Analysis Overview
Threat Level: Likely malicious
The file https://waveexecutor.com was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Checks for any installed AV software in registry
Indicator Removal: File Deletion
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Drops file in System32 directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-24 12:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-24 12:14
Reported
2024-08-24 12:19
Platform
win11-20240802-en
Max time kernel
300s
Max time network
301s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\WaveInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Luau Language Server\node.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\KasperskyLab | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\KasperskyLab | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\KasperskyLab\LastUsername | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\KasperskyLab\Session | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\KasperskyLab | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\KasperskyLab\LastUsername = "ninja3280" | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
Checks installed software on the system
Indicator Removal: File Deletion
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\%AppData%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WaveInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2227988167-2813779459-4240799794-1000\{C1F4FB41-C5C0-423D-AB26-FF83DF290253} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox\shell\open | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox\ = "URL: Roblox Protocol" | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe" | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox\URL Protocol | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\shell\open | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe" | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" %1" | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox\shell | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" %1" | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\ = "URL: Roblox Protocol" | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\URL Protocol | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox\DefaultIcon | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox\shell\open\command | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\DefaultIcon | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\shell\open\command | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\roblox-player\shell | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 118286.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\WaveInstaller.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\whoami.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Luau Language Server\node.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://waveexecutor.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc8bfd3cb8,0x7ffc8bfd3cc8,0x7ffc8bfd3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6600 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6240 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9060 /prefetch:8
C:\Users\Admin\Downloads\WaveInstaller.exe
"C:\Users\Admin\Downloads\WaveInstaller.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,16561756238570146036,6581570875875740857,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4940 /prefetch:2
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
"C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
"C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
"C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=4824
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c del *
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\system32\whoami.exe
whoami
C:\Windows\system32\WerFault.exe
werfault.exe
C:\Windows\system32\wininit.exe
wininit
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
C:\Windows\system32\wininit.exe
"C:\Windows\system32\wininit.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | waveexecutor.com | udp |
| MD | 213.232.235.119:443 | waveexecutor.com | tcp |
| MD | 213.232.235.119:443 | waveexecutor.com | tcp |
| MD | 213.232.235.119:443 | waveexecutor.com | tcp |
| MD | 213.232.235.119:443 | waveexecutor.com | tcp |
| MD | 213.232.235.119:443 | waveexecutor.com | tcp |
| MD | 213.232.235.119:443 | waveexecutor.com | tcp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | tcp |
| US | 172.66.132.118:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.132.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| CA | 149.56.240.127:443 | s4.histats.com | tcp |
| FR | 172.217.20.206:443 | fundingchoicesmessages.google.com | tcp |
| FR | 172.217.20.206:443 | fundingchoicesmessages.google.com | udp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | udp |
| FR | 216.58.214.162:443 | ep1.adtrafficquality.google | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| GB | 92.123.142.137:443 | r.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 88.221.135.25:443 | th.bing.com | tcp |
| GB | 92.123.142.161:443 | r.bing.com | tcp |
| GB | 92.123.142.161:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | th.bing.com | tcp |
| NL | 20.190.160.22:443 | login.microsoftonline.com | tcp |
| US | 172.67.73.98:443 | web2.temp-mail.org | tcp |
| US | 172.67.73.98:443 | web2.temp-mail.org | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| GB | 92.123.143.169:80 | apps.identrust.com | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| NL | 152.42.150.143:443 | cdn4.buysellads.net | tcp |
| US | 172.66.43.196:443 | cdn.paddle.com | tcp |
| US | 104.26.6.95:443 | web2.temp-mail.org | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | 166.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| GB | 108.156.39.27:443 | config.aps.amazon-adsystem.com | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 18.245.143.83:443 | tags.crwdcntrl.net | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | pbjs.e-planning.net | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| GB | 159.65.211.77:443 | srv.buysellads.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| NL | 193.3.178.4:443 | pbjs.e-planning.net | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| FR | 5.135.209.96:443 | prg.smartadserver.com | tcp |
| FR | 5.135.209.96:443 | prg.smartadserver.com | tcp |
| FR | 5.135.209.96:443 | prg.smartadserver.com | tcp |
| FR | 5.135.209.96:443 | prg.smartadserver.com | tcp |
| FR | 5.135.209.96:443 | prg.smartadserver.com | tcp |
| FR | 5.135.209.96:443 | prg.smartadserver.com | tcp |
| NL | 188.166.203.175:443 | rt.marphezis.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 172.64.153.78:443 | mp.4dex.io | tcp |
| GB | 18.245.189.34:443 | aax.amazon-adsystem.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| GB | 108.138.217.48:443 | hb.yellowblue.io | tcp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | 78.153.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.189.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.203.166.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| FR | 216.58.214.162:443 | ep1.adtrafficquality.google | udp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | udp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 143.244.153.54:443 | exchange.cootlogix.com | tcp |
| US | 143.244.153.54:443 | exchange.cootlogix.com | tcp |
| US | 143.244.153.54:443 | exchange.cootlogix.com | tcp |
| US | 143.244.153.54:443 | exchange.cootlogix.com | tcp |
| US | 143.244.153.54:443 | exchange.cootlogix.com | tcp |
| US | 143.244.153.54:443 | exchange.cootlogix.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| FR | 142.250.179.65:443 | d5c54c1cfc22c42ed6a50de2fa792365.safeframe.googlesyndication.com | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 35.241.34.106:443 | c.4dex.io | udp |
| NL | 185.235.87.22:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.229:443 | gem.gbc.criteo.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 134.122.117.207:443 | sync.cootlogix.com | tcp |
| GB | 95.100.244.20:443 | contextual.media.net | tcp |
| GB | 92.123.140.75:443 | hb.trustedstack.com | tcp |
| GB | 23.73.139.64:443 | acdn.adnxs.com | tcp |
| GB | 95.100.245.251:443 | eus.rubiconproject.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| GB | 13.224.222.56:443 | eu-west-1-cs-rtb.openwebmp.com | tcp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | tcp |
| US | 52.22.3.193:443 | cs-server-s2s.yellowblue.io | tcp |
| GB | 23.214.129.249:443 | secure-assets.rubiconproject.com | tcp |
| GB | 23.73.139.56:443 | player.aniview.com | tcp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| FR | 217.182.178.228:443 | ssbsync.smartadserver.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 23.22.234.152:443 | api-2-0.spot.im | tcp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| DE | 157.90.211.246:443 | sync.richaudience.com | tcp |
| DE | 157.90.211.246:443 | sync.richaudience.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| IE | 63.35.100.114:443 | ap.lijit.com | tcp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 34.246.165.197:443 | match.prod.bidr.io | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 64.202.112.223:443 | b1sync.zemanta.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 54.205.147.202:443 | sync.srv.stackadapt.com | tcp |
| US | 172.111.38.54:443 | tracker.open-adsyield.com | tcp |
| US | 104.26.2.170:443 | api.getwave.gg | tcp |
| IE | 54.216.57.173:443 | jadserve.postrelease.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 52.240.159.111:443 | www.nuget.org | tcp |
| US | 152.199.23.209:443 | globalcdn.nuget.org | tcp |
| CA | 149.56.240.127:443 | s4.histats.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 104.26.2.170:443 | api.getwave.gg | tcp |
| GB | 23.49.171.19:443 | clientsettingscdn.roblox.com | tcp |
| US | 104.26.2.170:443 | api.getwave.gg | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| GB | 23.49.171.19:443 | clientsettingscdn.roblox.com | tcp |
| GB | 92.123.140.24:443 | setup.rbxcdn.com | tcp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | udp |
| GB | 88.221.135.42:443 | www.bing.com | tcp |
| GB | 88.221.135.42:443 | www.bing.com | tcp |
| NL | 193.3.178.4:443 | pbjs.e-planning.net | tcp |
| NL | 185.89.210.244:443 | secure.adnxs.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 89.149.192.64:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.64:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.64:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.64:443 | prg.smartadserver.com | tcp |
| NL | 188.166.203.175:443 | rt.marphezis.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| US | 35.241.34.106:443 | c.4dex.io | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| NL | 185.235.87.22:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.229:443 | gem.gbc.criteo.com | tcp |
| US | 104.26.3.170:443 | api.getwave.gg | tcp |
| GB | 2.18.66.171:443 | tcp | |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| GB | 95.101.143.185:443 | www.bing.com | tcp |
| GB | 95.101.143.185:443 | www.bing.com | tcp |
| GB | 95.101.143.185:443 | www.bing.com | tcp |
| GB | 95.101.143.185:443 | www.bing.com | tcp |
| GB | 95.101.143.185:443 | www.bing.com | tcp |
| GB | 95.101.143.185:443 | www.bing.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e8115549491cca16e7bfdfec9db7f89a |
| SHA1 | d1eb5c8263cbe146cd88953bb9886c3aeb262742 |
| SHA256 | dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e |
| SHA512 | 851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54 |
\??\pipe\LOCAL\crashpad_5064_IFWJOTEXLGTAHXKI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3e2612636cf368bc811fdc8db09e037d |
| SHA1 | d69e34379f97e35083f4c4ea1249e6f1a5f51d56 |
| SHA256 | 2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9 |
| SHA512 | b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a22b147ab71dc740dbba414d6eb7b047 |
| SHA1 | 7b4317ebad293a039d86305ba06aced46b3d81d1 |
| SHA256 | 9a40aa6d0d3115e4ab664062f2cb895e29335647f8bd345c284f748db38c7ab9 |
| SHA512 | 59c34a15e1043051f0e56e2b697ad5b1873b49052bc2ba90a90da9588430387f0682f93d2f7bbfbbb9dc1827c50cf9dc024615c85742d664b70eb9dd7ed2922c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 8266eb9d769b0040c61f9107b9233d0d |
| SHA1 | 7d84098b0f5a6b1fb73333838e071558086938da |
| SHA256 | 389603813af8808ae7ec8ca4f2bc326b15e4c2ad5d86eeabfb271ac4d170b923 |
| SHA512 | 82854e09e38363bf682d1426cd72d2efe770a58531f8b006c80c32718229cd9699c6db6ae4afe0a5ba64504a08b16568e53ec8fdf2702b5abc41ef7711f011b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 39fd9665d3e040d8bef9a2fefacb0057 |
| SHA1 | 60f882ea18af8cc32df2a88c9ec5e868b609795c |
| SHA256 | bbc7983a63976b250103c4bd9268939c28f9451a8389be6b3c1babf24269982e |
| SHA512 | 7b30138b221a9bca9a34359849aa269b31e6c2e72b97b492490c6550f7c47963e38f7d3a2498f79ce9ce62c29e142bb6ec09f0e0c26241b0ec9a36251c358c92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5a44a8b9a4a85d371626febeaeddeba3 |
| SHA1 | 7deec3e39ba13ec3243f0d36ac5fd7abac406048 |
| SHA256 | 20fee0a44e8f4cb817109632ab0c290f185000edfb6d271b1bc35d48255c1d3b |
| SHA512 | 3a63aedacc6357fdf521036e21b99ba8551c39dd956de871a418ee12da1b7de2edc82226f54ea95c21c8516f6ee42edc4b6e51b53dfafe462a5436566bf76f6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041
| MD5 | e4cc1ece2f2425b10ae2ccc212c1dafc |
| SHA1 | 92609e6d0093693110baa23758382889bcb30da6 |
| SHA256 | 92e9415d8bc8529e2a3f335258ef7ff159cce2965ce3b2b7c15f73720efee809 |
| SHA512 | 2848dee3a6da891b7044518bc97aeafd340705cebe846350b9a7f314b52450f1eb977b8b492638965ce4674ebaa341e4f832438199c3cad2fb0a0793ef83a619 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f775f612fc1634805198d88d186c989f |
| SHA1 | 2d40e163e986052670d5f2017c4590e5f30e31b0 |
| SHA256 | 8c699f11a3d53fd3d7ae52390e083e33aabb2ce43981297b5ce404257139f987 |
| SHA512 | c4b17be465eeacc3abe00ad9c110465943114854946372f74d08656b0cc51a797445a2a8d5edfa8894835d7e754db4b7493c2d258811efa2f3ab74bf7fcc06fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 9708e5224c10eb91f435950128a72070 |
| SHA1 | cc66f87dad487f1db80dc78942a7016d26725ae9 |
| SHA256 | 834c60d1648bb2b2c84ab278eb0690ffdbd6f9dfa393d561eb38aa026dbdef8d |
| SHA512 | 8a7a126e028f6def7f03d4fc69831c2bccabebc48b7d97b816eb263a817934b8db1beb9baf1763ec7421640ef594e0a7fb65ef21cbfdadd90c3c88332f4022c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bbe8af7ca436c11149feca216ed53f54 |
| SHA1 | f0b058cb32a57933cb2b7edab334f437cb9ef68e |
| SHA256 | 3483bfcdbe71da9861999bdede3662212ca42f545286e0f27eea1e00dc892879 |
| SHA512 | 1fb6534cbaf6d199cfe9bd644b271bce3dfaf584b2a7c093fa6b103f19d0a7cde01b7be41c21b5def777cbe2a24d5b618a5c6a4cb5d686e5cc3a7f6fbb7d9cf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e0ab.TMP
| MD5 | 298150384018a34cf98c36831a6d6d8c |
| SHA1 | 8a1e8340e02bbf10dba11c90be63365fc2722179 |
| SHA256 | c043f5fd95bfab057b3f5071eb9430c7cd62eb0ecef49414e6013484eb79b507 |
| SHA512 | 4be5e48f36ca0ca144d4ef0a06593f16a17d4be75dae16cee8ee0ceabf155cac39958eae5c382bfd170cfa0561f8ce939967f367b1b6d37b7c494b34c90ea604 |
C:\Users\Admin\Downloads\Unconfirmed 118286.crdownload
| MD5 | 215d509bc217f7878270c161763b471e |
| SHA1 | bfe0a2580d54cfa28d3ff5ef8dc754fdc73adcd9 |
| SHA256 | 984dfc64c10f96c5350d6d9216a5d7abfece1658dfc93925f7a6b0c80817c886 |
| SHA512 | 68e615dfcb1b7770ad64175438a913744c14bdd3af93b339c2b526271bdd0d23334e78d049fdae8ca9fe66672a8cf252ebf891be9ab6c46a3d8f1fb00fa8c83b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6cc4004ab735d64e81317c98eaed3254 |
| SHA1 | daa69d6b9cbc659befcd172589f2c254d65d59eb |
| SHA256 | 57a0f2af0ee772a303085b5be36a6b3c0442ad8880628cf503f5e2c00cd5be09 |
| SHA512 | 37057a010afaca1ff9273c425189dbc305ae0035013161b148b27d58f7f002e68ac32e2d2c4649201e4b790444ed95b7c956808b06b13c8c62b05a7e34e7694f |
C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier
| MD5 | cd3a5e6eec35de14651207c2cfdee595 |
| SHA1 | 0f6909b1e52032fb0d290c07ed9cd9ac011b63f1 |
| SHA256 | 70f9e8f0e7a2a4f63584f9082e88f19f02357d47cc790243c714e48718a011a5 |
| SHA512 | e301f8f5752bcb8a1c211f6f4b4733d96e676d9da4e9837b88b7e2e667c57a51eaaa5085086b477a64c87dbef80032a7f8f711ca0676550335f62d3f78cf425e |
memory/7028-588-0x0000000000E70000-0x00000000010BA000-memory.dmp
memory/7028-589-0x000000000A200000-0x000000000A238000-memory.dmp
memory/7028-590-0x000000000A1D0000-0x000000000A1DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b22bb18662a9948c5d8fa55c5751f830 |
| SHA1 | 6225f8910cb3914534034c39a623742c53cd25e5 |
| SHA256 | 6e55db91e44de9df5067309a6d6c78d17e1f1f2364b6013483b2ad7b69189585 |
| SHA512 | 365e8eb00d739fb3f67b4bd17b921c19579d03039be0b0c5ee701de9f3bce56279cc262addb39116bfc7f955c8fb4a0f2846ace5da89be1149995549c0cbf09c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1ace494b30e696b44ece723ee1fd847b |
| SHA1 | 27c7e950a832bd9a7578420dc98a0dbf4d46be9c |
| SHA256 | 493e403b6dfe413e796a0297aab29fb71d65fed7a868538814a01e21f6eb68c2 |
| SHA512 | f820b751186dae4923462b1e332f3aec2e76fa72e1e8b466e6d134bd561c965c030ed36bda271f042ac3ec363002c5eb78d8f5cce9c2559da2627b6d5916ab90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a39db0d6dfdc6b2e6424c33c3c087447 |
| SHA1 | 65ab141ea3811b06d830d5710ab1dd667b3e33f3 |
| SHA256 | bc937e441af7bf52ac17c6250c8837c169dcc802e6ef961c060ca572b9188138 |
| SHA512 | 9191ba19c05e935ef51d90c84844d82b3842050e4f9e87c107cc22c4cd0334a88fdbf830db945a379dc52ea3a96015d0283325a9426a06e00c3b906886ae6202 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6b5bf512becd04de80ee5a44efc857d2 |
| SHA1 | f8680a7702cd5823169bbf25d0ef67d0d78571c5 |
| SHA256 | e8702803418e07bd12d9ca88491a8c39ea3696551e87c667a5e888c450c900e5 |
| SHA512 | 1dc9877e2346294ee04249f8b65a24fff4332cb15544dd00c4f90c574ff11388c24258aa7ba04487673361d50cffc8c505952fca25b445d9c8eb05cd67a81567 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 91056d506754f9974614dd3ecd96e9d8 |
| SHA1 | 372ba6696ab3ec571e093b369627dd5d29c7f09a |
| SHA256 | f67945d94d481823f455862feb07c13cd1cbd080182b471ae450ef0ece6d05c5 |
| SHA512 | 06daa155e7c6ff6a213189d4dca34c170114fb715a452e0929d2e371b319945e031efa4a0f0fa8f40f7299e5b625a0c6d44401386dfe00d8095e98d3c4fc2c69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d5d71e842f5c3c8c2b86501d4092b3e7 |
| SHA1 | 7f3b5587c8f8bcdeb3b8f9a9739af81f1d313a61 |
| SHA256 | 1b63ba89b008505fb6653082982db26e9da7e933a332ae3b14f03c20761346d7 |
| SHA512 | 308a19654c6354c61d69f60f6746006786a843fef17e26ef044a02576e4073c1d01fc7b5fd8be0a17af1c583e19eaeba2bc8693fce58f739c06c1173dbb9a04c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 16c4f292ca8f31778b06ae8ca37de814 |
| SHA1 | 31f9397c3f066a1f125022e5a79b94c4e00f2c1b |
| SHA256 | c8ab134c1089315778a4917c991e88ea8840db177385b02902342d73581d8d35 |
| SHA512 | 8ca187e9c1ea046594972840fe0bd755be79f25c03d58614ca473cc2a23a61b0fea198db6797e6c71d65d7e5cd3c9acab1faef1dbaff94db72d7a5d18fdec28d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c4350a5d45a9f7b0aa47560595845291 |
| SHA1 | 7693477d7bcfd343c675371f3c286d89524cc822 |
| SHA256 | eb37d264e5a303b5cd71d634adf14cb1562a02c65507deb595042985849c047a |
| SHA512 | f8c54d0dc9f9d75be8ca6412859216f15a7963a3e5f8cf361a871c9a8e63cc5da081ca07a60e312df4d504b5ee6113497351009355c5b450eefadde9ec45a57a |
memory/7028-730-0x0000000006030000-0x00000000060C6000-memory.dmp
memory/7028-731-0x00000000067E0000-0x0000000006806000-memory.dmp
memory/7028-732-0x0000000006830000-0x0000000006838000-memory.dmp
memory/7028-734-0x000000000AAA0000-0x000000000AB12000-memory.dmp
memory/7028-735-0x000000000AB20000-0x000000000AB2A000-memory.dmp
memory/7028-736-0x000000000AB30000-0x000000000AB3A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c15c9e9089674d3d50cc3e39e9b483c2 |
| SHA1 | 4dacfd9852ed1c586bc9469410ec9a1db912d470 |
| SHA256 | 8513fc9a292af8479fa977a4eeec23ec8ebccf79e6da3c4ad23b7fcde50da10a |
| SHA512 | e92bb9c2ab4f423e6e821fb602638e5f045573dbdebef968cbb2b4152201d045a259960b057a9e31e1b9f69470f64e971ef3e8c72e7c7d36a9b489336541c3c2 |
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
| MD5 | 495df8a4dee554179394b33daece4d1e |
| SHA1 | 0a67a0e43b4b4e3e25a736d08de4cec22033b696 |
| SHA256 | 201263498c60fa595f394650c53a08d0b82850349123b97d41565e145ddf2f42 |
| SHA512 | ce3bef1038741f7a0f90cc131a4a1883fd84b006654024d591f5451e73166b4cae546e307c358b5b90aa0e6517bf7b6098f1f59a3ecc01598d4feb26e6b6af33 |
memory/2544-961-0x0000000000500000-0x00000000005F2000-memory.dmp
memory/2544-963-0x00000000085D0000-0x00000000086D4000-memory.dmp
memory/2544-964-0x00000000092D0000-0x00000000092E6000-memory.dmp
memory/2544-965-0x0000000009310000-0x000000000931A000-memory.dmp
memory/2544-966-0x0000000009350000-0x0000000009358000-memory.dmp
memory/2544-967-0x00000000093B0000-0x00000000093CE000-memory.dmp
C:\Users\Admin\AppData\Local\Wave\d3dcompiler_47.dll
| MD5 | 3b4647bcb9feb591c2c05d1a606ed988 |
| SHA1 | b42c59f96fb069fd49009dfd94550a7764e6c97c |
| SHA256 | 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7 |
| SHA512 | 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50 |
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
| MD5 | b8631bbd78d3935042e47b672c19ccc3 |
| SHA1 | cd0ea137f1544a31d2a62aaed157486dce3ecebe |
| SHA256 | 9cfda541d595dc20a55df5422001dfb58debd401df3abff21b1eee8ede28451c |
| SHA512 | 0c51d6247e39f7851538a5916b24972e845abfe429f0abdc7b532f654b4afe73dc6e1936f1b062da63bfc90273d3cbc297bf6c802e615f3711d0f180c070aa26 |
memory/4824-973-0x0000000000FA0000-0x00000000017A2000-memory.dmp
memory/4824-974-0x0000000006250000-0x0000000006302000-memory.dmp
memory/4824-975-0x0000000006300000-0x00000000063A0000-memory.dmp
memory/4824-976-0x0000000006000000-0x0000000006008000-memory.dmp
C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js
| MD5 | 6b1cad741d0b6374435f7e1faa93b5e7 |
| SHA1 | 7b1957e63c10f4422421245e4dc64074455fd62a |
| SHA256 | 6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f |
| SHA512 | a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253 |
memory/4824-981-0x0000000009F60000-0x000000000A012000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f4c46b53069a7b239bead74777f50ce8 |
| SHA1 | 7d8ba1222baf550627271f5134a132dfe6a48ef1 |
| SHA256 | 53ff787136abcb0afeaca8d02244a88e7499bf6f4468eec3faa9497e20f478d8 |
| SHA512 | d2f009f165c6f44567b3d394bb0fbbe0ca0dcfe21e7537b9f891fd607443294005bb6d98e5124bd986a9ef7f026c565374c4c1b1eac5b99551ddc8269dfb72a8 |
memory/4824-996-0x000000000B6C0000-0x000000000B6E2000-memory.dmp
memory/4824-997-0x000000000BD20000-0x000000000C077000-memory.dmp
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
| MD5 | 772c9fecbd0397f6cfb3d866cf3a5d7d |
| SHA1 | 6de3355d866d0627a756d0d4e29318e67650dacf |
| SHA256 | 2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f |
| SHA512 | 82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31 |
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f6638a9568fb52b1c721a14b4bbe24fa |
| SHA1 | b1373d68208957eaa45bf747ccdda16bc343f125 |
| SHA256 | 03311d08cf9eac7d7f47fae0d5cd075287f567eec10d5093f8469c9b216f72a2 |
| SHA512 | f276b72436102846dc3fc07bccf2825d1e8d3c38c9ddcd8dfd3752ad9f798ca71b9546c67663c3fd9b2cbc65987b3a8621d0305df1c728f51b29ca9b1883d9dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 088710d471b40e33e62411d67eca1904 |
| SHA1 | 5bddbf28cd73677181f3fec3899a99fb74a9b49f |
| SHA256 | 21aeb1ae8d8edd0a7c97fd10ead931f1371d51d8a9c2d602e079fa992f3dacaf |
| SHA512 | 1e7c27dc90561ea22c5de18a68504e2a1dded2a38da6aa0625b061bb3efa3a99636585dc2a199ad7639ee80e8b26b3856e179a5aad9055b7ce156d7cc49cbd1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 967354adf6dede30cff37cbc8deafb28 |
| SHA1 | 72230710f0565a8b4bd2cbcf09b1931665973e03 |
| SHA256 | 24d9b3770c061249b14a13e8764b87a115b1fcd499879e4125ba0539c2d5067b |
| SHA512 | ed564e97ace527e047c22e74635a7a29a252beef9a1356576b17758b8ab927d19b47fb6b73d61cdcda84262a094b4acd2e2617189792288dba673270ce711864 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\configs\DateTimeLocaleConfigs\zh-tw.json
| MD5 | 702c9879f2289959ceaa91d3045f28aa |
| SHA1 | 775072f139acc8eafb219af355f60b2f57094276 |
| SHA256 | a92a6988175f9c1d073e4b54bf6a31f9b5d3652eebdf6a351fb5e12bda76cbd5 |
| SHA512 | 815a6bef134c0db7a5926f0cf4b3f7702d71b0b2f13eca9539cd2fc5a61eea81b1884e4c4bc0b3398880589bff809ac8d5df833e7e4aeda4a1244e9a875d1e97 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\configs\DateTimeLocaleConfigs\zh-hans.json
| MD5 | fb6605abd624d1923aef5f2122b5ae58 |
| SHA1 | 6e98c0a31fa39c781df33628b55568e095be7d71 |
| SHA256 | 7b993133d329c46c0c437d985eead54432944d7b46db6ad6ea755505b8629d00 |
| SHA512 | 97a14eda2010033265b379aa5553359293baf4988a4cdde8a40b0315e318a7b30feee7f5e14c68131e85610c00585d0c67e636999e3af9b5b2209e1a27a82223 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\Cursors\KeyboardMouse\IBeamCursor.png
| MD5 | 464c4983fa06ad6cf235ec6793de5f83 |
| SHA1 | 8afeb666c8aee7290ab587a2bfb29fc3551669e8 |
| SHA256 | 99fd7f104948c6ab002d1ec69ffd6c896c91f9accc499588df0980b4346ecbed |
| SHA512 | f805f5f38535fe487b899486c8de6cf630114964e2c3ebc2af7152a82c6f6faef681b4d936a1867b5dff6566b688b5c01105074443cc2086b3fe71f7e6e404b1 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\DeveloperFramework\PageNavigation\button_control_previous.png
| MD5 | 6e8a105456aaf54799b1ae4c90000ff1 |
| SHA1 | 5a9a277b6ef822caaede13b34c222fb69451c141 |
| SHA256 | fac4a9e1c49c9f3fc07dbce40f4648987cf90f4c2ed0a96827630341621e9845 |
| SHA512 | 8e74329066b3c0c4b8303976cc4207b94ebc7ee38b74dedd490c2006feb53a99a0671e407ec649ec9da6a4d3ddff46bb7150963dfa8254364ab619db9ec3fd54 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\DeveloperFramework\PageNavigation\button_control_next.png
| MD5 | 34a4a4801e02097cef3e46e6b9c67c41 |
| SHA1 | 2f271ae04352f39bb72c677a16da03f19a51f672 |
| SHA256 | 7ca0bdacdebc16eace9d67078a5ecbc8d9f6098fad80e0d8c09fb5f708ad389b |
| SHA512 | 87a29f06c2539a6df2f043fbee747812f0672a9a6a97df906d8a38b9ede7a7e7ad2a61850888e39ad6b45f422680f4c89cc40c3724b1b4a0312dde8c35ed2a75 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\Clear.png
| MD5 | fa8eaf9266c707e151bb20281b3c0988 |
| SHA1 | 3ca097ad4cd097745d33d386cc2d626ece8cb969 |
| SHA256 | 8cf08bf7e50fea7b38f59f162ed956346c55a714ed8a9a8b0a1ada7e18480bc2 |
| SHA512 | e29274300eab297c6de895bb39170f73f0a4ffa2a8c3732caeeeac16e2c25fb58bb401fdd5823cc62d9c413ec6c43d7c46861d7e14d52f8d9d8ff632e29f167c |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\TerrainTools\checkbox_square.png
| MD5 | 2cb16991a26dc803f43963bdc7571e3f |
| SHA1 | 12ad66a51b60eeaed199bc521800f7c763a3bc7b |
| SHA256 | c7bae6d856f3bd9f00c122522eb3534d0d198a9473b6a379a5c3458181870646 |
| SHA512 | 4c9467e5e2d83b778d0fb8b6fd97964f8d8126f07bfd50c5d68c256703f291ceaed56be057e8e2c591b2d2c49f6b7e099a2b7088d0bf5bdd901433459663b1f8 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\StudioUIEditor\valueBoxRoundedRectangle.png
| MD5 | 521fb651c83453bf42d7432896040e5e |
| SHA1 | 8fdbf2cc2617b5b58aaa91b94b0bf755d951cad9 |
| SHA256 | 630303ec4701779eaf86cc9fbf744b625becda53badc7271cbb6ddc56e638d70 |
| SHA512 | 8fa0a50e52a3c7c53735c7dd7af275ebc9c1843f55bb30ebe0587a85955a8da94ff993822d233f7ed118b1070a7d67718b55ba4a597dc49ed2bf2a3836c696f6 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\AssetConfig\[email protected]
| MD5 | 97788161324392fe1af78ff82b9c953b |
| SHA1 | e9992beba9b73f7a03e7426dbf12fdd219633c4e |
| SHA256 | cf2c4273a398e58620f7f751ab9ccae36da95fbd39055184b4f3cc96393ebadc |
| SHA512 | 447fca7cd7249597403de54621bb53663f3e378fa043d439ef1abd4363775d28402c6670d4a06d23381073b7585b30661dbf9aea35eef66ea92c8a2501730266 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected]
| MD5 | 55b64987636b9740ab1de7debd1f0b2f |
| SHA1 | 96f67222ce7d7748ec968e95a2f6495860f9d9c9 |
| SHA256 | f4a6bb3347ee3e603ea0b2f009bfa802103bc434ae3ff1db1f2043fa8cace8fc |
| SHA512 | 73a88a278747de3fefbaabb3ff90c1c0750c8d6c17746787f17061f4eff933620407336bf9b755f4222b0943b07d8c4d01de1815d42ea65e78e0daa7072591e9 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected]
| MD5 | 83e9b7823c0a5c4c67a603a734233dec |
| SHA1 | 2eaf04ad636bf71afdf73b004d17d366ac6d333e |
| SHA256 | 3b5e06eb1a89975def847101f700f0caa60fe0198f53e51974ef1608c6e1e067 |
| SHA512 | e8abb39a1ec340ac5c7d63137f607cd09eae0e885e4f73b84d8adad1b8f574155b92fbf2c9d3013f64ebbb6d55ead5419e7546b0f70dcde976d49e7440743b0f |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\Thumbstick2.png
| MD5 | a402aacac8be906bcc07d50669d32061 |
| SHA1 | 9d75c1afbe9fc482983978cae4c553aa32625640 |
| SHA256 | 62a313b6cc9ffe7dd86bc9c4fcd7b8e8d1f14a15cdf41a53fb69af4ae3416102 |
| SHA512 | d11567bcaad8bbd9e2b9f497c3215102c7e7546caf425e93791502d3d2b3f78dec13609796fcd6e1e7f5c7d794bac074d00a74001e7fe943d63463b483877546 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected]
| MD5 | 499333dae156bb4c9e9309a4842be4c8 |
| SHA1 | d18c4c36bdb297208589dc93715560acaf761c3a |
| SHA256 | d35a74469f1436f114c27c730a5ec0793073bcf098db37f10158d562a3174591 |
| SHA512 | 91c64173d2cdabc045c70e0538d45e1022cc74ec04989565b85f0f26fe3e788b700a0956a07a8c91d34c06fc1b7fad43bbdbb41b0c6f15b9881c3e46def8103e |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected]
| MD5 | e8c88cf5c5ef7ae5ddee2d0e8376b32f |
| SHA1 | 77f2a5b11436d247d1acc3bac8edffc99c496839 |
| SHA256 | 9607af14604a8e8eb1dec45d3eeca01fed33140c0ccc3e6ef8ca4a1f6219b5dd |
| SHA512 | 32f5a1e907705346a56fbddfe0d8841d05415ff7abe28ae9281ba46fedf8270b982be0090b72e2e32de0ce36e21934f80eaf508fd010f7ab132d39f5305fb68f |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\Thumbstick1.png
| MD5 | 2cbe38df9a03133ddf11a940c09b49cd |
| SHA1 | 6fb5c191ed8ce9495c66b90aaf53662bfe199846 |
| SHA256 | 0835a661199a7d8df7249e8ae925987184efcc4fb85d9efac3cc2c1495020517 |
| SHA512 | dcef5baccef9fff632456fe7bc3c4f4a403363d9103a8047a55f4bd4c413d0c5f751a2e37385fe9eba7a420dbdb77ca2ff883d47fcdd35af222191cc5bd5c7a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 95cd7cd72f607a48441344856344fbf0 |
| SHA1 | d27b49c9f0085eae467867249074d0cbb6330891 |
| SHA256 | e7885b67def46b6942f204bbeacfb2ae7c95b8f45e635bb95cd3b92043f77be7 |
| SHA512 | 945894f1c88cab2924bab134640d582a03313cb8045348bd4a117b229bc01c0ab61a0e24df7aeed40191f1a65ecb62dd840edc5a838be262f56db5678f508fd4 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\[email protected]
| MD5 | 3fec0191b36b9d9448a73ff1a937a1f7 |
| SHA1 | bee7d28204245e3088689ac08da18b43eae531ba |
| SHA256 | 1a03e6f6a0de045aa588544c392d671c040b82a5598b4246af04f5a74910dc89 |
| SHA512 | a8ab2bc2d937963af36d3255c6ea09cae6ab1599996450004bb18e8b8bdfbdde728821ac1662d8a0466680679011d8f366577b143766838fe91edf08a40353ce |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\shimmer_lightTheme.png
| MD5 | 4f8f43c5d5c2895640ed4fdca39737d5 |
| SHA1 | fb46095bdfcab74d61e1171632c25f783ef495fa |
| SHA256 | fc57f32c26087eef61b37850d60934eda1100ca8773f08e487191a74766053d1 |
| SHA512 | 7aebc0f79b2b23a76fb41df8bab4411813ffb1abc5e2797810679c0eaa690e7af7561b8473405694bd967470be337417fa42e30f0318acbf171d8f31620a31aa |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaDiscussions\buttonFill.png
| MD5 | 81ce54dfd6605840a1bd2f9b0b3f807d |
| SHA1 | 4a3a4c05b9c14c305a8bb06c768abc4958ba2f1c |
| SHA256 | 0a6a5cafb4dee0d8c1d182ddec9f68ca0471d7fc820cf8dc2d68f27a35cd3386 |
| SHA512 | 57069c8ac03dd0fdfd97e2844c19138800ff6f7d508c26e5bc400b30fe78baa0991cc39f0f86fa10cd5d12b6b11b0b09c1a770e5cb2fdca157c2c8986a09e5ff |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\sounds\ouch.ogg
| MD5 | 9404c52d6f311da02d65d4320bfebb59 |
| SHA1 | 0b5b5c2e7c631894953d5828fec06bdf6adba55f |
| SHA256 | c9775e361392877d1d521d0450a5368ee92d37dc542bc5e514373c9d5003f317 |
| SHA512 | 22aa1acbcdcf56f571170d9c32fd0d025c50936387203a7827dbb925f352d2bc082a8a79db61c2d1f1795ad979e93367c80205d9141b73d806ae08fa089837c4 |
C:\Users\Admin\AppData\Local\Bloxstrap\Modifications\ClientSettings\ClientAppSettings.json
| MD5 | 636492f4af87f25c20bd34a731007d86 |
| SHA1 | 22a5c237a739ab0df4ff87c9e3d79dbe0c89b56a |
| SHA256 | 22a1e85723295eeb854345be57f7d6fb56f02b232a95d69405bf9d9e67a0fa0d |
| SHA512 | cd2e3a738f535eb1a119bd4c319555899bcd4ce1049d7f8591a1a68c26844f33c1bd1e171706533b5c36263ade5e275b55d40f5710e0210e010925969182cd0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 485db4563466037a2c7a303dc01d3f18 |
| SHA1 | 54c04a1676a4a9dde678711b2af9636a3be40f4c |
| SHA256 | bf2bbde94f3f18580145c46a5cd23b78b6e0580266ba2398d63941bdddb0fec6 |
| SHA512 | e40497295c2592a239e9d98845270d551067669c2c36d5a3dd0c1df09ddbbd39e67d999dc88d3e64289d2a13da4c50d6978d4b76b725d37ab4f250a6b6ab1540 |
memory/4824-8137-0x00000000067C0000-0x00000000067C8000-memory.dmp
memory/4824-8138-0x0000000006840000-0x000000000684A000-memory.dmp
memory/4824-8139-0x0000000006940000-0x0000000006948000-memory.dmp
memory/4824-8140-0x00000000069A0000-0x00000000069C6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e9987d06e7f856850698b58d0de66f9c |
| SHA1 | 450084b216e7e7d7e943e411d2b80139e4f161a7 |
| SHA256 | 8ebe9d1f3d398fedac3e42f0d22a157edf85fdf8609a132d647bc592e3abc522 |
| SHA512 | 5eb5d47a10e9737588dc543246731774475fa13a58e741943280db428014444ab874331db67b4596cf7cab3fbc23630fc0da2a24f6816f33cc6e325e1a0ee73e |
memory/4824-8177-0x00000000069D0000-0x0000000006A08000-memory.dmp
memory/4824-8178-0x000000000E2E0000-0x000000000E80C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dbaefc7b08978844dfe34d7592154750 |
| SHA1 | efecbc9c4e1b3215654d94ef06124d84fe2bb936 |
| SHA256 | 949bf7e4c17162908ebe3b0af58f14e5e3fa5519fa2c2273266df85f4342f8db |
| SHA512 | 64dd87d352d3f8de9ffd0bb7548aa9187efc8a7cd1f97b8355d9b917c31f4146fb22a3861545bd35accb74836e108cad981b453a79c84089cd1083234c095417 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8910e1fe9e344b73a6f7f768f0de1977 |
| SHA1 | f75e24c79a10662e78d708f87f1fc57eb79010b5 |
| SHA256 | f23d14cecb0d1615cdf69103c5abbcbf558cbdb3c7b2e75a27a91140c34f7e8c |
| SHA512 | 7d1c5b73f291961dcadd73516589c9a0cef63988ee0d4b6c807a1dcdd5e81c045b5cbcea97a2e569369734aa1d989a1f0efe2bce000c31db6d4b33f1b7a4e510 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 765039ba5cce56f3dbebe1a39cdff7dc |
| SHA1 | 65cca73e93b0278eb34eb4d3b33bf6ea2acbdb46 |
| SHA256 | 88447d173e7a083884b41bc398d0adb2b2b09a1bea91a1cc50bffd7169866ea1 |
| SHA512 | abcea250f29e7e778f7bbde5fe9b9baf001939ba1337e2e2b9138433e7ea282d5f0db078a93a735c6990c26a17aaee51c7fb059407c7c2d1adc7a30d50094ef1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0a68a70934a876926845b6287497ce27 |
| SHA1 | 727117a8f7515cf86c0072f80c28f17cd46f03fa |
| SHA256 | ac228fa24454bac447501dc8a0d9581a206ffd38d82e986c99f0c2d33382d14f |
| SHA512 | b8f4a6ec3bbe1cb3a34eead3ba4708984372491afe88e379906cf37072e4c97d2884184ffeb99d62693bb4791d1c724a7a73ffdcccfe942d6bc6f52a64837cc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 01a4edea8283b75f5c88130546e10994 |
| SHA1 | d438fa7c97919e06835d8e43885734f1c6c0a6e0 |
| SHA256 | f4b073df1db3966f6cf518cbd5f233aa3139e09948a466fae5b9af5c34795f94 |
| SHA512 | 7a0a22ac1bc653ba15cdebc817d5ffe7446362a082d235b43535949b394d16f53584fa852026b46592bac50f0b01e74c4a86ddee1da0ffa85ebf1b5bb9031c7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7ad602adbb9115629cc0d117731dac46 |
| SHA1 | 3a58a48ebd309f98f71d1c5c5bb1464362a671d0 |
| SHA256 | 040e9c9c51b3d2dfd04229bdf47536be5ac58b65f96cbefcf274ff7165315f5e |
| SHA512 | dcbb5184f6d3b6e0ac3b1ec1cf2316023394d785d4215e6d41013ce7041073933a5d3be3229d730c7569bb043907b5937b6c2aa19b67099e886552e108e3dd39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ba9f008419cb3ac91b56c7ba8fe5e4a8 |
| SHA1 | d6e26b3795e188c73f68ed24df0432c944278431 |
| SHA256 | 19da200fe1f8410e6fcf18b71c0316c02fa3ca255734f920cd880baac690e2ed |
| SHA512 | 78803b8ac8ca963e49f57598bccd6fe9a2513face7113df781a58c329a81cfcc5b0e4c10d8855c09926e17ea9afe7727d8a614baaf73cbedeebe7f46592f808f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5097fbcba8a77175ebee8680522c7378 |
| SHA1 | a95e6991488be1b53014db89774dd9272b38a5f9 |
| SHA256 | e8eec7aa914e346860599fee91034d599cdda61b35e6965eca684317aceebd43 |
| SHA512 | b3448e1750316415b2fe8d7f5a96368f09fda9cf6a6ca3ed5acd09344c956bc3f924b63e5ef0755a633c7c81ea2b7f41e1bb4cd38e9fc22a3159946dfc007ade |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b08fcd279c5d061555440d8c0e7e916 |
| SHA1 | 06e6cfbef081ae65dab5198e34a65d707a3af247 |
| SHA256 | 6fd2f19de610069d6fd1ad4b1292a929514f8a2283c0c7804528a9f55056d83b |
| SHA512 | c12852d0374bf62eed66c89abab03a505c4a4b129395a27d2dc7530430bd65fa46c89ec4f3d998bf00d18799ba95d164040321e1ae550a1e9eeb22c1f446c990 |
memory/7952-8288-0x000002841E9F0000-0x000002841EA12000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wy2wfqft.dcf.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d1c8b32d3d9faec609b423397bf707b5 |
| SHA1 | 6226a97c10a462a3175fe587c9bc324b020e756c |
| SHA256 | b2753a199dd2eac99223704b3436ed0d54b8357503e8b4995807fc1af0dd5500 |
| SHA512 | 77695663969c5eb1b958330cb9f565e8f40257fd6fa8836d240e011e0d1f95872c6dbe97a914029663b244b8a98024b31bdabdbd25f4d2581f2ddbd897039cd6 |
memory/7952-8298-0x000002841EF20000-0x000002841EF66000-memory.dmp