Analysis Overview
Threat Level: Known bad
The file https://app.mediafire.com/jjtzeom4qvvxb was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Executes dropped EXE
Suspicious use of SetThreadContext
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-09 22:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-09 22:07
Reported
2024-07-09 22:11
Platform
win10v2004-20240709-en
Max time kernel
238s
Max time network
240s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\maizu hack v1.4\maizu hack v1.4.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\maizu hack v1.4\maizu hack v1.4.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1628 set thread context of 3592 | N/A | C:\Users\Admin\Downloads\maizu hack v1.4\maizu hack v1.4.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 2812 set thread context of 4864 | N/A | C:\Users\Admin\Downloads\maizu hack v1.4\maizu hack v1.4.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.mediafire.com/jjtzeom4qvvxb
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1c2846f8,0x7ffa1c284708,0x7ffa1c284718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5580 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7316 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4333254353574499280,17085101152661721473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\maizu_hack v1.4 (1).rar"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\maizu hack v1.4\Read me.txt
C:\Users\Admin\Downloads\maizu hack v1.4\maizu hack v1.4.exe
"C:\Users\Admin\Downloads\maizu hack v1.4\maizu hack v1.4.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Downloads\maizu hack v1.4\maizu hack v1.4.exe
"C:\Users\Admin\Downloads\maizu hack v1.4\maizu hack v1.4.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\maizu hack v1.4\version.dll
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | app.mediafire.com | udp |
| US | 104.16.114.74:443 | app.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.71.125.74.in-addr.arpa | udp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 54.148.53.136:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.88.190.35.in-addr.arpa | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | 136.53.148.54.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| GB | 172.217.169.78:443 | translate.google.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| GB | 18.154.84.60:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.16.53.110:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.179.234:443 | translate.googleapis.com | tcp |
| US | 172.67.73.78:443 | www.mediafiredls.com | tcp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| DE | 18.159.176.86:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | 144.170.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.187.37.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.73.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.176.159.18.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| GB | 18.245.143.58:443 | tags.crwdcntrl.net | tcp |
| IE | 54.154.176.81:443 | bcp.crwdcntrl.net | tcp |
| IE | 108.128.111.241:443 | bcp.crwdcntrl.net | tcp |
| GB | 172.217.169.78:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.176.154.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.111.128.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.143.245.18.in-addr.arpa | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | cc5fae0e2f0fa1e6e576c6ff5a3381c4.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | cc5fae0e2f0fa1e6e576c6ff5a3381c4.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| GB | 18.245.255.11:443 | cdn.prod.uidapi.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| GB | 23.36.168.202:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| GB | 95.100.244.20:443 | contextual.media.net | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.255.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.168.36.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.244.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| FR | 185.235.86.103:443 | ag.gbc.criteo.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| NL | 185.235.87.198:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 103.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download2267.mediafire.com | udp |
| US | 199.91.155.8:443 | download2267.mediafire.com | tcp |
| US | 199.91.155.8:443 | download2267.mediafire.com | tcp |
| US | 199.91.155.8:443 | download2267.mediafire.com | tcp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| GB | 18.165.227.80:443 | woreppercomming.com | tcp |
| GB | 142.250.179.234:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 8.8.8.8:53 | 8.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.52.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.227.165.18.in-addr.arpa | udp |
| US | 104.21.79.34:443 | www.chancial.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 3.124.95.75:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 172.217.169.78:443 | www.googleoptimize.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | 34.79.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.95.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.143.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www-static.operacdn.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| DE | 3.124.95.75:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 142.250.179.234:443 | translate-pa.googleapis.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| GB | 142.250.200.10:443 | ajax.googleapis.com | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| GB | 172.217.169.78:443 | www.googleoptimize.com | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| GB | 142.250.200.10:443 | ajax.googleapis.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| DE | 18.159.249.143:443 | btlr.sharethrough.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 143.249.159.18.in-addr.arpa | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 3a39805db5c43285fec648ebecdae8a0.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| IE | 54.72.120.129:443 | ad.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 129.120.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 199.91.155.8:443 | download2267.mediafire.com | tcp |
| US | 199.91.155.8:443 | download2267.mediafire.com | tcp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 199.91.155.8:443 | download2267.mediafire.com | tcp |
| US | 8.8.8.8:53 | track.wargaming-aff.com | udp |
| NL | 35.204.100.195:443 | track.wargaming-aff.com | tcp |
| NL | 35.204.100.195:443 | track.wargaming-aff.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | track.wg-aff.com | udp |
| US | 8.8.8.8:53 | 195.100.204.35.in-addr.arpa | udp |
| NL | 35.204.130.99:443 | track.wg-aff.com | tcp |
| US | 8.8.8.8:53 | trck.wargaming.net | udp |
| LU | 92.223.23.231:443 | trck.wargaming.net | tcp |
| US | 8.8.8.8:53 | join.worldoftanks.eu | udp |
| LU | 92.223.51.163:443 | join.worldoftanks.eu | tcp |
| US | 8.8.8.8:53 | lms-static.wgcdn.co | udp |
| US | 8.8.8.8:53 | cdn2wotcom.gcdn.co | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| NL | 93.123.17.254:443 | cdn2wotcom.gcdn.co | tcp |
| NL | 93.123.17.254:443 | cdn2wotcom.gcdn.co | tcp |
| NL | 93.123.17.254:443 | cdn2wotcom.gcdn.co | tcp |
| NL | 93.123.17.254:443 | cdn2wotcom.gcdn.co | tcp |
| NL | 93.123.17.254:443 | cdn2wotcom.gcdn.co | tcp |
| NL | 93.123.17.254:443 | cdn2wotcom.gcdn.co | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| NL | 93.123.17.254:443 | cdn2wotcom.gcdn.co | tcp |
| US | 8.8.8.8:53 | 99.130.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.51.223.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.23.223.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.178.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.17.123.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 8.8.8.8:53 | tenor.wargaming.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 157.240.210.14:443 | connect.facebook.net | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | 14.210.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 13.107.21.237:443 | bat.bing.com | tcp |
| LU | 92.223.21.23:443 | tenor.wargaming.net | tcp |
| US | 151.101.65.44:443 | cdn.taboola.com | tcp |
| LU | 92.223.21.23:443 | tenor.wargaming.net | tcp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.21.223.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.64.8.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trc-events.taboola.com | udp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| GB | 142.250.179.234:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 48.228.226.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.239.69.13.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | bitchsafettyudjwu.shop | udp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 8.8.8.8:53 | bouncedgowp.shop | udp |
| US | 172.67.214.52:443 | bouncedgowp.shop | tcp |
| US | 8.8.8.8:53 | bannngwko.shop | udp |
| US | 172.67.146.61:443 | bannngwko.shop | tcp |
| US | 8.8.8.8:53 | 50.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bargainnykwo.shop | udp |
| US | 104.21.47.93:443 | bargainnykwo.shop | tcp |
| US | 8.8.8.8:53 | affecthorsedpo.shop | udp |
| US | 172.67.135.137:443 | affecthorsedpo.shop | tcp |
| US | 8.8.8.8:53 | radiationnopp.shop | udp |
| US | 172.67.196.169:443 | radiationnopp.shop | tcp |
| US | 8.8.8.8:53 | 52.214.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.47.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | answerrsdo.shop | udp |
| US | 104.21.44.192:443 | answerrsdo.shop | tcp |
| US | 8.8.8.8:53 | publicitttyps.shop | udp |
| US | 104.21.25.154:443 | publicitttyps.shop | tcp |
| US | 8.8.8.8:53 | benchillppwo.shop | udp |
| US | 104.21.81.128:443 | benchillppwo.shop | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | 137.135.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.196.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.44.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.25.21.104.in-addr.arpa | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | reinforcedirectorywd.shop | udp |
| US | 172.67.214.98:443 | reinforcedirectorywd.shop | tcp |
| US | 8.8.8.8:53 | 128.81.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.143.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.214.67.172.in-addr.arpa | udp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 172.67.214.52:443 | bouncedgowp.shop | tcp |
| US | 172.67.146.61:443 | bannngwko.shop | tcp |
| US | 104.21.47.93:443 | bargainnykwo.shop | tcp |
| US | 172.67.135.137:443 | affecthorsedpo.shop | tcp |
| US | 172.67.196.169:443 | radiationnopp.shop | tcp |
| US | 104.21.44.192:443 | answerrsdo.shop | tcp |
| US | 104.21.25.154:443 | publicitttyps.shop | tcp |
| US | 104.21.81.128:443 | benchillppwo.shop | tcp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 172.67.214.98:443 | reinforcedirectorywd.shop | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 10fa19df148444a77ceec60cabd2ce21 |
| SHA1 | 685b599c497668166ede4945d8885d204fd8d70f |
| SHA256 | c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b |
| SHA512 | 3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef |
\??\pipe\LOCAL\crashpad_3524_JTTEZKFLLKXNNQOI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 75c9f57baeefeecd6c184627de951c1e |
| SHA1 | 52e0468e13cbfc9f15fc62cc27ce14367a996cff |
| SHA256 | 648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f |
| SHA512 | c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0b2421f8a865ea169ee159398292e0e3 |
| SHA1 | f3506c17a3a9976f135ab582b8c5b35b56d2c1ec |
| SHA256 | b9790d8b8bebad2c9ab64f05ef2b17ad156751a852f8c75b6fea0f0bd8eff166 |
| SHA512 | 6fddd2d39f6cb155bf919c4d4e62c85c4b0cc9621558db91be7651c0b3344f2496afca73f3fe397c93009696ce30c4b088f7756ddd9834ab2f588475e033178b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9e674ec4da5f3b558cf7832512458863 |
| SHA1 | 8dd9e139dd996db746fc7147a224448941fa0153 |
| SHA256 | 6c9cabbe99f02349ed5b9c841d1fac8682af370b22845ace903adf450763687a |
| SHA512 | d742519d1923b5d0c02473232dff5b4353779e6119d28e3a0dc8a4ab4955beba14043aee3382abe60932cbc5a2682ae0e70b618727631c22440f469b98bf14ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cb952012e4d12e31911b121fb8800d5d |
| SHA1 | 63459671cf6077a93a8aba8508bc38db29c6af01 |
| SHA256 | f02a8e25cb564991a7728133b164329561e591718e47026913acb0d83373b7a2 |
| SHA512 | 0a7af4497192dbb7d7b090edafa2674e300586ef24af8a7159b794036d8e8d2eb18a6bde1d2928ee49e0f75a67f0368154ff19226feba026404849d722b2d4f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bc036c6e-6c7d-4c76-9240-2be21af6248e.tmp
| MD5 | c4481b29d5e95fea74ba5281ef375484 |
| SHA1 | fab2b26763919eff7abaf9e9c8366eb1ead5562a |
| SHA256 | 2913775d7bd7260d33c03d5f7716decafcabb1de477b623bad1703a2b10ad5af |
| SHA512 | 2bc59c25e8dc5c2f9e81d07ef59e1fc5529b9eae45ded554d360d14cc50df0f5abf94b94ccd7c7797fb86522093ddc092a4afe0dbbcca05d869e2da852cd0eb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8f6e232d486df0e607cde6c557bf38fa |
| SHA1 | d5614e987c5729e439ffbdb2ab937b5e442e1349 |
| SHA256 | d69698ed72d9be14843195e55c370d98846ccd64deb37cc8558f53deb775a0d8 |
| SHA512 | 5b3f54b4a93415e48f26aad0af0cf96595bb586e191453a79378a30187f72873f5dff716072a7a521acb5c543b56ae0871105738d185f451b7778dc5003a5044 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f523ffbed76bb2b2bd06a215e5db59d5 |
| SHA1 | 0e970c38cb2c1b1346c9f9c8247d51e38df8df9e |
| SHA256 | eab94fce96d55ae0c5944a7ab9c8a420d0729f4b751d6e1af8361f1287485195 |
| SHA512 | b5f296758aae3454c7c78b9d67c96642f08e07dc5ee0765e64cf45afb7e0267b9a9916dd2a461c252aad4fecf901c74a1aaf53cabe5ef3adbc477d86188bbf67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 492c0bc2580bd993b32329aa55281716 |
| SHA1 | 083c9421f9865ed18388f536fc4f591bd4189f40 |
| SHA256 | b01dcd9e24c0c08818cd173688ccc34683195c78f26d329ee93e29132b107875 |
| SHA512 | 416d4d860848802de3929d2f087990e1be9ec846a08d01c72cf6ceab05474a120359c1360f29ea5bc50c7fa02c3e860f0c233449330029e6e16f0caa9d8e9898 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a041076cb004d25dda3e03e8f2d5f2ee |
| SHA1 | 25e7789f83b0bae3a9d9efd758b3e3125a75be95 |
| SHA256 | 9121919540b725f704951d671bc0132aa7f00fa048a27113451f8eedb2ece9cc |
| SHA512 | 25b305b6f30017be729a17b58398bdb3ce5b4933e5ac1c905e41a3e3d7094ff6262ee98e3b170c125528b14b9268ce14558994920bfdbdfe69fb9f1c5f8f146f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3bb4c6969c81e5a5ae06ffd54aada94f |
| SHA1 | da05472bf7406ba83233bd23090446865c57251c |
| SHA256 | 956521770d7e4b7a5bac8bdb50652822fceef0028337c2de72bf77a1a5e2c043 |
| SHA512 | c660a2626021b6e3a5bb74649e098df1f787365507d692d4af0c72b23c84769bc51c9eda96c7f9dff1d32bb5b4412ccaa9c35c3de8af7a3431afa4ef8b4144bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6cedff36908780e3615b03571a4410f7 |
| SHA1 | 23e18d91e0b217f7a490d5e627712ffe429227bc |
| SHA256 | 35c90197f930147ab3acd877153a78e6265de7f23f4e271fbeab0fb526ac0dea |
| SHA512 | 4da9713a595ba9e4f98388beb5748ba00d543311b71f97608c55d3f67bd5bba1cdcc2ee31f201bfb2f03aaf887cdaa5377dbe95d02cf08eeda66b0e43d539c27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c53e55caf4e2751d60aa9443688083e2 |
| SHA1 | 710c628af52731fd84c70347d4699abd7e3535d1 |
| SHA256 | c2293e18e890548e914d3521adc526b7c51aa6695413b9b4e4bba5b80fd7b19d |
| SHA512 | 9374b66ee0d69f39907365f9ad504b828da43650992be2a4793c2d39d9ec476a55b57038f06d753d1a6252b8a7d9e38022474b13a429c6e77f6b327f7704dd47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 569e124e15b3570e45e3468d27717483 |
| SHA1 | 025a63f5f65a3160d9091ec7e805fe353321a4ea |
| SHA256 | ca7511ff5b5f2dc4dcf696620132cf9b5341c8de72e16cfc4b8cc79b8883335d |
| SHA512 | f36e09ba11ac50be8bf25fa9eb24fa2b5ac3d1d3e46be3e2ab188c5fed508be435693a6dc567dafc68795e7c10a7e9191099b7456c89a6a94ba4044c74867c08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3444a8029d1e64fa29b8296af99066f2 |
| SHA1 | 1d9781cae5ebf8562102a07da92c14bfed885f86 |
| SHA256 | bdd65d2485f1b90ffd1c050988e3c0cf9f322a0e9f311d1c8820465d2133047e |
| SHA512 | de11aa3525dc771dd8365fdb82ebf8dbf9e9ffbab07da8500e3529c77734667f8f68c53da43786a3aedb839ec10a1647839845ae5bc076b97eb861bffeeb880c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 14983b73ab2f5052ff8949b49dd6ea13 |
| SHA1 | 9f71f593047dd05abdb159bc9b88f1ffff9084cd |
| SHA256 | 1a9ca0265dfac157f259f233c84e783f31fda985b33351d4501bac311de385b5 |
| SHA512 | e2b6de8a539992623f1cd246a291c7b4b5ebad414a5ccb66dd68365f9f00ec3945dabb235ce1df33871a7460d7c3a50b94df1c24079bd8890c5c9d821c67a766 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | c807bf56b66b71c4418bd9a9242b0e02 |
| SHA1 | 1cc934a8c81c7638cdc45e4dffc260cd03752b31 |
| SHA256 | 6afbad53e39d9e02690339f82973ce008615118570b5a6c1e8a26e7529e92428 |
| SHA512 | 6d93c9f61b291a390fec35a3c696beef719bdac419c3550b73a9cabff7b88aada437a97c2e38cda3e178d27b7e012267a3fc8d5f900914258a193a5ca1a2fc71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 660c3b546f2a131de50b69b91f26c636 |
| SHA1 | 70f80e7f10e1dd9180efe191ce92d28296ec9035 |
| SHA256 | fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9 |
| SHA512 | 6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | e4f37577a87aef08accc9a7b895bd8dd |
| SHA1 | 573f899c4d183a8e87aebe9f8e94ec64b133f360 |
| SHA256 | 643d12096550ed5a404662c3e22684c50af641219fbe3612699ff21698b28685 |
| SHA512 | 03328678e46ad14dbfa9b8feaee1c8d50ba859a943acc0106cd204fa59f99fb060df49611a79b293d16dda838f3710ceebdefbd9106e9f2459607a46dd97ab2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 165f5abbb6751bfaa1033c04ffdfabdf |
| SHA1 | 76967d5b73be37cf579d4dd84949c5e1db182569 |
| SHA256 | ad80bece4f1116d03890dd4d33fdf847235380478f6a4b0cb51ae516ed75761c |
| SHA512 | 802e898b7321f3fac838c058090d3a60b216cb8b8d26dbfb5949a954ac777d4bec225f9de6dea58df4b7b452b5e96ba94823041741cb6053a9963e95f7bb7d26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 80ce935486b82cd30af7140b97bacfce |
| SHA1 | fbcbd884e471b90980ccda594e0e415c8cfbdd79 |
| SHA256 | b4ffc8603e031d9d2713d2791901f252b30f1b02e2e33eeca3109fecab714c58 |
| SHA512 | a8eee1331e30360b78bc5e1ea24254ac7821275b7c8ba08f73e52e9c6668d97bf19b395014cc135f20a72745844613dc53e36158be1a26eb70b30ab4ae02ee89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 89e211be131c280d1516039cf68b9916 |
| SHA1 | 2283208127262906130dc96f0956cab410227ec9 |
| SHA256 | a9a45bfa6df3b4f625bb0e0cacc7742233b54f1b46c9e389301a167cf2ed079a |
| SHA512 | 668e5d854db892144684a0b1748ddda6fb097e37a0e8e09833a4a8d860c342f9fb8541791ad353fb4be1ae5fd3ebb25ac13e1091205cd34b1dd78c6830dc1552 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0
| MD5 | 98450e3e5e5466ec591090cdabb40a38 |
| SHA1 | 273cdde62303725b4e5a66379de0335c76eab5b6 |
| SHA256 | dd8afa99205dd815d5bed0c3f46ae5ec8d5166d3249c7bef0c70fb1add867b1d |
| SHA512 | 5fb3680b21cc584395e6813e4efde2fc39d956cc554911a7be43518519983448788dd54e9bdd9d2aea797f8f99bf3c10bff67c91710088e3c90e209632e355d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 6b04ab52540bdc8a646d6e42255a6c4b |
| SHA1 | 4cdfc59b5b62dafa3b20d23a165716b5218aa646 |
| SHA256 | 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d |
| SHA512 | 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | c03ff64e7985603de96e7f84ec7dd438 |
| SHA1 | dfc067c6cb07b81281561fdfe995aca09c18d0e9 |
| SHA256 | 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526 |
| SHA512 | bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 90b24a47e986e581a2d77166916056c7 |
| SHA1 | badc6f8400278c90109e72e95727b579802c52b4 |
| SHA256 | 29706de1ba3a2c0100f7b43476d3fdf7022316b2ce48c8287d58ca0e36ae2ee3 |
| SHA512 | 5565ed3c6ceb02d8b9c1e57505477a207f34b168792557312a29523bcab3313f85251dd55a781c3d4905ecfeab0c017bb22c814dec920eaa83e075ea38017c50 |
C:\Users\Admin\Downloads\ec411196-7079-4020-b2fb-5b26cb5c7d20.tmp
| MD5 | 3ade4a7a22ed836d81142c1011e638d3 |
| SHA1 | 0fdd23a746e782e16ec57fe68539ec5a5c363811 |
| SHA256 | b1ffb2187dbfd9a5389d741590aeac769dfdb7046eb84092fbf75e8d58062cec |
| SHA512 | 1334f5a97c95990bca0c28aecd5e5922759a55d1f9238c52064fdde93cbf5a387ea759fe673a05bf894a2e4f3e9fef97f03b96616bf3ec709a220f3aeafeb87c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 267ba1c03f02215a661d3bbf2ce6f0a9 |
| SHA1 | 4aa971d84437db793ff1a80fe63a4e377a69e4de |
| SHA256 | 1f3a8a561259f10902edb0e843c8cddef63f80bc2bca9b3ee7ddd528ebab3266 |
| SHA512 | 3db052249115e2505ab372cb6b8f46dcf2d4483a2349d1117e3663d15700cf5854adde41df2a81246d55ea754987ee0237d57ca7957cf3f253fefab3b7a8e87b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 53a0b7bdc87d8d82ba770a6199739aa2 |
| SHA1 | 64ab3a01e9a997e2985900b950f7dd8ae904dc4f |
| SHA256 | f6dabd45b7cee0b5581f2769ce3575fb51bb9ac34e0ade2134d0b88a49c6b1aa |
| SHA512 | dd106fbf4a6f1d1ed1eec39df61c0f67ea9aaabe569e8a2ea7ae471f2aa1afe6e18102fe465d6e1634ecb3cf19ce2ad2acfa01b67fdf0234f3ac11f1459531eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d9b4bddb3c8d5caec4ddd3e33d97dd3f |
| SHA1 | d1c0ddf3259bc8404fe5317bee509c87ef8736c5 |
| SHA256 | 0de1f71bd141e3830b8ba4112139da780e470e4c8e9f3c3f2b1e7cca4b97adc7 |
| SHA512 | b8b646262b6c2a87c83e29fa8bf8d36c53993c108019c2b409a3b3bee56e0009526be1243ced8cf3bc48d4170bf7ba072eb4597aa84a2511adc1a110098cc5d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 555e6565a7674ccaf22c826aa29f6d66 |
| SHA1 | b0c27ee8a03d36b99275f236b18d5ef709b5da16 |
| SHA256 | f3d5a914d814db1abeaa53d44937376b7adeac6366cd06c8347f12d7ea5944a2 |
| SHA512 | 7063f57c857a35acaa78ebd49ed878fd8ac53561833cc8a163e2183f30b2ec3593612ddbddbbc4314d9202ef020dcd40a648ed6a036cc5eabc7b659703543e24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 673d9eba11a507f4715440252bfa8d23 |
| SHA1 | 51ad94045bcb8b5ffa09e6d6de1002218b31c1a4 |
| SHA256 | 39f69ab4ce6f93033b637b09ed9f816721cdeb0869d92b75895047489e918a55 |
| SHA512 | 50bc67a6c6d93e9c394a6816ada2777080fa65493e1ca09b035b4c8199938e929d3c94d62453732e6ce82a6799dbe2fac4cffcc3475e64e81b01c67275a351ce |
C:\Users\Admin\Downloads\maizu hack v1.4\data\aim.dll
| MD5 | 34d2ae40522c8aca067172f3108d4bac |
| SHA1 | 0632a56c3d0fa2b6d46ec689c83c8a7465099012 |
| SHA256 | 0416210832c265bd2bad1319c65478194ec64789a7587cb35b51d1b4869586ed |
| SHA512 | 372639c3c4532b83d11988b6bc58f81e3a90b1dfd8da98f400e620fe9fe4eb8f2c7c2e3dc91708cd615b82e35374665c3601190091f4a597a553d5613b0f20ac |
C:\Users\Admin\Downloads\maizu hack v1.4\Read me.txt
| MD5 | 50f5f8213d683d87ef0f2b518f1f3441 |
| SHA1 | 1f2314548a89fc9d730f309c29f2a8c4a71c6b5e |
| SHA256 | 6e801521644c758a9c8c4e7834f5925d25f28cb1c94285c99163200d6627c37c |
| SHA512 | 98163d2392ad1a3c72d1df4ff9b2bc47ad4f5fbf10f784722e3149854a4977e8f26b99ef7ebd55290604d50ce362284f30416c959e214f5601a886d3adc6891b |
memory/3592-873-0x0000000000400000-0x0000000000451000-memory.dmp
memory/3592-874-0x0000000000400000-0x0000000000451000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7e3ddada1600a2e1f1c325884bd22ef5 |
| SHA1 | 58bb659da63a7b446d8463a2c9390dc4ef1939df |
| SHA256 | 3c72a39e2e6f4557338a69ff5e50062fd404c6577a0652b45cb8293c2bf5d193 |
| SHA512 | 66bb440ec634c9f304ee9a172d096c41514d21cb7d00ab93da71d2f19621e07dd278c2f92ca43fc7ad2c8ae175743b5fbb244ca71526cc010e18ce23ebf34c84 |
C:\Users\Admin\Downloads\maizu hack v1.4\version.dll
| MD5 | a5b8f7deff0734c7e985d2a756b22ff8 |
| SHA1 | 656f8fe90c2d59942171f1e081827b3d038c1414 |
| SHA256 | 9d86f442f65c177cf2a6e659c974ce81e16acaa2663c378c6c6052da8e9c3e6a |
| SHA512 | 404aa5fd2c6823fe71ff0c2b6dc341b64772b936645e69a805e67a4217f3fe1d73b398eae445f2e7745324f4ae6f23707f5258027fbe1ceb98947b59c44897f0 |