Analysis Overview
Threat Level: Known bad
The file https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFdhTGszdFByQTdOd1kwcXRuWTk3UjctOEFLUXxBQ3Jtc0ttUGdIcG0zQlFPSjBZR3g1QUtfdzc4WHNHQmpJM3JKLVRjcnRCcVNUcWdrZnVrUXMzcjRna1ZFaG04aEdLNFZ4eEtDN2RnMlRDdzFnQ1hoNzg0dU9ldnJsb2Jka1I0V3BQLURiUTRRZlpZa0pTZldsWQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fpcu35b6nrb60w%2FqeUaxJCA3FO&v=LWkyxNcQVdc was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Executes dropped EXE
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-04 23:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-04 23:19
Reported
2024-07-04 23:23
Platform
win10v2004-20240704-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4108 set thread context of 3524 | N/A | C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
| PID 1864 set thread context of 5752 | N/A | C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFdhTGszdFByQTdOd1kwcXRuWTk3UjctOEFLUXxBQ3Jtc0ttUGdIcG0zQlFPSjBZR3g1QUtfdzc4WHNHQmpJM3JKLVRjcnRCcVNUcWdrZnVrUXMzcjRna1ZFaG04aEdLNFZ4eEtDN2RnMlRDdzFnQ1hoNzg0dU9ldnJsb2Jka1I0V3BQLURiUTRRZlpZa0pTZldsWQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fpcu35b6nrb60w%2FqeUaxJCA3FO&v=LWkyxNcQVdc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb11b246f8,0x7ffb11b24708,0x7ffb11b24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7268 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\qeUaxJCA3FO\" -ad -an -ai#7zMap16043:84:7zEvent32079
C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe
"C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe
"C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe
"C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe"
C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe
"C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8364 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 216.58.213.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| FR | 13.249.9.41:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| IT | 157.240.203.2:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 172.217.169.46:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.203.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 44.240.76.145:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 142.250.200.42:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.76.240.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 74.125.71.156:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| GB | 74.125.71.156:443 | stats.g.doubleclick.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.200.42:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| GB | 172.217.169.46:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 104.16.53.110:443 | cdn.otnolatrnup.com | tcp |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.219.188.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| DE | 18.197.202.95:443 | btlr.sharethrough.com | tcp |
| DE | 18.197.202.95:443 | btlr.sharethrough.com | tcp |
| DE | 18.197.202.95:443 | btlr.sharethrough.com | tcp |
| DE | 18.197.202.95:443 | btlr.sharethrough.com | tcp |
| DE | 18.197.202.95:443 | btlr.sharethrough.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| FR | 18.155.129.56:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 34.251.46.222:443 | bcp.crwdcntrl.net | tcp |
| IE | 34.251.46.222:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.202.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.46.251.34.in-addr.arpa | udp |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | b52936dd9f6ca4b3ada13af8c7133ddc.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| GB | 142.250.180.1:443 | b52936dd9f6ca4b3ada13af8c7133ddc.safeframe.googlesyndication.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| FR | 99.86.95.82:443 | cdn.prod.uidapi.com | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| GB | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| GB | 95.100.244.20:443 | contextual.media.net | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.95.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.108.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.244.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 185.235.87.165:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.225:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download2281.mediafire.com | udp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 8.8.8.8:53 | sys.ctrackapp.com | udp |
| FR | 52.222.201.8:443 | sys.ctrackapp.com | tcp |
| FR | 52.222.201.8:443 | sys.ctrackapp.com | tcp |
| US | 8.8.8.8:53 | 22.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track.donecperficiam.com | udp |
| FR | 52.222.149.118:443 | track.donecperficiam.com | tcp |
| FR | 52.222.149.118:443 | track.donecperficiam.com | tcp |
| US | 8.8.8.8:53 | go.etoro.com | udp |
| GB | 23.214.118.147:443 | go.etoro.com | tcp |
| GB | 23.214.118.147:443 | go.etoro.com | tcp |
| US | 8.8.8.8:53 | marketing.etorostatic.com | udp |
| GB | 104.103.247.210:443 | marketing.etorostatic.com | tcp |
| GB | 104.103.247.210:443 | marketing.etorostatic.com | tcp |
| GB | 104.103.247.210:443 | marketing.etorostatic.com | tcp |
| GB | 104.103.247.210:443 | marketing.etorostatic.com | tcp |
| US | 8.8.8.8:53 | etoro-cdn.etorostatic.com | udp |
| US | 8.8.8.8:53 | 8.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.118.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.247.103.104.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | c0.adalyser.com | udp |
| US | 8.8.8.8:53 | amplify.outbrain.com | udp |
| US | 8.8.8.8:53 | dc.services.visualstudio.com | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| IE | 52.30.56.162:443 | c0.adalyser.com | tcp |
| US | 151.101.193.44:443 | cdn.taboola.com | tcp |
| GB | 199.232.56.157:443 | static.ads-twitter.com | tcp |
| FR | 18.245.175.102:443 | static.hotjar.com | tcp |
| NL | 20.50.88.233:443 | dc.services.visualstudio.com | tcp |
| GB | 2.18.109.60:443 | amplify.outbrain.com | tcp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.88.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.56.30.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| GB | 216.58.213.10:443 | translate-pa.googleapis.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| DE | 18.197.202.95:443 | btlr.sharethrough.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 8.8.8.8:53 | c9a8e5bee569437ed37b067cd16d5417.safeframe.googlesyndication.com | udp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | 110.52.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| FR | 18.155.129.32:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 172.67.141.135:443 | www.chancial.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 52.59.173.9:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 135.141.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 172.217.169.46:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | 9.173.59.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.143.214.23.in-addr.arpa | udp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | www-static.operacdn.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| DE | 52.59.173.9:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | citizencenturygoodwk.shop | udp |
| US | 104.21.76.55:443 | citizencenturygoodwk.shop | tcp |
| US | 8.8.8.8:53 | 55.76.21.104.in-addr.arpa | udp |
| US | 104.21.76.55:443 | citizencenturygoodwk.shop | tcp |
| US | 104.21.76.55:443 | citizencenturygoodwk.shop | tcp |
| US | 104.21.76.55:443 | citizencenturygoodwk.shop | tcp |
| US | 104.21.76.55:443 | citizencenturygoodwk.shop | tcp |
| US | 104.21.76.55:443 | citizencenturygoodwk.shop | tcp |
| US | 104.21.76.55:443 | citizencenturygoodwk.shop | tcp |
| US | 104.21.76.55:443 | citizencenturygoodwk.shop | tcp |
| US | 104.21.76.55:443 | citizencenturygoodwk.shop | tcp |
| US | 104.21.76.55:443 | citizencenturygoodwk.shop | tcp |
| US | 104.21.76.55:443 | citizencenturygoodwk.shop | tcp |
| US | 104.21.76.55:443 | citizencenturygoodwk.shop | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f060e9a30a0dde4f5e3e80ae94cc7e8e |
| SHA1 | 3c0cc8c3a62c00d7210bb2c8f3748aec89009d17 |
| SHA256 | c0e69c9f7453ef905de11f65d69b66cf8a5a2d8e42b7f296fa8dfde5c25abc79 |
| SHA512 | af97b8775922a2689d391d75defff3afe92842b8ab0bba5ddaa66351f633da83f160522aa39f6c243cb5e8ea543000f06939318bc52cb535103afc6c33e16bc6 |
\??\pipe\LOCAL\crashpad_3840_EQTYXSDAHCOTXOTO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a27d8876d0de41d0d8ddfdc4f6fd4b15 |
| SHA1 | 11f126f8b8bb7b63217f3525c20080f9e969eff3 |
| SHA256 | d32983bba248ff7a82cc936342414b06686608013d84ec5c75614e06a9685cfe |
| SHA512 | 8298c2435729f5f34bba5b82f31777c07f830076dd7087f07aab4337e679251dc2cfe276aa89a0131755fe946f05e6061ef9080e0fbe120e6c88cf9f3265689c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e209ae22e2db9f4b7300c6e8468d307a |
| SHA1 | 6fd912a90ee949ce88ad871c12667912bb236926 |
| SHA256 | 3273ec59ec167f10bbe241bdb1da71f089418df214f122ab07ae8d5bd046ae93 |
| SHA512 | b3cf3a87456c0e6b8087bd2449067cf89f7d04fe3f23653e4537af5ec9a386860010a11a5cd2f299370cd6d84cfa50c869b1e861b5b355948c7edd0a74882b30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 35a06243a05b84d24aa24774b8637f9b |
| SHA1 | 3e027121ad78ad56a24d7b9b2ee3880bacb8338a |
| SHA256 | dd9d24f5dd91b0c92ce01833d9373ee6cd672279c96eb9736defa55e1ca6ce4b |
| SHA512 | 77b58d98a3f6d042cffb99c416d302fa27153dfb798d44ec20f9e1d590d81f6af8b3ae23c3877421279358c6222d97421f396eb6bd756a29225750059e4305ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4a39eee674251c3878942b3267c78e32 |
| SHA1 | a5929a0bdcfd72b0a0ff1ca0c8e83698faf5e257 |
| SHA256 | cf1880ad75b9e8865daec754ac5cd3f066828cbf87f0a79ec0834fc4852cec24 |
| SHA512 | 854e1ccbbd548a7507f4927b6b29360ad8bb6ffd2f3eda52bc2e54b48322b5832f47e28a86741f233c4d7bfd7b666b743cd376ee56a788d3db3f30fc85c92fd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 6b04ab52540bdc8a646d6e42255a6c4b |
| SHA1 | 4cdfc59b5b62dafa3b20d23a165716b5218aa646 |
| SHA256 | 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d |
| SHA512 | 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | c03ff64e7985603de96e7f84ec7dd438 |
| SHA1 | dfc067c6cb07b81281561fdfe995aca09c18d0e9 |
| SHA256 | 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526 |
| SHA512 | bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd04e5c56a3d008999699c7e6a489df0 |
| SHA1 | 6b50415e43418987a5028c025b214d4ec1293ba8 |
| SHA256 | fb6059393de12e04dec51c0af66badbb999cee253d205c33208e2f56d8a7bf90 |
| SHA512 | b6377b3cfed9db690bf3b521f36c333656aec0e5d1343e65648f656d39301bbace050ba25ca8e98222371fcfff58b53b9150234c3055b51d8f97940de4ed8b09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0d43db16ffd507d1e86da7478b3b546d |
| SHA1 | afcbbd8e0b7f7a14fd20b42185155d42fae64efa |
| SHA256 | bcb3eca92dfb0827d301571f636a11cc7d072653f11904e1d984531b35756a8f |
| SHA512 | ddedd56cfd8830290318dbd530ff6a935dad5b364a5238a45920fbb3e58226376e59b8ba75d2b23f242b290f1366dc7b05de4c120ae66fc3b64c6813f03a0b44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f368.TMP
| MD5 | fd3eda67fc7a1e07c1d7c972f25f02f0 |
| SHA1 | 9ae87061e2f1cf029adeabbe4b38629d172da910 |
| SHA256 | b60f4fab117a54978ee5d45182e8fc5576606f767d0f0f73c46f9b59cb5a1a00 |
| SHA512 | e9fc5f8af2800a3e57a50a1982c1056708bc98376b615e507f5ea468b7cad4acac0efda436383055049e9824bc6a4a0454a9713b022c1fd0fa97d31a6ca4051c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 663f1bbabbd9c1b41291421d89c3afbc |
| SHA1 | 5803cfd3c4fc0368d2c8d93d83184cb56e9c0277 |
| SHA256 | 2e386fa469cbaaa96b19416b7406d3bd73bb07a29094bb40266b20a6d5af8cbc |
| SHA512 | 132b387f8df106bded733e05d44507826bae01805ed898a1248d19398e1534e8055af582964d5e7715697f842cc34344dbc8bd208c023896342138da52944449 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 38e505a9f0ad1fe16fc3037b5686d2eb |
| SHA1 | 8a81862b3028c67845e73907cfffb93f2506a2cb |
| SHA256 | a95ffc74d583185e95800dccf65111131653384d225e764a03a24f787baef105 |
| SHA512 | 11dd910dae3d4e46b8af96b68aa804dfdb4a1e1175219b64f069f99b79d8ab009e22fbf679eb6197ba5c79d8733c54fd821dce3cce4b98364e1f9501aa3c48d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 5949a3da6de26d5d430ea3ed50200cd1 |
| SHA1 | 4fd58b8e744d78b7d02953c703dd8ea8fe94a640 |
| SHA256 | b3e58783bc5da4c0d1f348c79d5d162dfa2632e448a687d0813ee198b40ad43c |
| SHA512 | 4fde77e6471a5592d58c58adab61add77a09feacca048f2b46b66037b658e6e21e89d4235024b47f6e737ed8be7917ef7fa1b5cf23169ba612eb9b220775bf7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 007655445477ca41dc64b996870e8092 |
| SHA1 | 46e1cd478232d4c87bc1beb2eaef19c232690f39 |
| SHA256 | 59d87f1d20661d767b69f2092c7837c8ecf06f55a2ea34a588216bf5f4966078 |
| SHA512 | 2cbdc1c58c02edfa95dea55f8f512fe09407d3d7d7f2ccc7baada5b34cb9f68f2468a73ed4620d9109e04c498fd64c4023699444e4ccbc3c5b3d3443a99ecb38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 660c3b546f2a131de50b69b91f26c636 |
| SHA1 | 70f80e7f10e1dd9180efe191ce92d28296ec9035 |
| SHA256 | fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9 |
| SHA512 | 6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 42e99033124f94cd942d24e760a6b885 |
| SHA1 | 9dc8076ec901d16904a7301a04a0e417c56d2b11 |
| SHA256 | 974dc59f17476c2f5c1e172f8aa3f7ba8873785a651a7ac6e640d63e465714c1 |
| SHA512 | a67b65eb67c87980756837707f80e0c1699c86a8625686caa95438a2067292b06b39beed5af161061ec1844425af24bb168916bc7859d12ef7f3fde1661be785 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | da2d260116a68efcef921d4928c25f2c |
| SHA1 | af9f4a51e888052652ebeb5ab1a8907b936ca175 |
| SHA256 | 962ff5c288838e03222b1c8b94475fd2b9d97f013a83fd7ac2899d42d6f815e6 |
| SHA512 | d36b71a6ab0a35d329f744572124eae53aa401efa7298d0fe64abfa91e5bdcedb3b306377b9c8d4a040bca9dc1249a10e626b97e5ec5ab5cab1cb05e2cdf1979 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 4833e31eab7953941b47560f75cb301a |
| SHA1 | e6a5c7375606e2b7e777203a778e9730c177c7c3 |
| SHA256 | 14b6e98af5e25c465a253bc9571700135bb587d3d2256e8ef53a07145138aea0 |
| SHA512 | 5df199a8c323173bd4001ca0876d29377b9badf5996956bae51a7319f56e68dffbe38eca6257abb008080c3d8ec1d4fd46eb8b5e0ca7abb599ed3a68fc852608 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 36e4cf2aa1a0a43fb25af7a85d5fad10 |
| SHA1 | ab8e31406f9c358f47168d70ba3b0aad4202cbaf |
| SHA256 | 9252e4ab03a8a827c0c769a9c6f4bd47a85cfce267c3c2073d94fab170703422 |
| SHA512 | 736d140aeb52ad0c78cbc0c615bff37dd90afddf572f2594480f7688e8ea812dbdfed753d6065c7b6a13651020c42d23bce96904c2d78eb6f8d2a2538e98b3c1 |
C:\Users\Admin\Downloads\bf1365ea-f852-41ce-9ad3-8e454719cbbb.tmp
| MD5 | afdf62af6d1bf814a73f7a38ed77089f |
| SHA1 | 0163d21e55c5378a2dff651b8a10cc2af24c5d55 |
| SHA256 | e69eee0b6f72252892be32e8e30e069ca712d773d2cb556f4c237faa2d941575 |
| SHA512 | 5afaf60b70b6af1f30ad2113425ec1bd9ecb4c2a4b40af8bbea3767bcf8642ed7003ce77147f56dd49fc5b18c2624476ec1c51c72b119c8df9e23cd0e8216274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6e837bb55ebfee4eaf81d1cad3939bb1 |
| SHA1 | d53de9f070f8c5d86ee942097e789bdc9f9da416 |
| SHA256 | 7b08fa5607d125e3159589509efbc8e5bbf7cd8449adcb9eb1f8c54f9850c2d5 |
| SHA512 | c9234c10faa16ba68c851a42812a46f130e90d0c1cd09ce9092c454adeea654dd62408010664667210191258c5a5577518992e25aee8898c5dcf00c61227c759 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a6b5699e2e02970b75eaa2efdace3670 |
| SHA1 | 39603246fb7c5d7bf72f9859e9519ff7a710ad63 |
| SHA256 | 82e68a580143e2fb898785bca0eba4035150ec267a4f80434aae02bbb7d7794d |
| SHA512 | 5943186fcbba6bf580694b2007f48ae6288703f2fdbf4e34a0a16676a1370af07a4756ebf303d8e83268bba3aa2cc3d9ea9d566263f585cf82bcf0e4146386ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3d8a760641f9a0fa8ba652d76979379d |
| SHA1 | 02c177d018b8079ff0423fcbb97492fe6c2dd211 |
| SHA256 | 2b3270d58e305695826e4630cef3cd70274dc1afaf16e81224c7a92a180458db |
| SHA512 | cdd74c2aba2cd2b2ddd1af8baadc2da9a1e0948cb63e021590e7731bec0c109c31f214d7e5c96ddc43656dd1b89b4ad249b86ccae4dadbea8ec9a5fba7c0049c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6dc1bcd0f6866d5677fa84da2a0efe20 |
| SHA1 | 2761e8eb2fe2d9fe10bbbb4ecc411108fa037aae |
| SHA256 | 383746040ad3bcb59e50b3268d51144d964250d7d684b334830f2eab264122a5 |
| SHA512 | 73d53aa0236308ad160c252391238a38143c11a92622a3e1b24a2065befa956df2511f0552a054513dfd3ef5ff01f67906706dbbd4bb50d802681f5aaff9f4e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bfed6a7e710f278e916adc2894f59405 |
| SHA1 | 66d36e14f5ee715e63ee1c85677a159ac19d3cdd |
| SHA256 | 4b2afd80a0624775ef5072810821bb7563322412738225290de1764de87311b5 |
| SHA512 | 871d25199a5a06275da24d2bb92209586eb7f1f3e2877acc66204f840988487400644c58c54465ae5cf6cce4a9e637679aa1b0bea72ee28ac321c1c2f7956949 |
C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe
| MD5 | b82c80a3ce9b5c44391d3f11307f8b8e |
| SHA1 | 7480059bc051383eaaf0d83b7f39d7c4989e4dea |
| SHA256 | ce9b5ec3693188ed91e363e55286cd212f44912b042bd83a924af2f43daaa55f |
| SHA512 | c04bb5a116dfbe2599ce91e084888d5c051e831812ed75e7d0fd40373f0f0ade7701246a433cf5552b5b8b370155b95547f8165d7d38c76325124c7afbf431e2 |
memory/3524-803-0x0000000000660000-0x00000000006B6000-memory.dmp
memory/3524-805-0x0000000000660000-0x00000000006B6000-memory.dmp
memory/4108-804-0x00007FF6C3C50000-0x00007FF6C4365000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 6f7a27c50ffd001bd3651c24cc369335 |
| SHA1 | 2606a189ed1ccf87dc6050f18d521405b3a70aa4 |
| SHA256 | 98ab15905e7e241dec138289721c9f41681a38587966c5c79541564577f1d7eb |
| SHA512 | 5bb8483b17b4d36c47de27a3686f61b1ec0a4a83b3c9fe74df1557f31e37119504fd038932d158858f89d4e5ffa34d7459dcdedb6c94fda570ea7872152bbbb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
memory/5752-814-0x0000000000580000-0x00000000005D6000-memory.dmp
memory/5752-815-0x0000000000580000-0x00000000005D6000-memory.dmp
memory/1864-816-0x00007FF6C3C50000-0x00007FF6C4365000-memory.dmp