Analysis Overview
SHA256
e3b335a6210e3756c9dad7dfa16d7e2852a9674dd15e8c9b9c4f538cc7ed1014
Threat Level: Known bad
The file cb186d77def7fb80cf24a010111b3bfe.jpg was found to be: Known bad.
Malicious Activity Summary
Umbral
Detect Umbral payload
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Drops file in Drivers directory
Executes dropped EXE
Reads user/profile data of web browsers
Looks up external IP address via web service
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Runs ping.exe
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Suspicious use of AdjustPrivilegeToken
Views/modifies file attributes
Suspicious use of FindShellTrayWindow
Detects videocard installed
Uses Volume Shadow Copy service COM API
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-16 17:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 17:20
Reported
2024-06-16 17:51
Platform
win7-20240611-en
Max time kernel
1113s
Max time network
1760s
Command Line
Signatures
Detect Umbral payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Umbral
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\Downloads\Umbral.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\Downloads\Umbral.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Umbral.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Umbral.exe | N/A |
Reads user/profile data of web browsers
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Enumerates physical storage devices
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\cb186d77def7fb80cf24a010111b3bfe.jpg
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c99758,0x7fef6c99768,0x7fef6c99778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1104 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1548 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2228 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1328 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1456 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3608 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2828 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2540 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3704 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2544 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=540 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1652 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2784 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4300 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4308 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4348 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4420 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Users\Admin\Downloads\Umbral.exe
"C:\Users\Admin\Downloads\Umbral.exe"
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Windows\system32\attrib.exe
"attrib.exe" +h +s "C:\Users\Admin\Downloads\Umbral.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\Umbral.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" os get Caption
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" computersystem get totalphysicalmemory
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\System32\Wbem\wmic.exe
"wmic" path win32_VideoController get name
C:\Windows\system32\cmd.exe
"cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\Downloads\Umbral.exe" && pause
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "657208058670800963-1757765183-1076455550-135142755718765000941961705652813917237"
C:\Windows\system32\PING.EXE
ping localhost
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x58c
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3908 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4504 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3936 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4048 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4224 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3788 --field-trial-handle=1296,i,6763850129403207607,8440245510156857639,131072 /prefetch:8
C:\Users\Admin\Downloads\Umbral.exe
"C:\Users\Admin\Downloads\Umbral.exe"
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Windows\system32\attrib.exe
"attrib.exe" +h +s "C:\Users\Admin\Downloads\Umbral.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\Umbral.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" os get Caption
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" computersystem get totalphysicalmemory
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\System32\Wbem\wmic.exe
"wmic" path win32_VideoController get name
C:\Windows\system32\cmd.exe
"cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\Downloads\Umbral.exe" && pause
C:\Windows\system32\PING.EXE
ping localhost
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.184.228:443 | www.google.com | udp |
| DE | 142.250.184.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.186.110:443 | play.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | oxy.st | udp |
| RU | 185.178.208.137:443 | oxy.st | tcp |
| RU | 185.178.208.137:443 | oxy.st | tcp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| CZ | 2.19.216.27:443 | contextual.media.net | tcp |
| US | 8.8.8.8:53 | ads.themoneytizer.com | udp |
| US | 8.8.8.8:53 | smatr.net | udp |
| US | 8.8.8.8:53 | cdn.adlook.me | udp |
| US | 8.8.8.8:53 | lg3.media.net | udp |
| US | 172.67.43.178:443 | ads.themoneytizer.com | tcp |
| US | 172.67.43.178:443 | ads.themoneytizer.com | tcp |
| NL | 88.208.46.222:443 | smatr.net | tcp |
| US | 23.220.112.27:443 | lg3.media.net | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 193.17.93.93:443 | cdn.adlook.me | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | cdn.themoneytizer.fr | udp |
| US | 8.8.8.8:53 | ced.sascdn.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | tag.leadplace.fr | udp |
| US | 104.21.40.15:443 | cdn.themoneytizer.fr | tcp |
| BE | 2.17.107.178:443 | ced.sascdn.com | tcp |
| FR | 145.239.192.166:443 | tag.leadplace.fr | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | system-notify.app | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 8.8.8.8:53 | ogffa.net | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | adtrack.adleadevent.com | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| IE | 52.48.136.129:443 | p.cpx.to | tcp |
| NL | 88.208.46.222:443 | ogffa.net | tcp |
| RU | 88.212.202.52:443 | counter.yadro.ru | tcp |
| DE | 91.228.74.200:443 | secure.quantserve.com | tcp |
| DE | 157.90.33.68:443 | system-notify.app | tcp |
| IE | 99.80.69.9:443 | adtrack.adleadevent.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | ads.adlook.me | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| RU | 176.122.21.139:443 | ads.adlook.me | tcp |
| DE | 142.250.184.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| DE | 18.66.102.66:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 2.17.107.226:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| DE | 178.63.248.57:443 | uidsync.net | tcp |
| DE | 178.63.248.57:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | download.oxy.st | udp |
| RU | 185.178.208.137:443 | download.oxy.st | tcp |
| RU | 185.178.208.137:443 | download.oxy.st | tcp |
| US | 23.220.112.27:443 | lg3.media.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| DE | 157.90.33.68:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| NL | 185.89.210.90:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| DE | 178.63.248.57:443 | uidsync.net | tcp |
| DE | 178.63.248.57:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| IE | 52.48.136.129:443 | s.cpx.to | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | s1.oxy.st | udp |
| US | 104.21.234.183:443 | s1.oxy.st | tcp |
| US | 8.8.8.8:53 | tmzr.themoneytizer.fr | udp |
| US | 8.8.8.8:53 | gstatic.com | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| DE | 142.250.185.163:443 | gstatic.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| IE | 52.213.38.247:443 | id.crwdcntrl.net | tcp |
| FR | 185.86.139.96:443 | ww1097.smartadserver.com | tcp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | discordapp.com | udp |
| US | 162.159.133.233:443 | discordapp.com | tcp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| FR | 185.86.139.58:443 | ww1097.smartadserver.com | tcp |
| FR | 185.86.139.58:443 | ww1097.smartadserver.com | tcp |
| FR | 185.86.139.58:443 | ww1097.smartadserver.com | tcp |
| FR | 185.86.139.58:443 | ww1097.smartadserver.com | tcp |
| FR | 185.86.139.58:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | gstatic.com | udp |
| DE | 142.250.185.163:443 | gstatic.com | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | discordapp.com | udp |
| US | 162.159.135.233:443 | discordapp.com | tcp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| FR | 149.202.238.97:443 | ww1097.smartadserver.com | tcp |
| FR | 149.202.238.97:443 | ww1097.smartadserver.com | tcp |
| FR | 149.202.238.97:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | metrics.biddertmz.com | udp |
| FR | 149.202.238.97:443 | ww1097.smartadserver.com | tcp |
| IE | 34.248.22.168:443 | metrics.biddertmz.com | tcp |
| FR | 149.202.238.97:443 | ww1097.smartadserver.com | tcp |
| IE | 34.248.22.168:443 | metrics.biddertmz.com | tcp |
| FR | 149.202.238.97:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| FR | 51.178.195.209:443 | ww1097.smartadserver.com | tcp |
| FR | 51.178.195.209:443 | ww1097.smartadserver.com | tcp |
| FR | 51.178.195.209:443 | ww1097.smartadserver.com | tcp |
| IE | 34.248.22.168:443 | metrics.biddertmz.com | tcp |
| FR | 51.178.195.209:443 | ww1097.smartadserver.com | tcp |
| FR | 51.178.195.209:443 | ww1097.smartadserver.com | tcp |
| FR | 51.178.195.209:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| FR | 178.32.210.227:443 | ww1097.smartadserver.com | tcp |
| FR | 178.32.210.227:443 | ww1097.smartadserver.com | tcp |
| FR | 178.32.210.227:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | metrics.biddertmz.com | udp |
| FR | 178.32.210.227:443 | ww1097.smartadserver.com | tcp |
| IE | 34.248.22.168:443 | metrics.biddertmz.com | tcp |
| FR | 178.32.210.227:443 | ww1097.smartadserver.com | tcp |
| FR | 178.32.210.227:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| FR | 217.182.178.225:443 | ww1097.smartadserver.com | tcp |
| FR | 217.182.178.225:443 | ww1097.smartadserver.com | tcp |
| FR | 217.182.178.225:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| FR | 5.196.111.64:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| FR | 217.182.178.225:443 | ww1097.smartadserver.com | tcp |
| FR | 217.182.178.225:443 | ww1097.smartadserver.com | tcp |
| FR | 217.182.178.225:443 | ww1097.smartadserver.com | tcp |
| FR | 217.182.178.225:443 | ww1097.smartadserver.com | tcp |
| FR | 217.182.178.225:443 | ww1097.smartadserver.com | tcp |
| FR | 217.182.178.225:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| FR | 91.134.110.129:443 | ww1097.smartadserver.com | tcp |
| FR | 91.134.110.129:443 | ww1097.smartadserver.com | tcp |
| FR | 91.134.110.129:443 | ww1097.smartadserver.com | tcp |
| FR | 91.134.110.129:443 | ww1097.smartadserver.com | tcp |
| FR | 91.134.110.129:443 | ww1097.smartadserver.com | tcp |
| FR | 91.134.110.129:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | metrics.biddertmz.com | udp |
| IE | 34.248.22.168:443 | metrics.biddertmz.com | tcp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| FR | 164.132.25.177:443 | ww1097.smartadserver.com | tcp |
| FR | 164.132.25.177:443 | ww1097.smartadserver.com | tcp |
| FR | 164.132.25.177:443 | ww1097.smartadserver.com | tcp |
| FR | 164.132.25.177:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | metrics.biddertmz.com | udp |
| IE | 34.248.22.168:443 | metrics.biddertmz.com | tcp |
| FR | 164.132.25.177:443 | ww1097.smartadserver.com | tcp |
Files
memory/1856-0-0x0000000001DF0000-0x0000000001DF1000-memory.dmp
\??\pipe\crashpad_2084_GVKNIGVYHXFRTBNF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b3951ffcdbfd75d91b09e5ad13b74948 |
| SHA1 | e96a9010237cc3078dad1d02a65b5cfc4e335104 |
| SHA256 | c914cabf4db270eeabc80153c5bd0a5d4e9dd7d402838c0da0d32666a54e42db |
| SHA512 | 0789c4672b1570b2c8549a958523276ffa65f8df9282eb3eb7ca61e0c69a548cf23d4ca2c62d383a21ef8ee932e207956e28403240a6bef5d7a8ef2ca19dfdf8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 776449f313864fd2a031327aae3e5796 |
| SHA1 | 52051e58e383d5d80ce8110241a3dc8f63fd6245 |
| SHA256 | bf46243a6521e4c90834250723442843befbcaf56791d9977f577593edb58646 |
| SHA512 | 2425040e05ab9ab4fb57f1531618037836a52250d0166debb57a375ae1d9a62bf3b912e6eaeeee4fb12492e784fb39af3c85ee5b686102ece5433a2b92b1c6da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4eb3b9c5-72a7-45d5-9b24-10210d0326be.tmp
| MD5 | 49efcc8bf00e6fa88c873f2fffea5f9f |
| SHA1 | 4cb7dd8137a63fd8ce10604546f6f843cc5df667 |
| SHA256 | fdc7bf40243d4aa2ff9d342f216062dcfb94dc7321240e1ff549d4c2749a6fa8 |
| SHA512 | a3f43608061c29ae102570bc9cb1fd55452eec7079c13a97d6b3038627d951e653dd2839cce1dd0a9888ff32eede95df9585bf0fe2a580cadfec333bb9d3474f |
C:\Users\Admin\AppData\Local\Temp\Tar4DD7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab4DA5.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cf333629d5d562019995145098ebf44 |
| SHA1 | caba18b3e9df51c57b34a165d94f5b81a210c522 |
| SHA256 | 826676777c4e347330faeb494a96bf6b9dab8bf860c3b49bec013c63e8a39094 |
| SHA512 | e98ddd251e46ec4ab339d54cb8b53dbc4ae1a63141bcd5d50957704238bad07fdcc8ee68b198aed376912d276b814854d326cf295e21e1676d81196bef242e0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_oxy.st_0.indexeddb.leveldb\CURRENT~RFf7a4e20.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e3702b48f43bea5200f0118214b6aab |
| SHA1 | 306a640e483f8161ea21ba1d5514241a503796cf |
| SHA256 | 2765963b6a7dac642a2d9f8cf5a38a6e86b9ba68123dd6a070a8385f61784484 |
| SHA512 | ca68ae00ee3cb4f01ef65980d4d8391bce6d532a330c89ee3402f701fa7692494c7f7228796389d651b01484179331014e292dbd0b878eb85304d4840a960d1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2a93b31ec562f039a0c0352b13f8226 |
| SHA1 | 2746f3bb0dd2d0e89709587d7ee1a302f2f1bf11 |
| SHA256 | c0ac401007afc907f48e177ac68cf8cc29d6670581084a7998b05c88ddc31059 |
| SHA512 | 9d92f5fd2635ff682a869d3e2f512d9599db0b0f67cb2d039f83b183601571ac431b63e1b29ccbc5ed627ee7156ed700607c9004aa0b860b73074db4854abc5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | 988faffe3803db639f860dac1cb7bee4 |
| SHA1 | 14fdba1ddffd7c255446532c893645bd257c40c3 |
| SHA256 | 22dfb1b36ed931d8caef7fa6bc89d2ab2518403685a5dac74ab436e4df8e0ac9 |
| SHA512 | 1909014e12f5d8c0046e740699ac3853e4d0033c45b73a5805bd89bfe2d57341aa7ac38428a3981435926154df6d9394ca7c91cab9e1b86f620447ec0f4468ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | dce15200afaf8990f6cd5d93a1a320f5 |
| SHA1 | fd62c000218b83ad74f2b39acdc563df63162ca6 |
| SHA256 | 5789acd028d7150494bc168e57335004d2d529899b32cdfe66ae6be1c13886c1 |
| SHA512 | 9ac6f77f4ccfc366ab4bb3f33acc200d09a52c1e69c4ace72028c7802abf6ff9257f42f6b8bffb598483d70f0534a3d51fb7b0e6d39d938a91a4aaef737fb33f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9be874bc0321cb35ae61048d7a93a6d6 |
| SHA1 | 89d9bb9aef8918502ac218b2dbb602a151a757eb |
| SHA256 | 4487bac4c0f2cf7e7e258d5e1efa10a7254481df6d059648547f769affcfa884 |
| SHA512 | 9422ce6ef83025be1dca1589e786ab6f335faef29f353413c53519ae7bdaa0034e7009562e26dc02e4aa8ba639d0a689b9291aa85e5dcf895fc2642093b26c6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6976b70e3c1512ca2d2f255af0f50ba2 |
| SHA1 | 93e11a6bec059ccd27c84fad6380224e6b6ea05d |
| SHA256 | f502fa11e9464a5595b2fbc9b90320499335e01817b0ae3bc50b2eac73f8c87e |
| SHA512 | ed73371e3e2210b0a30362ae645c20eb490ca08c0d083275bc11312696b59b2edf368cb2b74a56f83ced67dd5158640ea325f15c4172a91942a37942537c0354 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e61ff91d69bbb893e59d61237663adb |
| SHA1 | 4d9151c1209bd2915d025cf53dab837f15f86238 |
| SHA256 | 68b5df153c6a752204e1df2b868908d9eb8034f7265c9cbb6019453e9ad537a7 |
| SHA512 | 1377d2192e329eec114ff53f36c317c1cc587d3823dfc311ec94a4f26d913731963e230d50c2d6e4589880cbe9366cdfa211c56c4fff27d68c68525b1d4b0941 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87d102d1ad876ba98d9772993dd88eee |
| SHA1 | af345ae599d53e0a2fc2c05c13c26d687d4a8695 |
| SHA256 | e3bc3b22974ead6cb6a57eb42376fb3adb8de939fef31b9704817ea4d9ce69f9 |
| SHA512 | 4723fff93c6d76727e8fbfad27d5363db9ab8ea740b740f8b582e216e4d666a217022fd335e10aa31626c011119a2d27aaf48b4b1248fa89192dd5cac7402d04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 776af465ab5712720aa3a31a771e2f91 |
| SHA1 | c8db61fe7da96b9ceeacd4cd19f4182c4bdf67ed |
| SHA256 | 3e498babd109b657c5d6503df57e16e7232b6f19bf45442136638ac771e02da0 |
| SHA512 | b2e420c0e5ea438b3f8a3d6503edb64137c8eb08671bae7c4c3ded12de6254738bddf78263f5479f00250e9d49a1d0da37c000d3524e545f43e7532a1745d32b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 523908842ec78fb748d3a057a76ca487 |
| SHA1 | e0046fddeb1c402ee49e643753881c3c80fbe7d9 |
| SHA256 | 536a00a709b4710b824de31c1a1d5779e43694a516a79cd02f9c6b744b998b28 |
| SHA512 | 0e4b3a7ba5be6733700e3c7e8420ae460b8f0d30c2dc465d091077254c47a58074aae7feb0196ad95f9801870ae047a51fc7f2fd18ebb8141413f86e984fedc5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\Downloads\Umbral.exe
| MD5 | 224637a1e182f5b76c93e023aaf59e1f |
| SHA1 | 9d5e8084253280167e347ec4c96ed8f97277d601 |
| SHA256 | 78fc07d2451da0497c54530bd1855650f7b710d066f4ea4643b67995da4dc235 |
| SHA512 | be478e8a29b187036fdacab7973471af5c55a76eb3a980a31e3f4757cbaea9c975db37be4464f06e72b7b75a86a8db335d5804c4afcc76e3f3a79ce5a1ac4cb6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ed55151430afd37c208fb91335805c8a |
| SHA1 | ce7b4ac785c066f3e937dd16d57e7a91bf7d22fa |
| SHA256 | 05198eb9627179c2f91a0ff392263ee46bd3f3e1d4e5d0da56d6096bd3f75b12 |
| SHA512 | d882e40e1faa1b5f1754c83d94378bd221453c7d35273e1ec9cfac9aafdac3754891e61913ef3536542ae09e7811b4763bd05dd1ad840dcd21b0b08c0d363bfb |
memory/2496-1132-0x000007FEF35F3000-0x000007FEF35F4000-memory.dmp
memory/2496-1133-0x00000000000B0000-0x00000000000F0000-memory.dmp
memory/2496-1134-0x000007FEF35F0000-0x000007FEF3FDC000-memory.dmp
memory/1136-1218-0x000000001B6E0000-0x000000001B9C2000-memory.dmp
memory/1136-1219-0x00000000023A0000-0x00000000023A8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 0b1fadb583fe9a94881cb567807cc8bb |
| SHA1 | 099112531d0a4e6614a3b4305696fc81f7923e17 |
| SHA256 | ce8206fc45ce861f02030eb894c3adb4902482b1d30aa0d42ffe89d70bd82c15 |
| SHA512 | e718d2fd3b3b188a384e29b9f057c9c313aa67ca166a3ef8c667e973a03c7739bb2e0e86c62c6956d3685f3b22c1e4cab27a8a13571f67c80834dc53756dde68 |
memory/752-1225-0x000000001B730000-0x000000001BA12000-memory.dmp
memory/752-1226-0x0000000002790000-0x0000000002798000-memory.dmp
C:\Windows\system32\drivers\etc\hosts
| MD5 | 577f27e6d74bd8c5b7b0371f2b1e991c |
| SHA1 | b334ccfe13792f82b698960cceaee2e690b85528 |
| SHA256 | 0ade9ef91b5283eceb17614dd47eb450a5a2a371c410232552ad80af4fbfd5f9 |
| SHA512 | 944b09b6b9d7c760b0c5add40efd9a25197c22e302c3c7e6d3f4837825ae9ee73e8438fc2c93e268da791f32deb70874799b8398ebae962a9fc51c980c7a5f5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb
| MD5 | 5e79258169918dcea78e80613d2bcc56 |
| SHA1 | 352f2561aeb3b8b985d5ce176c5a9db83dd27024 |
| SHA256 | db532198623c240901528425dfb673940172cb10e9862518a6a170e38a89cadb |
| SHA512 | fbef0eb9df756919beea33eb7720520a597c9ad9a273232e73de5808a7843ec1fbb587557a3edd632c706aab83af1b4e4211cb412a43c3d0fe0cee0a5413c32f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log
| MD5 | 1c75fb6489d24a06602244107c4404f9 |
| SHA1 | 5fd4af90a56c734a02804ea25dc2f9659bba6013 |
| SHA256 | cffdfcfb8e8bb86f23722c0547580e973e766392a1bd7d95d3d21086158a0b39 |
| SHA512 | e4f262f8d7a70c925ab675df874ee22703f620aff4ae4dabfd8780a1beb643bbafe39dfd9adc75b4dfb9734fe361e83093f7fdfc3714469bd34cf896efc5feb1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000007.log
| MD5 | 9d51a4fa355db4f615b16b3acba6900e |
| SHA1 | 57315dacd60a6e1e5073e67250d3428fda979874 |
| SHA256 | b9b81c31cac9310b9eebf1d6d714e79cee9430fd816df6e04aedc2d4d9059724 |
| SHA512 | a1b46df2aa18e0cc67db4eb51137280f76afd5827c7e835e2892d157d8059cf7bde541d19158de6c72f018e0977127ff0c1e4d92293945b0b912fb2979fbed44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 43b3c7fc105dfafd1387a459d8cabd80 |
| SHA1 | e543af7002b8e8181b88d80b60aa38184f41388d |
| SHA256 | 7daf8c8f40a537f7a68c65b930cd0186d5c9c22fe3f146bae490e160be8fc18b |
| SHA512 | 70e68a938728c69cabf5bb8fd48803a8f5486b1edcdda4abef4956357bfdf4d1490f8fd85a3969797290169fb28a7b3f0c9dba7df1e894aca9bae8bcc20320c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 20f84c53656886521a83a592cab97fae |
| SHA1 | 748406ef9afa1e198a1ae6fbffe33f34aa4b386e |
| SHA256 | aa73f30ab03a07192ae425f9be428198b6475abd1f7d0a1c3e79f2302dc3f341 |
| SHA512 | f063524b2e5f24bc3b8f6e881c0f1c222aa60aeeed112f9495cda70c6da16c7967225d5c79b69df8b9dad4e075f1fba7c1b2164f2d53cbb82ef54dbccff4ee38 |
memory/2496-1269-0x000007FEF35F0000-0x000007FEF3FDC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e47408e3b6dbbaf2d511681e90957e92 |
| SHA1 | e3ce4b2fe21ed3ff6ef10252ae6df17b52dcf700 |
| SHA256 | 1faf05854141f1d0560de46e4fce2604f889d5a0691fcc4f710d44bff4d393d0 |
| SHA512 | da13275b29511076fcee277006db883904025126896fb1d1cc7ec0457c684abae4596ce68151c70f1b2c48149c9b23ab3895e264c94be86d53381047cf67caf3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a864b58cb61d5da6c3037bb19a374155 |
| SHA1 | 8ae69aa73ba2557801cad9a676daf0c10f0ad358 |
| SHA256 | 9e97f8cff562b7ce679b43c282674baa6ed4c9bbb60b96405fb52f5ff075e106 |
| SHA512 | 883d06558bf7275353c924d0e41d7d27165668c8821b8bf2da2617e74680155984c6f8f7ec2128ee91b30c0429d961323495e5e8c01ba8952adbb36caafbeffd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f56fa11e-dad0-4b2e-b946-f4aebec70c2d.tmp
| MD5 | b0b54fe58a8c8be8d0e230ad54daf077 |
| SHA1 | 5af6f11d41a84bb7cf0fbcf6898567c1f7e92b8f |
| SHA256 | 75fefadd4e6d9163ecf66ede8660ca33640f75236849c81eedec30764130bd26 |
| SHA512 | cbf05a597ee3995cf88a9d8b76896f19189f4997440b0cf86519f28b3ca47cd9e78c29e6f913f37ca3b7613cd5441d6109106b966c08c831bc8cf74370014e47 |
memory/484-1321-0x0000000000B00000-0x0000000000B40000-memory.dmp
memory/2252-1327-0x0000000001FD0000-0x0000000001FD8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000007.log
| MD5 | 34014cf6506afd329f9498da2fd3e7ae |
| SHA1 | ba38024153e3eb5222a60772c6c5a696d8beab1d |
| SHA256 | 5bb62106503dad059474d7b76957f6081c7f5c65b952079606a751f46cc577d7 |
| SHA512 | 3596bb07203fed62972902b316abacc8db424652e25794a1bbf6e92713526d5a0570e504d9a067dacd7ded5b069cfaa0f6a41809aff3382ed6e44e2b5cdcc73b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 5cc7c7c0c0f1daa732db133a3dd35a92 |
| SHA1 | 089d1dfa0220426121b227317ec9b50dda9a637c |
| SHA256 | 28aafbf8dc546a711f481771907734e545b70a6b2ae01585e54dd2ad2ac4433f |
| SHA512 | 2963fa56fe3aae9b7229d22deb464c9f6acadafbd13c892284125986233ca7b5115d5ecb32d91007d7c95f85ffa7dbbcccf1a1d3e5b9d80ffecdfcb30496193e |
memory/1688-1367-0x0000000001FC0000-0x0000000001FC8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 3aef7e2ece5fd91513060a02defc2c63 |
| SHA1 | 9b5de5f0597a2a361a8713e6ea75ee5c1fc6a115 |
| SHA256 | a7205f015a9df840fa7a9a88854dda4a931d4acd5732cc8e104bf6d1b1e8df2a |
| SHA512 | d91c2dbb3baa443d7c66225cb7c5f1f4a152ff98e711b6174d2a457312a463fa67a7462569f9f7950e82fe62447836b19f60fce1f69a9f426962dfd32c279c6e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 17:20
Reported
2024-06-16 17:54
Platform
win10v2004-20240508-en
Max time kernel
1800s
Max time network
1799s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630322785005281" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\cb186d77def7fb80cf24a010111b3bfe.jpg
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f529ab58,0x7ff9f529ab68,0x7ff9f529ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9f28646f8,0x7ff9f2864708,0x7ff9f2864718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3352 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4820 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4548 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4536 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4872 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3324 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f28646f8,0x7ff9f2864708,0x7ff9f2864718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4136 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4832 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4452 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5708 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2520 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4172 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 52.111.229.43:443 | tcp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | oxy.st | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oxy.st | udp |
| US | 8.8.8.8:53 | oxy.st | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | oxy.st | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | oxy.st | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | oxy.st | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
Files
\??\pipe\crashpad_4108_UUQYBJWFWHFCLQRX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 28aa220da146a3c1a38e29ce4dfa847b |
| SHA1 | 4672b1935907372223c47d47c2fdb7ef05ac2b0d |
| SHA256 | 367a283ef3660fe7696e083e8dc30981e8f4d85d5cb89a3fa3d6126ce0823287 |
| SHA512 | e8cf80fd9302192cad7ed838fdb756992388f78a3f6b3f3e2291742ff670e7b1c444f9c3d9c20e2c6606f573edb6516529d5fee3fe9e04bd3d3efe7609693695 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5215d3c2e77f5a1958e23a5e0124a155 |
| SHA1 | 8b6b6a51682a0f51a2b93fe5e7ff0bd30bc140a7 |
| SHA256 | 3d6035312117eeff435c7576b700637f603c369ae321c8d8b44e0c30697eb624 |
| SHA512 | c8d6ab34eadc57ec6c2de2abfe66d4c224e4d891f490fc32c80bea072a427b4987a6ac909c9b024e89fa8ade1881de26793a17b086cde66b99f6774552bf0ed9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c80096372c416147931150a9ad96f1a6 |
| SHA1 | 4e9f99863e3c2890917ea94b2610c80caea794f7 |
| SHA256 | 1632ef1cac1a9fe75dbecaa694cc96793350cd6611d740eba84ddfb49eec79b9 |
| SHA512 | e66fc74272bd4db9b5f15b4b1cc2b4e6dedc213aa0270fccd45a53270e29b63f6a7b95399ce34562ee78efdf2485009680740038ce1a4b0a181cbd70f44f3d3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 223a38ad79524edd81d0ca4385872c5e |
| SHA1 | bb1221a5481ab11f73be272e628a3c54bc14b1a6 |
| SHA256 | 219cf00dd413a71b7cea592325429c0029375c142db0a0a3071e560abf223c61 |
| SHA512 | a4c277782ce8a74220e4a599f879b5fa12a4af6d908c3fff0341e499c960c2607aa1e79954b03c1e7cd7d1af575e89f10a874e6d134b048534f87bcd94754be5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5911007d0c6187ca6d4c0123336577dd |
| SHA1 | 16d26e95e26e0591ce2039a79443f8f899379ec1 |
| SHA256 | 53edc325c79e5af5b68b6d044891b0d503e0a0b90606a0f1757b835bcce9b3b6 |
| SHA512 | 25f38e73bb352f8d37cc37f5742ea72abc08bac4686168eabbb4e554ae789847b19aa467a23396c921abe734105b34525f50539f27bcd7f9667117bcccf8eca6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b2f7722338db970e608c3de7fac0e491 |
| SHA1 | be4f23613db0373405c8e2535a9f77c8438589fd |
| SHA256 | 29e4097c84c409b3c33e2695273ced966aae4a33c6dff4d85c4b68264bd2437d |
| SHA512 | 8cd5beee5e4ad7484ae37fe158944cefac741cc047c4e95f47ddd010223275ff55a6e55448fd10e0809ab4a8eb51888e280afa03f0dcb9f6140205b9c916f888 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 46d2d3490a7643ab07a4e87bc8e47b1e |
| SHA1 | b66e2470c0345d00f265b6754e98eaea8ece9d79 |
| SHA256 | 0fad9581d15c8137359b14eba0a400fed362bd1c091444ee39725a79f110e42b |
| SHA512 | e080d5664a664cfc33b3d8373d0f3b9e1087884b5194a47b26596999437bb113c5cf8d79dc38e46f99b5c8bff20e00454aecb4c071b347e7e843e0aad7ee4882 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | b96a3b0ade463c3e2bda82ac4512ee07 |
| SHA1 | 0a7661ad54a03d8d00d092227c709e2b52dd81f0 |
| SHA256 | 27ee10d60040ad815a821e44499c7a411ec63e11a776d175dc79da39202028a3 |
| SHA512 | fb4dd207dad2f144927907b20918efd5e1a0f506f1bed1d7b7ee28e4529eac73f93a058a4325a2f3d398c5f89320ed3afa118b55a22d4545b09c8ec731e4f90a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | c3c16b98f412ae795957a5794e55299a |
| SHA1 | 82111913b6fe40f1aee86e53625d8c3da3b26797 |
| SHA256 | 054c70eb618eea50d0ad08fbb396f1ae0b38e001841f9aa20cb5c610337bfc21 |
| SHA512 | 8f94b1ac4c8a6dde1ac0918613ea11c57d1c715cfd28c5b429d066275091f15bf499a2a7f7c17ad773efd7b5c6a5d224c0076e1ee984802e526e92c233f36259 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13363032299070398
| MD5 | 5c98b42d9ffe6667759cead2b8c9a887 |
| SHA1 | 4a5e0f328252d4545dac27f47d0a6ee369e70dde |
| SHA256 | 11130de310d5083f91eee7a2b59283db8589b629a5a7bb177e35c931528a822e |
| SHA512 | 2917dace49e4cee0c0a4d64f8e9f273c53272adde2c3a90784327268c4a47c3bf3c66ba416ee9c81ee9dce4ca1d1497f4aaab7fefc79c2d9645b02210f068b21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\841a6d4f-5dda-4472-8f87-64e633e24b97.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 388c4a4409c1f1db411af87af310ef5b |
| SHA1 | a49f576514a36a831def4284c7bc6a912db6065d |
| SHA256 | a276de5801832590e63349b68e9f5e7d6b45348e0ecf99d6825c004808c7d2c1 |
| SHA512 | d52037b79ebafa733ae809ac66aedc7f9a06ba877b3f34e89af14a298bac47a12effc1fbb60a31afe47d21eb3313a1e370838231c76448cf9535c6e59b60694d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 1225a7546bec8d79ecee4d6f8a5d61e5 |
| SHA1 | fc706426d61a87a28ec7b0f1e856a893ef5763ec |
| SHA256 | 46ea93e8ceba11af9afa9d389c8d61422929e008793c710ce46240f1df773f42 |
| SHA512 | 0d4b93e0e479fa9fab67997d33f803b723cee49d3caffe2f5e6803690e6899703b144f422c4d00f2504e0a15cc0e6566fb001ec70181745f2ecd0c8187956759 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | b65b45aa427ba0ede23b7f50db01ab04 |
| SHA1 | 7833786acf8c4531dad63175ffd5e60338e91ac8 |
| SHA256 | 0273bdb9640dff20880b8d754688ecb7c8febd30552ed7a118e673f20c2615f1 |
| SHA512 | fd52ce1d15bf34286fc292ec2ecea8220d70358423ca48fac043868f31ef2401a8a2313214bf7bf864d9cf67094051d0db6fbdb56f75f37e7b4e52ea63b370dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 1d2b96a1463ddd602c8d9e0437b95d50 |
| SHA1 | 326be281161efbd70dbb5f7d325ca5e15a3dcdea |
| SHA256 | c9463bc596246bf902c8e71e3c61533164dc60713173b251a850e0bda1e86bf4 |
| SHA512 | 7252c162abadaba585863762316c0d266ac680715ed983208ab960d6b8110be7a68c71f9e55a759614fdaf6ef34b1843540595c4553a6efbdb964a8678abae28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | bc89739d438948594e666c0aa92dd9b1 |
| SHA1 | 92149113d03ff51da6ff2bc56e3f463179369ac5 |
| SHA256 | cdc0a01dbe8a77600867f1bd10d7dfe3aeda590bc337cfb5aa37c5a2452413fd |
| SHA512 | ffb2ae132313249249309402bd329d7339f60e58581193bce8a41d33192a21f10cc6b29ff1f4206a980e2ee21e96e78c7b21c531084265efefa0592598c320b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | fa1af62bdaf3c63591454d2631d5dd6d |
| SHA1 | 14fc1fc51a9b7ccab8f04c45d84442ed02eb9466 |
| SHA256 | 00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d |
| SHA512 | 2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 04cf245ee263ae5dae3821f20dab7ccc |
| SHA1 | 3e33dc8d99704104dd4b214e1f2fe5231a1608db |
| SHA256 | 2f8fbc0faebad9377d4fff837810797a570a8f429b4c6df1c2a21801d1e90548 |
| SHA512 | 4676e9172c392cbde8f7a40dfe51459e5e6668334cb3e02b5e3029767520294dcec296c6969a8bb5a13cee12c38c9e8a1ccd5142540a11952114671e1b45c01d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 220a83de364ef26905a0ffc50819232e |
| SHA1 | bd996e1f653b4233e483a36f45f075069578c4ea |
| SHA256 | 851753bdfa4be19c786f7ece4c392b4504ffc35a3f61440ea2e1e33ee4742d7e |
| SHA512 | 1ab070fb3b5b1472476449957b1e93b5eec46e77263c8049d22b2395875d0958b52e5bb7f1ec1327f2b25a4c4ada2f8a179aaea85ca023e516a9f9c0cf93671b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 67c7e706eaea63b0f98e1780f88f2578 |
| SHA1 | 08443506b7032761f6242b1135900278e2dcc0bb |
| SHA256 | 0e170e3b1bc2cb379778c92d227223c05dbcbc22b0165262be7ed95800ce10fd |
| SHA512 | ea591b648f80e28114f01e9572dcf50aa58cfc49d9d4fbdf1716f853f2bc52229f1dc9d42d33d078561901660855432f3b6f2b6fc5e34b66253a5e6c0f3e678d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 3fcc8c82d7a989e93de644ce0a02156e |
| SHA1 | 49ecb5b5b02b66d2759c08ca682b3028d11d3a26 |
| SHA256 | 96629d970d42a3b9c6d1114ddd04c47054989e21a147af542712d5903573f824 |
| SHA512 | b36ff664e338d0f16b5ab6b31282f818e1e3cf7fd5ef044a23e176761a8a573fab87c7b9c7b4d0abb93de9753b9f0688ca8f41f70cf2a96cffa90ebd8983b5f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 666e6cc42e8ad007968cf9f5c001adf0 |
| SHA1 | 8de26b29eae2cb93cc5aa7f8f17ad6d5cf4d29df |
| SHA256 | e2459bd784281a0a1c709570afe4ecfafc807dad5d7db6bfbc37f52dd06e8515 |
| SHA512 | e8351e5c37312f17c6b2302b65aeb1435d33d5b9645187f6c20162b897990b2c2d5b6cf6698092dfa0a7030d0b2488fe8b809a9366bac784063d4cd8525a9136 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | faa927a038cf3a47d1a7bcf05aa11ff9 |
| SHA1 | ebfdf46167dd81c25c325be3e2442ee30d928438 |
| SHA256 | 0b3786d952977820345ac4958668c6178f133ba995abc6184d267cf780b0307a |
| SHA512 | 768f15f07f9c28ad30ebf40ba4a85efc535bc20524f86583bdf6a3f989d0aab6da95fdf3ce5a85157bceb7c5900ba945e3ff91fdee7197b4e58e68e42d23ef71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | ad84e95dac0c95008842224d82ae5e2d |
| SHA1 | 96f3e6ec7c21d4220ec978225c340f0ce76c1cde |
| SHA256 | aff81d9bb257d512306f99a205dfa3d95443a2d07013201fc2a4feb332e5ffb4 |
| SHA512 | 94bac3216441d64062e8583508b6471c0c6cfd8ac4d1d97e23f3d8418a5211d88446dfb0c372a3e574c4cc22e06d788e04cda87bcd506fe167b68c48dca67f4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 5bcc0000dc05ceb7b329d165aef1f61d |
| SHA1 | 8873ad94f1dc29f9a9f61a8902f1dda353483aeb |
| SHA256 | 67611afe89c6ceb12c19f7163dde7bc71f39de69a9f20695055bd96c38c56467 |
| SHA512 | e23fbd14acc429246b2cb701ef5bb7c446b7fd90436a32ecf34f9d149098f94138809007890394a7606c5ad1bd4218411705cca2ee56990e4ad449ac01fa73c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 07e98c80e1ca9fb9c864eab4f6aac18e |
| SHA1 | 09d099926e1b891c05b55c1de4bd32d36b356bee |
| SHA256 | 1cec42aea3cf5a87ba13dba5702352be97cd43fb01e6a46fe0e153318c801a47 |
| SHA512 | a413fb644d904006512dfa81538ac20e6b8bb9ee113cd456487ed977c2afde5e38a0bfc02ff2d43f3b66555594c8684715a6f11949bd52f7ab9dfe5aeeb3a1fd |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 8a3ab12cd47ac4a7b5430dfc1f58aab5 |
| SHA1 | 61c678fa3850973ded3ea7963e8b198955843e7d |
| SHA256 | af13fd5836df6d73f46d9010f224dd0dae4eefb66771ff67247db1ba285e29e9 |
| SHA512 | fa812ef060b71faa0923c401d76db5d4ebe617dcfe4223336c4802c57b1a263fa2120071ab1c4f6cd9f45a1931b25b0a07f34dc690d2169b1e7bf9c356ccb284 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 767ec10689fe2feb734134e3429e2182 |
| SHA1 | e5536229a92676eefc722315db0b2bf922284a28 |
| SHA256 | be6cbdd3d329bfdc0651401f6b01f5be24980ab7cb6d39b28dcf01c66e1cc724 |
| SHA512 | ea0c477f0505654fbae96e74d42e995bd770b11fc08a27fa0a3fb124a199611dd67c7b6b69b40bff724c45d9691e0c7291482e511d91573bf99f20bd570ce299 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | 1ac9e744574f723e217fb139ef1e86a9 |
| SHA1 | 4194dce485bd10f2a030d2499da5c796dd12630f |
| SHA256 | 4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e |
| SHA512 | b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
| MD5 | 913728da90cf90d8e78af59c60b47c3d |
| SHA1 | f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e |
| SHA256 | b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82 |
| SHA512 | 3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | b1569bcc17814a4236170f8b901c2e80 |
| SHA1 | 9d37b1727dabe180127d4449f654fe3beb819d46 |
| SHA256 | 12f03e58065c05f3112baf917ae88be9225dfe715f77ac610b890e8b8f0db13c |
| SHA512 | 837361330eb0722e2198d7269a93401dc59f1ee5ac8d9d27280fcbf949f9e267d437e500c8080bb627e29fd50f42cd746369121e986ebd6a1a50d107188b3f01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 5e3ac3a85ba3d36dae6c8fd50bddc290 |
| SHA1 | 96e763ec91f700e648a88619753ad5e518128fb3 |
| SHA256 | 4bc474942a0326ea96fc25c359ffbac92089a9bb4c724021dd59c5c8b16ef875 |
| SHA512 | e756a5f972f55d83d1dd59a29e763a77d1798f158dd39fe423999fc3a0dea898aed65df8b1ec4cc1ee023b63240851922199a1fdab41dc232696c6fc97ef2a8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13363032298798398
| MD5 | e3bc4e62167c402ea8dd9855621a3318 |
| SHA1 | 8f8607464283fd14ba89e7ab179c196b885fe6ac |
| SHA256 | bf44263ef5cb6017618fa4b3da0b60363ac558252ace587a1ec655a171f5d77f |
| SHA512 | f92f7cd1bbf593842eb82145fffb86b3089ebf8fb351996e1c15077e6e54d0918a09f7ee48fe6d39c9ab5d1149ac7d28bc9640240a2294c5c6209e4e74b1991f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 235e0a949b5f8578afc1d888d15c45a3 |
| SHA1 | 165d5f669888d8df647f977a2819bbc04e0cac8b |
| SHA256 | f49ef2c56edf6b067fbdb183aa6f285625b6c2d1a8a73921c409fcdb06c6137c |
| SHA512 | 4d170338447d7d8e9e1ea64e3a9c2e98b69680e74da1b8ab105bfc8a497d52e97206f5e6128b04a893ca8cea96cf2bd2c7da8ef7d66511f547183d7fbb31f8d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
| MD5 | fe6a349bc30f3d8ac99d961ef08e4d96 |
| SHA1 | 11b3619a783755b09ae95c8080c161dc8cac5ed1 |
| SHA256 | 59c299c9bdabdaac88d42ac4dd8ef830b8e621ac62310fca38ac1d5b64c9af14 |
| SHA512 | 9abc1e92cfeadd7a3655fa10e643c083a2f58762afc7324665006876dde6732c3b7f784284f28e7ab5f42eb1075fdb35014a71651889a31b11a281ee84fbebba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002
| MD5 | 22bf0e81636b1b45051b138f48b3d148 |
| SHA1 | 56755d203579ab356e5620ce7e85519ad69d614a |
| SHA256 | e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97 |
| SHA512 | a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps
| MD5 | 2b432fef211c69c745aca86de4f8e4ab |
| SHA1 | 4b92da8d4c0188cf2409500adcd2200444a82fcc |
| SHA256 | 42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de |
| SHA512 | 948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a01c0416c4658fc1d66541efda0656b9 |
| SHA1 | 0e8284e09416eded93d2179f5c24c5ec131ed878 |
| SHA256 | df7e5522a73659ac73e9dff60dfd1a4d33634d3cc4709a82e0c04f124a8aeae4 |
| SHA512 | e260bc18385d64b4ea009f20153d7a3cd565f01b0e5d9244be2241b1d2243070ed48a2d1afbfe41619dd91455669f73aae46ba1910f953149880e69db1bf530c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 87305f6817e764549f8a8ee1b741826e |
| SHA1 | 339e8cfe964d7aca018ba6707c6eec087c81607e |
| SHA256 | e24dfb78cb40e7654c3dbf17027aa10ae3a4efb00f4ceec326efd2d3947c3e0e |
| SHA512 | 4608d0dfc50bacf5ea775e6bf13bef05ff0f85bdad91187b8d6ae3b5abd0816ca7cef53113b714ae33f7dfe7ed67cd2c18a64dd422217e52f3ad79ae2be67792 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0d5cd7e69a710cbdbfc2ef696cf15b4c |
| SHA1 | 013e6265bbbd8ccb944c6f519a2507838981ce32 |
| SHA256 | 03ed8a147317e7021acf5eb89a1f0db026f8c7758cea6c50c4a365287e268874 |
| SHA512 | b4eb7872419d1291cdcea7ce9b80a6c9cd16a3df5a2c479f563461ee63390b825394f68d0753a068a93586cd3345a7ed68b15857166ddc0ae0689c93851dd43b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5b34fa332e05ca0ac04464cba7e0ce9a |
| SHA1 | f7d2ad475dd7e0919a2cf6762279993543f6a8fa |
| SHA256 | b09569e8bfb21c555219a5d3e9c5c220664d20228f02fc0b233901e5772649b3 |
| SHA512 | 89cac0eca626c7923ab1fe160b324daa13e48bdc497e9a62a5459e49cbd7624040e5812a6fceccbc147f3e58f94ba89472d91b30c5b5dd3faad31d49731ea4dd |