40451792324cff2d85e45bb6f8f48ffb1003ee2b6772f294c7b3794d9fcf92e6c27ba1ee1909337ed8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6580e5aac6526afd5bbeab1d6f78f27c |
| SHA1 | 5dd444ce588e3c9e59bcdb2e096c4a088f91a2a2 |
| SHA256 | f13e551676770c5472be91128f8bcb83a8085d53f434668369f95765039e66cb |
| SHA512 | 5a763f7eec18dee1ca7882932b0feb0440787c6d11f935360602543cae4317a250ec319e8e924cd9831ae15b669ac1089b3862d092c545fc709c7d778f16a108 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 26a6bbd32703d627b19573df0da7bd25 |
| SHA1 | f2d93d0e9f7108d7089aa0d28e9b2f96cb5efd06 |
| SHA256 | 970e5cbaac1af78ccc92c6fb21522a129963d1ab78a5f7fff8599788243e8b07 |
| SHA512 | 7817a9b1ef0688c47d245891d5cd577544126ab2200b942f45a2508e4b52185d5b5d829b00a69025c35e06aea761759611834fd96549574ce92f65267c6aec61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c8ea8b8fc2e14e6dc25afb338b72619a |
| SHA1 | 60bc21c77ed6bad0adaa69bb8c9b7874a327fd47 |
| SHA256 | 24a086f66a35303255c67549e662291ef7ea0214ac56aecded432ed8cab490d5 |
| SHA512 | 09ca221e8f3a52a28a3eb0567befe86ff6206c2e41242b6d58aafc1cf96c8fb9fd25702b390dae4a3a096e9719664f342214b6a80f077cda424d623f9bccdd1c |
memory/4284-571-0x0000000001020000-0x0000000001086000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\55311775\RegAsm.exe
| MD5 | 42ab6e035df99a43dbb879c86b620b91 |
| SHA1 | c6e116569d17d8142dbb217b1f8bfa95bc148c38 |
| SHA256 | 53195987d396986ebcb20425ac130e78ad308fdbd918f33f3fd92b99abda314b |
| SHA512 | 2e79de2d394ad33023d71611bb728b254aa4680b5a3a1ef5282b1155ddfaa2f3585c840a6700dfe0d1a276dac801298431f0187086d2e8f96b22f6c808fb97e5 |
memory/4284-574-0x0000000005C50000-0x00000000061F6000-memory.dmp
memory/4284-575-0x00000000056A0000-0x0000000005732000-memory.dmp
memory/4284-576-0x0000000005660000-0x000000000566A000-memory.dmp
memory/4284-577-0x0000000008CA0000-0x00000000092B8000-memory.dmp
memory/4284-578-0x0000000008810000-0x000000000891A000-memory.dmp
memory/4284-579-0x0000000008750000-0x0000000008762000-memory.dmp
memory/4284-580-0x00000000087B0000-0x00000000087EC000-memory.dmp
memory/4284-581-0x0000000008920000-0x000000000896C000-memory.dmp
memory/4284-582-0x0000000008AA0000-0x0000000008B06000-memory.dmp
memory/4284-583-0x0000000009440000-0x00000000094B6000-memory.dmp
memory/4284-584-0x0000000008C70000-0x0000000008C8E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | acad99e4f90b894d971825782b3a100c |
| SHA1 | 9d5f14920f5b9a27f9310a8bd3c66ba7a034b2f7 |
| SHA256 | e63a34e6c1e99d91df67861d15220d921e74af7ec5100a6088b9d8b1a9d139d5 |
| SHA512 | 830e1ef65b04462c4352d80db651071c56906da9e36dc016ccabe335e2353c6aa1a723764ef90a0330d1beb42abbe2e763666ca33ca7e884d390d6f73d6fc671 |
memory/4284-594-0x000000000A1E0000-0x000000000A3A2000-memory.dmp
memory/4284-595-0x000000000A8E0000-0x000000000AE0C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | e1ee87c8d9aa6ad37e4ab11578ece259 |
| SHA1 | ac418a9361d079ef5889de81bea86c651999e466 |
| SHA256 | c1f9f3e5f82d8f40bc3a789bf512cd193d0f28d987997cfced4f0a5cea2fe416 |
| SHA512 | 5371d8e8c7c4fa597cf56cbb44a3d1260d7ca352389d56893265683ffc69ba895847e3c99205393d3f592ef03febf0f5992816914d719b8e9bfd11374a9f75a9 |
C:\Users\Admin\AppData\Local\Temp\tmpBB7E.tmp
| MD5 | 14ccc9293153deacbb9a20ee8f6ff1b7 |
| SHA1 | 46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3 |
| SHA256 | 3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511 |
| SHA512 | 916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765 |
C:\Users\Admin\AppData\Local\Temp\tmpBBDF.tmp
| MD5 | 87210e9e528a4ddb09c6b671937c79c6 |
| SHA1 | 3c75314714619f5b55e25769e0985d497f0062f2 |
| SHA256 | eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1 |
| SHA512 | f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a8bfa7213df9b8abd48dd2d9c1ab0324 |
| SHA1 | bb10bc5c6ff6d0009c37e0c7b467d70704f63dd4 |
| SHA256 | c18b4febc6c97962edfdb2d5261bb2d863c17914fe406444f53a313704c28786 |
| SHA512 | ffe7599cbf4d95f45f05b8f556b7dc31abc3552cc7e74b98a2231a3d3d8cf2c81b54a297df97c4a5c314daa1eff6d15c74588dfc89d1758a16905ea95ce644aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5abc9e488ad0b2ede2b0823951b3ce68 |
| SHA1 | 6151fc9bac5dc4579a5f35ac0eaf3458f9d9f67b |
| SHA256 | acdc9b7c153215ef09ac565e7a934fdd67d309628084bc209fbd9d561306f891 |
| SHA512 | 4d9062ebd6d970e3d0f34ec27232911d594ffe4e92399850ada7a83f825774569a9d14274e90f078daf8feb62f7cb6ba7c3f14d7662631fee4cf310f6e65b19d |