Analysis Overview
Threat Level: Known bad
The file https://mi-hack.com/cheat/fivem was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-21 14:33
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-21 14:33
Reported
2024-05-21 14:37
Platform
win10v2004-20240508-en
Max time kernel
230s
Max time network
231s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1988 set thread context of 7204 | N/A | C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe |
| PID 7348 set thread context of 7812 | N/A | C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mi-hack.com/cheat/fivem
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4d6946f8,0x7ffc4d694708,0x7ffc4d694718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7116 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\KFlauncher\" -spe -an -ai#7zMap14482:82:7zEvent20263
C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe
"C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe
"C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mi-hack.com | udp |
| RU | 31.31.196.157:443 | mi-hack.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.196.31.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | yuqucheats.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| US | 104.21.81.156:443 | yuqucheats.com | tcp |
| US | 104.21.81.156:443 | yuqucheats.com | tcp |
| US | 8.8.8.8:53 | userstat.net | udp |
| US | 104.21.68.52:443 | userstat.net | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.81.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.68.21.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 203.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| DK | 18.173.5.82:443 | cdn.amplitude.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| GB | 142.250.187.238:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.16.52.110:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| BE | 74.125.133.156:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.179.234:443 | translate.googleapis.com | tcp |
| US | 188.114.97.2:443 | go.ezodn.com | tcp |
| US | 188.114.97.2:443 | go.ezodn.com | tcp |
| US | 188.114.97.2:443 | go.ezodn.com | tcp |
| US | 188.114.97.2:443 | go.ezodn.com | tcp |
| US | 188.114.97.2:443 | go.ezodn.com | tcp |
| US | 188.114.97.2:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 44.239.44.141:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| BE | 74.125.133.156:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.170.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.5.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.5.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.52.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.89.181.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.133.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.44.239.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 188.114.96.2:443 | bshr.ezodn.com | tcp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 52.49.45.15:443 | bcp.crwdcntrl.net | tcp |
| IE | 34.255.81.198:443 | bcp.crwdcntrl.net | tcp |
| DK | 143.204.237.111:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.81.255.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.237.204.143.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ghb.adtelligent.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| IE | 54.228.103.145:443 | ap.lijit.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| GB | 185.83.69.58:443 | ghb.adtelligent.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| DK | 143.204.247.175:443 | cdn.prod.uidapi.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| DK | 143.204.237.77:443 | hb.yellowblue.io | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| IE | 54.228.103.145:443 | ap.lijit.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | ghb1.adtelligent.com | udp |
| US | 23.227.151.242:443 | ghb1.adtelligent.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 71431110aecf45281a2acfc1382481c6.safeframe.googlesyndication.com | udp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| GB | 172.217.169.65:443 | 71431110aecf45281a2acfc1382481c6.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 169.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.69.83.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.247.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.86.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.237.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.30.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.103.228.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.151.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 185.235.86.70:443 | gem.gbc.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 185.235.87.62:443 | ag.gbc.criteo.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | download2362.mediafire.com | udp |
| US | 199.91.155.103:443 | download2362.mediafire.com | tcp |
| US | 199.91.155.103:443 | download2362.mediafire.com | tcp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sys.ctrackapp.com | udp |
| DK | 143.204.237.69:443 | sys.ctrackapp.com | tcp |
| DK | 143.204.237.69:443 | sys.ctrackapp.com | tcp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | track.donecperficiam.com | udp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| IE | 18.203.106.185:443 | ce.lijit.com | tcp |
| DK | 18.173.5.96:443 | track.donecperficiam.com | tcp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| DK | 18.173.5.96:443 | track.donecperficiam.com | tcp |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| SE | 104.73.92.198:443 | ads.pubmatic.com | tcp |
| SE | 104.73.92.22:443 | hbx.media.net | tcp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| SE | 104.73.92.198:443 | ads.pubmatic.com | tcp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | 103.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.237.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.106.203.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 154.57.158.116:443 | ads.stickyadstv.com | tcp |
| DE | 52.29.4.131:443 | rtb.mfadsrvr.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| FR | 91.134.110.132:443 | ssbsync-global.smartadserver.com | tcp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| NL | 185.89.210.20:443 | secure.adnxs.com | tcp |
| NL | 185.89.210.20:443 | secure.adnxs.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| DK | 143.204.237.52:443 | api-2-0.spot.im | tcp |
| IE | 52.214.140.212:443 | match.prod.bidr.io | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 50.31.142.223:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 2.17.251.37:443 | player.aniview.com | tcp |
| NL | 81.17.55.122:443 | ssbsync.smartadserver.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 209.54.182.161:443 | s.amazon-adsystem.com | tcp |
| GB | 216.58.212.194:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | sync.adtelligent.com | udp |
| US | 8.8.8.8:53 | 96.5.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.92.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.92.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.158.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.4.29.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.110.134.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.140.214.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.237.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.43.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| GB | 185.83.71.234:443 | sync.adtelligent.com | tcp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 104.22.50.98:443 | spl.zeotap.com | tcp |
| US | 50.31.142.223:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| BE | 2.21.18.175:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 54.146.53.134:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| DE | 52.29.4.131:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 54.90.213.12:443 | cs-server-s2s.yellowblue.io | tcp |
| IE | 52.50.65.213:443 | jadserve.postrelease.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 74.121.140.211:443 | sync.mathtag.com | tcp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | 161.182.54.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.71.83.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.50.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.18.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.53.146.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.65.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.213.90.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| GB | 216.58.212.194:443 | cm.g.doubleclick.net | udp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| US | 8.8.8.8:53 | static.smilewanted.com | udp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| GB | 142.250.179.234:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 84.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| FR | 5.196.111.72:443 | sync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| IE | 54.75.186.234:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | 72.111.196.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.186.75.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| DK | 37.157.6.237:443 | cm.adform.net | tcp |
| US | 8.8.8.8:53 | us.shb-sync.com | udp |
| US | 8.2.110.33:443 | us.shb-sync.com | tcp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| DK | 143.204.237.61:443 | s.ad.smaato.net | tcp |
| US | 8.8.8.8:53 | 237.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.237.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | corruptioncrackywosp.shop | udp |
| US | 104.21.92.10:443 | corruptioncrackywosp.shop | tcp |
| US | 8.8.8.8:53 | 10.92.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | museumtespaceorsp.shop | udp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 8.8.8.8:53 | buttockdecarderwiso.shop | udp |
| US | 172.67.218.187:443 | buttockdecarderwiso.shop | tcp |
| US | 8.8.8.8:53 | 80.32.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | averageaattractiionsl.shop | udp |
| US | 172.67.220.163:443 | averageaattractiionsl.shop | tcp |
| US | 8.8.8.8:53 | femininiespywageg.shop | udp |
| US | 172.67.141.63:443 | femininiespywageg.shop | tcp |
| US | 8.8.8.8:53 | employhabragaomlsp.shop | udp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 8.8.8.8:53 | stalfbaclcalorieeis.shop | udp |
| US | 188.114.97.2:443 | stalfbaclcalorieeis.shop | tcp |
| US | 8.8.8.8:53 | 187.218.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.220.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.141.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.85.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | civilianurinedtsraov.shop | udp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 8.8.8.8:53 | roomabolishsnifftwk.shop | udp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 8.8.8.8:53 | 146.197.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.55.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 104.21.92.10:443 | corruptioncrackywosp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 172.67.218.187:443 | buttockdecarderwiso.shop | tcp |
| US | 172.67.220.163:443 | averageaattractiionsl.shop | tcp |
| US | 172.67.141.63:443 | femininiespywageg.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 188.114.97.2:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_972_YRJREVSEGFCHAJVA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 204fd9973154f3bb6905ba2b661699b1 |
| SHA1 | 7b343f58d7656fee9423c6cb70e30af6b75f504a |
| SHA256 | 4def0ee733b9c33b9b3b01484f80627ee37d7bd50a641989b6bd514537cd4c81 |
| SHA512 | be26f1b9133e7eb50d73db96f5fa5b57377e04caa0790336ef3517f9a225fc1b7f7df78c4f7a1b0765f06b43c66e9e43ae69b63397d724e36e0566f3ee8c9c4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 17a94559f6b948bed5ac6a320b5de7dc |
| SHA1 | bdbc09c524ef2ec9f2890bafaa7a77967961435b |
| SHA256 | 3e99688c6bb5e188a818bcfe69dc01128046c20712870b941b976c52ca87d767 |
| SHA512 | 216cfa464ea420e7184a93fb0f0ea95d3e89f55fbc66d3adce46ae4a0f8f517cfd49c09c23d1fffb122ebf9821b3f57158cfd085ebad9be920ff5f9822b384cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c45f5536604623aa168f537e5471c8e5 |
| SHA1 | f6e93a056e620f1cd22d2a23ecf9c5024adb8a55 |
| SHA256 | cc2d248b13884168702611847207c3a853a2373c86a565a400562d3343434e12 |
| SHA512 | 49e58715f144b226f22c51dbf1067062f427bc6d744144eec04665c96f1216cb21b94be3a283254bd01b52d43447ad7c9f769e7515ed791befc9c497ccdf6022 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 253ef5bffedfea748ecda742d2389c18 |
| SHA1 | 2ccb5e579777b83300984eb72ea88686a19b9ad8 |
| SHA256 | 6738ea10b89214b2baf5af208fd310ea3b18685ef9769b1b470edb46dcf6beff |
| SHA512 | 67f2befcf08ba985b74430d28a043bfa731e9a863ae990ac1bf8453be3577ad4e5dc0a81841aa05e989d01ef244ea0a0977bf5892438572146fcc072a50c7145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6e36f77d46223f7a0272ca862a25ae95 |
| SHA1 | 265b09ca27ef4da7eaa9c9cc95527b224a2d5348 |
| SHA256 | fbc47e9ba8ddb15e3be342bad234926bae1c9ed062b2dd2719d035b72d337101 |
| SHA512 | b6f21e34be70c91b48b3b7d870510faba1b0e50350606ae01e54386869351c595cee353414f921f5392042eb3e810099d30fbd41a0e1e7b7029feed917d3bdff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ba76.TMP
| MD5 | dbe30913924c14a05811b2ecc6f15ced |
| SHA1 | f62e08f6713c785f666a3b8018203a1efa442364 |
| SHA256 | 6ff9089ff1581050bfe0d9d21d4c9793bb76cabe2b3df622528edd369579de32 |
| SHA512 | 32fd1542ac67e5369a27aeb3e78cd5bce5dd3a2fe4882f23b00b3cbf3b5498cfdb2ec08cfc0c7247b4b2bc9fbb8ad39262f353b088e6584902a08997c0aeaae8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 834b9ce2c2a431e40e86972bfd5a0077 |
| SHA1 | 6088dbccd5bebcbf9876811cc07d0985cf25f820 |
| SHA256 | fde03a309bdee7d99bb034e4ec93bc3fe41d4913903d20888dc5821e1a0d6b8a |
| SHA512 | fc5148667d1a25649e190e8a564ac3b0e2def2754f495306473638ef541507a759b372539bd606bc305a042c1ae5576a5e25ef78a36ac297b3e52d7c6d620d34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 11ea5066be371a349e33c3c3830f39b7 |
| SHA1 | 2f32b8e97b88c4d2e57a86ac230b37cb48115a78 |
| SHA256 | fa47ed10d6bb5e6ad781539f0085f664457973e12cf93940aee4996fda3c791a |
| SHA512 | 3dd8713402002c4bc5fdf55b6f54573225c2f8ef358d7e0ed7ac0e9ca90793ac7f275388648a58f61c4c0c78c2f073a543b1164c8900f2875d364a5fa5620f71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8c82b8eb6fe2ce1d404001a1073f4d26 |
| SHA1 | 84b079ab03fe68fde241430d2c1552cce86b5240 |
| SHA256 | b3110fa49862351b58b6c7aa0668ec84c414fa0ecf49a9b6d88b4cf6f43b506b |
| SHA512 | 86f43bb8d6f24792fe520a69607a1e57e1ee362887f452d9b000637b161f276403f90a6ea2884d3388e462c780cb74ac3b32c3164640e5baefcc42b197a4e77b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0d48fdfb1783dae72616290d4a2bc536 |
| SHA1 | b65370376886cf4219f0bff47a012bd522d817ea |
| SHA256 | 63df4f3381fa668ea613c39e6994c6c313f581e5c3429e6a4b436b765c7e8748 |
| SHA512 | b2d0384b71f5e6fe89b63e82608bfbbc52c53583c00387c79530297c485b6c459de54f29c6dffadec741190c4ba467f341826f9ce3006684d2653a67c5b19df9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 29bf0766262e00432a203089c730c21d |
| SHA1 | 48fa01159ee8d6edc2af86b18d750161794f96fa |
| SHA256 | 424e34f016fd842b0ad16b6da29c9d8b33c12d254b1cff7de422614d25e2b137 |
| SHA512 | 45bb38d80e5b1323f6796fdaf93390441b6504889be03684d100afe92f351fdc47f511e2fcdace6345b9851f569b021d2961d026ef5202eeb873ece0de700fd2 |
C:\Users\Admin\Downloads\KFlauncher\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
| MD5 | 1e9d8f133a442da6b0c74d49bc84a341 |
| SHA1 | 259edc45b4569427e8319895a444f4295d54348f |
| SHA256 | 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b |
| SHA512 | 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37 |
memory/1988-912-0x0000000000F90000-0x0000000001436000-memory.dmp
memory/1988-913-0x0000000005EF0000-0x0000000005F8C000-memory.dmp
memory/1988-914-0x00000000071C0000-0x000000000751A000-memory.dmp
memory/1988-915-0x0000000007520000-0x00000000076B2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll
| MD5 | 544cd51a596619b78e9b54b70088307d |
| SHA1 | 4769ddd2dbc1dc44b758964ed0bd231b85880b65 |
| SHA256 | dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd |
| SHA512 | f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719 |
memory/1988-921-0x0000000005D90000-0x0000000005DA0000-memory.dmp
memory/7204-922-0x0000000000400000-0x0000000000455000-memory.dmp
memory/7204-924-0x0000000000400000-0x0000000000455000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\KFlauncher.exe.log
| MD5 | 8334a471a4b492ece225b471b8ad2fc8 |
| SHA1 | 1cb24640f32d23e8f7800bd0511b7b9c3011d992 |
| SHA256 | 5612afe347d8549cc95a0c710602bcc7d7b224361b613c0a6ba362092300c169 |
| SHA512 | 56ae2e83355c331b00d782797f5664c2f373eac240e811aab978732503ae05eb20b08730d2427ed90efa5a706d71b42b57153596a45a6b5592e3dd9128b81c36 |