Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/folder/m2y78v01hc7nu/ex-peng was found to be: Known bad.
Malicious Activity Summary
RedLine payload
RedLine
Loads dropped DLL
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Program crash
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-06 18:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-06 18:11
Reported
2024-07-06 18:17
Platform
win10v2004-20240704-en
Max time kernel
339s
Max time network
344s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\brownmouse\brownmouse\crispylake-2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\brownmouse\brownmouse\crispylake.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 6076 set thread context of 4524 | N/A | C:\Users\Admin\Downloads\brownmouse\brownmouse\crispylake-2.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| PID 5764 set thread context of 5752 | N/A | C:\Users\Admin\Downloads\brownmouse\brownmouse\crispylake.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\brownmouse\brownmouse\crispylake-2.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/m2y78v01hc7nu/ex-peng
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa648946f8,0x7ffa64894708,0x7ffa64894718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6748 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,6257036418435057207,10292267709016686962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7864 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\brownmouse\brownmouse\crispylake-2.exe
"C:\Users\Admin\Downloads\brownmouse\brownmouse\crispylake-2.exe"
C:\Users\Admin\Downloads\brownmouse\brownmouse\crispylake-2.exe
"C:\Users\Admin\Downloads\brownmouse\brownmouse\crispylake-2.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5708 -ip 5708
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 1004
C:\Users\Admin\Downloads\brownmouse\brownmouse\crispylake.exe
"C:\Users\Admin\Downloads\brownmouse\brownmouse\crispylake.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| IE | 18.66.171.13:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| NL | 157.240.247.8:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 172.217.169.46:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 54.213.132.14:443 | api.amplitude.com | tcp |
| GB | 172.217.169.74:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.132.213.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | tcp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.71.125.74.in-addr.arpa | udp |
| GB | 172.217.169.74:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| GB | 172.217.169.46:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 104.16.53.110:443 | cdn.otnolatrnup.com | tcp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | 144.170.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.89.181.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| IE | 52.211.254.3:443 | ad.crwdcntrl.net | tcp |
| IE | 3.162.140.16:443 | tags.crwdcntrl.net | tcp |
| IE | 52.50.240.62:443 | ad.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.254.211.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.240.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.116:443 | id5-sync.com | tcp |
| IE | 18.66.172.219:443 | cdn.prod.uidapi.com | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 2.18.190.81:80 | apps.identrust.com | tcp |
| GB | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | ghb.adtelligent.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | hb.minutemedia-prebid.com | udp |
| DE | 52.58.238.229:443 | btlr.sharethrough.com | tcp |
| DE | 52.58.238.229:443 | btlr.sharethrough.com | tcp |
| DE | 52.58.238.229:443 | btlr.sharethrough.com | tcp |
| DE | 52.58.238.229:443 | btlr.sharethrough.com | tcp |
| DE | 52.58.238.229:443 | btlr.sharethrough.com | tcp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| IE | 3.162.140.63:443 | hb.yellowblue.io | tcp |
| US | 107.151.11.18:443 | ghb.adtelligent.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| IE | 34.250.137.178:443 | hb.minutemedia-prebid.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ghb1.adtelligent.com | udp |
| US | 107.151.11.18:443 | ghb1.adtelligent.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | 98c1a44fab6165a5c55002409952e170.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| GB | 142.250.180.1:443 | 98c1a44fab6165a5c55002409952e170.safeframe.googlesyndication.com | tcp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.172.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.14.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.238.58.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.137.250.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.11.151.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download2265.mediafire.com | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 199.91.155.6:443 | download2265.mediafire.com | tcp |
| US | 199.91.155.6:443 | download2265.mediafire.com | tcp |
| FR | 185.235.86.194:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.166:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sys.ctrackapp.com | udp |
| IE | 3.162.140.55:443 | sys.ctrackapp.com | tcp |
| IE | 3.162.140.55:443 | sys.ctrackapp.com | tcp |
| US | 8.8.8.8:53 | track.donecperficiam.com | udp |
| IE | 18.66.171.47:443 | track.donecperficiam.com | tcp |
| IE | 18.66.171.47:443 | track.donecperficiam.com | tcp |
| US | 8.8.8.8:53 | go.etoro.com | udp |
| GB | 23.214.118.147:443 | go.etoro.com | tcp |
| GB | 23.214.118.147:443 | go.etoro.com | tcp |
| US | 8.8.8.8:53 | marketing.etorostatic.com | udp |
| US | 8.8.8.8:53 | etoro-cdn.etorostatic.com | udp |
| GB | 104.103.247.210:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 104.103.247.210:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 104.103.247.210:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 104.103.247.210:443 | etoro-cdn.etorostatic.com | tcp |
| US | 8.8.8.8:53 | 55.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.118.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.247.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | dc.services.visualstudio.com | udp |
| NL | 20.50.88.233:443 | dc.services.visualstudio.com | tcp |
| US | 8.8.8.8:53 | 52.178.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.88.50.20.in-addr.arpa | udp |
| GB | 172.217.169.74:443 | translate-pa.googleapis.com | udp |
| GB | 172.217.169.74:443 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | 251.145.39.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
| CH | 185.196.9.26:6302 | tcp | |
| US | 8.8.8.8:53 | 26.9.196.185.in-addr.arpa | udp |
| CH | 185.196.9.6:43164 | tcp | |
| US | 8.8.8.8:53 | 6.9.196.185.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5b6ff6669a863812dff3a9e76cb311e4 |
| SHA1 | 355f7587ad1759634a95ae191b48b8dbaa2f1631 |
| SHA256 | c7fb7eea8bea4488bd4605df51aa560c0e1b11660e9228863eb4ad1be0a07906 |
| SHA512 | d153b1412fadda28c0582984e135b819ba330e01d3299bb4887062ffd6d3303da4f2c4b64a3de277773f4756da361e7bc5885c226ae2a5cfdd16ee60512e2e5e |
\??\pipe\LOCAL\crashpad_4100_WFCFNCQXNKLRNDWE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fbc957a83b42f65c351e04ce810c1c11 |
| SHA1 | 78dcdf88beec5a9c112c145f239aefb1203d55ad |
| SHA256 | 7bb59b74f42792a15762a77ca69f52bf5cc4506261a67f78cd673a2d398e6128 |
| SHA512 | efad54eb0bd521c30bc4a96b9d4cb474c4ca42b4c108e08983a60c880817f61bc19d97538cc09a54b2db95ab9c8996f790672e19fb3851a5d93f174acdfac0ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fd9616ac-fae2-4fd7-b32c-abd72661e0ba.tmp
| MD5 | 6472423167aab7307ff917ede8184679 |
| SHA1 | 95474e256adcb1ee45f137cdc577948b9c6ab453 |
| SHA256 | 8fa9d9dd0bd6b320cf1126ce33ffb5c3f1ca5aa868d0869252eb883ea6256292 |
| SHA512 | a0a2e23790a08a4e4f6b7d2fe2e6923875c46241e56867418ef0d0dee981bfb4f9cbdcf07bc06ce67334ca069a739a325807200888a6ee08aeb37b5eda86edc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | af67f3468d11603a968abfa17fe6833c |
| SHA1 | 6ddefda9fc753aa5a0db40b9da24227625cfc451 |
| SHA256 | a8d067639cf4be42ca3b70e36d328af1d076302c1caadaa88fcea43c4dcdb66e |
| SHA512 | 2346e7ba07d6126cf1dce0714fa7dde89cc3f822f773fc813e0adb2a1e3c4ce2cf3c0c638031a846133ef96b639e3ef8b7b602758868abf92eafa7444a997c62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 855ec8d05a7faf141ca2a8c2ec5f7fc7 |
| SHA1 | 8d8e6f5eb031cf4c90075670129dc4977bdcbff3 |
| SHA256 | 249f4266605892c6109ce29e3cf5cb245c7bcc0d375caa6e7f00d65bb51ea9a3 |
| SHA512 | daf98f27f9bfb0332b552e9e44e8ba0fb0382492210d8777829f133cdf93ee11a3b2baeb4731d27e9f35ca2b98deeed6b3c10243033306c4fdc69f7a91e60212 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ba4c9db4e1d246060d327be32429bc50 |
| SHA1 | a3480d96170c77db11a21ba85caa9ecd9dc429b6 |
| SHA256 | 0875a96452a25a1351ba1c3b1b17e24cbf9f842c745d3d2d499254f5cf07734a |
| SHA512 | f009d4e262db4fdc4cd36272bd9dd09929622d903867ebaf584a78059f2f19cac215917f9c117849e79acffa49bf4682d7bc147524c18b5102a3379da167319a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b2b850dd1c0b701dd60498807b7ed279 |
| SHA1 | 18674a07d8646d48ac35cace6279e797212e2785 |
| SHA256 | ef88b8c1d11c71fb1d85f6228f7bb4e49650ae098708324dfe65d9b438eb7dba |
| SHA512 | fb3d6f799e44b89a193775bcbb576dd10efcdd6dfb96b937d0ca23b3ec97bb0158dfd05fe9e7adb645b0a8e9c48907bc11d0c77b4f31d72f635f078984ea656c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fd7a.TMP
| MD5 | 63ad4fae881db20ac79106d5511d02f4 |
| SHA1 | c81621f3abf239701ae1d4a4195df6251ba3e371 |
| SHA256 | 92d427c1c13ed01690a83bb2244b141d6e37c4c30be7076e2eb15079c449b624 |
| SHA512 | 215def4d9704e5f9a8055b98575d72becdda1e2b95f779f7085edd17c4ef04ce2d6ca256dfe47aa14c7551993c856e749dc5c250cf4521bfbe9e999444c80678 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9e41cac6f45b159b1a7a50c59d4c5c7b |
| SHA1 | 075b5f6662d3afaa01572897863b4e33abc3550a |
| SHA256 | fc562feda2d8911605b29b4795bb54344253714f5a005604f7c6344324d9bffc |
| SHA512 | 9403fb78973d0c6e20655cb19df05a68c7820574b03092b350ff6ac337b2ed11b1cb85dd63fe1a7c8ebf9c35e01137eade6e649e1e4629cd873478b36b027441 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 615020fb8322670be2ad47dac51b6f1b |
| SHA1 | 1c467848abca134e2288cb7e94914ad98a1e2513 |
| SHA256 | 20f3032f1745915f7dec10ef6653849c6ad4ff23721bf2cbd8cdc41456a0967c |
| SHA512 | 8102c02776abfd8bb81e9ac4a18e50175e225ab6daa3ea81916c8ed673ebfcd1d32d3b8a0bb354c413e5e9f9c55507bafb3e0362db35cdd42e500186f652eda4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3e3fd2eaac40ba619e177dd05a8d323f |
| SHA1 | daf9ffba01aea06c6e32a304e9362536a8b6f0e1 |
| SHA256 | 198fe24000a4acaaa03b7e42e31c146ccaabbd0752f29ca14e7f58e2190a645d |
| SHA512 | e1db90836d041337d067babf9c8790ed54c2f75d272b4b9d41f4c57693cde38c6ff048f72f3d4760b6a931e6a56b6bf168bb3bb636aaf0d5c8ab47558b9dd70f |
memory/6076-443-0x0000000000120000-0x00000000001B8000-memory.dmp
memory/6076-444-0x0000000004AA0000-0x0000000004AA6000-memory.dmp
C:\Users\Admin\AppData\Roaming\d3d9.dll
| MD5 | 270a6ebd3e43dc56434536bb1ebac0fd |
| SHA1 | 4bdc90176c08cf369ab10640de61d1e34f642ab9 |
| SHA256 | cffb5d21ffd3a52b3099fb51fe14d2a4220e616a551e3c27f6e61f1fc1b623b6 |
| SHA512 | 1a10af2d9c6c2f8769e6b10b1abf6f0c9a8e857c5cbb58e1aa0f9c742fbc8483804f84cc292e8065bd27d7ec2d6e27bc77088f0173373077dd2acc6958796ea0 |
memory/4524-450-0x0000000000410000-0x0000000000460000-memory.dmp
memory/4524-452-0x0000000004F40000-0x00000000054E4000-memory.dmp
memory/4524-453-0x0000000004990000-0x0000000004A22000-memory.dmp
memory/4524-454-0x0000000004960000-0x000000000496A000-memory.dmp
memory/4524-455-0x0000000005B10000-0x0000000006128000-memory.dmp
memory/4524-456-0x0000000004D30000-0x0000000004E3A000-memory.dmp
memory/4524-457-0x0000000004AE0000-0x0000000004AF2000-memory.dmp
memory/4524-458-0x0000000004C60000-0x0000000004C9C000-memory.dmp
memory/4524-459-0x0000000004CA0000-0x0000000004CEC000-memory.dmp
memory/5764-460-0x0000000000E90000-0x0000000000F3E000-memory.dmp
memory/5764-461-0x0000000005720000-0x0000000005726000-memory.dmp
C:\Users\Admin\AppData\Roaming\d3d9.dll
| MD5 | 404c16d69b0fe8b907bf852eb7f1b80b |
| SHA1 | 079a63d8efe3e8a6001caca2b2be8ec284e6710c |
| SHA256 | 90124b61ae2b59f4b5433e2ecd7287b0b0237f8265c18270b291cff1dd7746d4 |
| SHA512 | 8d490194b0efd9031f2e97069abf04f7676b923604f1c330857ebfcfa44ebc0b61092b03587aaeac2dd502f1e9c6da0e8d65f4f1e679f8778ac1fcffcf2ccf05 |
memory/5752-469-0x00000000007B0000-0x0000000000828000-memory.dmp
memory/5752-471-0x0000000008110000-0x0000000008176000-memory.dmp
memory/4524-472-0x0000000006400000-0x0000000006450000-memory.dmp
memory/5752-473-0x0000000008BF0000-0x0000000008C66000-memory.dmp
memory/5752-474-0x0000000008B70000-0x0000000008B8E000-memory.dmp
memory/5752-475-0x00000000096F0000-0x00000000098B2000-memory.dmp
memory/5752-476-0x0000000009DF0000-0x000000000A31C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 25d3691dda546c214faa9cedbce0ca81 |
| SHA1 | 892a49bc11daa391b6ec0f0d7bcfd4946f36669d |
| SHA256 | af67922ede49fcb14e9ce4c641f0fca121a7808820109541ef51773108c13ee8 |
| SHA512 | 456ba4895f1d306b8bb1adc16651cd9ed5e8008d149f7672b0ab33a363cad419a8034e2ef1441061511bd3b9acf1b7ba2dbc62221df8bf4b85b23b5970fd98c0 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log
| MD5 | f57bf6e78035d7f9150292a466c1a82d |
| SHA1 | 58cce014a5e6a6c6d08f77b1de4ce48e31bc4331 |
| SHA256 | 25a36c129865722052d07b37daa985a3e4b64def94120b6343fb5a96d9026415 |
| SHA512 | fa240d2d26370589457780269bae17a883538f535e6e462cc1f969306522526faacd314d29e78f71902b799046e4395c86c34007d2cfee5090e01cd72150675f |