Analysis Overview
Threat Level: Known bad
The file http://fortnite hacks was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateUserProcessOtherParentProcess
Rhadamanthys
Command and Scripting Interpreter: PowerShell
Executes dropped EXE
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-18 07:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-18 07:20
Reported
2024-09-18 07:24
Platform
win10v2004-20240802-en
Max time kernel
211s
Max time network
212s
Command Line
Signatures
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 460 created 2604 | N/A | C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe | C:\Windows\system32\sihost.exe |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\openwith.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{58CAB6F0-62CC-408D-820A-396FD3A35EA5} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\RG_Catalyst\launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fortnite hacks
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe746446f8,0x7ffe74644708,0x7ffe74644718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x500
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14306691311737113061,3151814172761993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
C:\Users\Admin\Downloads\RG_Catalyst\launcher.exe
"C:\Users\Admin\Downloads\RG_Catalyst\launcher.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe"
C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe
C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe
C:\Windows\SysWOW64\openwith.exe
"C:\Windows\system32\openwith.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault7eb9aa51h81f1h43d7h9015h647e3ab93fae
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe746446f8,0x7ffe74644708,0x7ffe74644718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12123340677068003006,11828206615422346874,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12123340677068003006,11828206615422346874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 2.17.209.56:443 | www.bing.com | tcp |
| GB | 2.17.209.56:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 56.209.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.143.146:443 | th.bing.com | tcp |
| GB | 2.17.209.43:443 | r.bing.com | tcp |
| GB | 2.17.209.43:443 | r.bing.com | tcp |
| GB | 92.123.143.146:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.209.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.68:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse2.mm.bing.net | udp |
| US | 8.8.8.8:53 | tse3.mm.bing.net | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 216.58.204.65:443 | yt3.ggpht.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | be.com | udp |
| US | 172.67.203.142:80 | be.com | tcp |
| US | 172.67.203.142:80 | be.com | tcp |
| US | 172.67.203.142:443 | be.com | tcp |
| US | 8.8.8.8:53 | www.be.com | udp |
| US | 8.8.8.8:53 | ced-ns.sascdn.com | udp |
| US | 8.8.8.8:53 | factory.reworldmedia.com | udp |
| FR | 91.220.85.233:443 | factory.reworldmedia.com | tcp |
| US | 8.8.8.8:53 | js.himediads.com | udp |
| GB | 88.221.134.88:443 | ced-ns.sascdn.com | tcp |
| US | 8.8.8.8:53 | sf.be.com | udp |
| US | 8.8.8.8:53 | sf1.be.com | udp |
| US | 8.8.8.8:53 | sf2.be.com | udp |
| US | 8.8.8.8:53 | sf2.viepratique.fr | udp |
| US | 8.8.8.8:53 | sf1.viepratique.fr | udp |
| US | 8.8.8.8:53 | ads.rubiconproject.com | udp |
| US | 104.26.9.18:443 | sf1.viepratique.fr | tcp |
| US | 104.26.8.18:443 | sf1.viepratique.fr | tcp |
| GB | 23.215.239.190:443 | ads.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | vjs.zencdn.net | udp |
| US | 151.101.130.217:443 | vjs.zencdn.net | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 151.101.130.217:443 | vjs.zencdn.net | tcp |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | sdk.mrf.io | udp |
| US | 8.8.8.8:53 | api.dmcdn.net | udp |
| US | 172.67.159.162:443 | sdk.mrf.io | tcp |
| US | 8.8.8.8:53 | s.w.org | udp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| GB | 108.156.46.24:443 | api.dmcdn.net | tcp |
| GB | 13.224.222.87:443 | sdk.privacy-center.org | tcp |
| US | 8.8.8.8:53 | w.estat.com | udp |
| FR | 15.237.22.192:443 | w.estat.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | implcit.afcdn.com | udp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| US | 104.26.14.106:443 | implcit.afcdn.com | tcp |
| FR | 15.237.22.192:443 | w.estat.com | tcp |
| US | 8.8.8.8:53 | www.wysistat.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| FR | 57.128.80.55:443 | www.wysistat.com | tcp |
| GB | 157.240.221.16:443 | connect.facebook.net | tcp |
| US | 151.101.65.108:443 | acdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | 88.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.85.220.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.239.215.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.222.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.159.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.14.26.104.in-addr.arpa | udp |
| GB | 142.250.179.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| NL | 185.89.210.212:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 55.80.128.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | events.newsroom.bi | udp |
| FR | 162.19.96.4:443 | events.newsroom.bi | tcp |
| FR | 162.19.96.4:443 | events.newsroom.bi | tcp |
| FR | 162.19.96.4:443 | events.newsroom.bi | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| BE | 74.125.133.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.96.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.133.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-q4fzen7l.googlevideo.com | udp |
| US | 173.194.140.10:443 | rr5---sn-q4fzen7l.googlevideo.com | tcp |
| US | 173.194.140.10:443 | rr5---sn-q4fzen7l.googlevideo.com | tcp |
| US | 173.194.140.10:443 | rr5---sn-q4fzen7l.googlevideo.com | tcp |
| US | 173.194.140.10:443 | rr5---sn-q4fzen7l.googlevideo.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 10.140.194.173.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 173.194.140.10:443 | rr5---sn-q4fzen7l.googlevideo.com | tcp |
| US | 173.194.140.10:443 | rr5---sn-q4fzen7l.googlevideo.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 142.250.187.238:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.187.238:443 | youtube.com | tcp |
| GB | 142.250.200.54:443 | i.ytimg.com | udp |
| GB | 216.58.204.65:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.212.193:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.212.193:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| GB | 216.58.212.193:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | tcp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 40.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | rr1---sn-5hne6nsy.googlevideo.com | udp |
| NL | 172.217.132.102:443 | rr1---sn-5hne6nsy.googlevideo.com | tcp |
| NL | 172.217.132.102:443 | rr1---sn-5hne6nsy.googlevideo.com | udp |
| US | 8.8.8.8:53 | 102.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yt3.googleusercontent.com | udp |
| GB | 172.217.169.65:443 | yt3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tinyurl.com | udp |
| US | 104.17.112.233:443 | tinyurl.com | tcp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.112.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ucfd083461bf6c511ffc3c20b8d1.dl.dropboxusercontent.com | udp |
| GB | 162.125.64.15:443 | ucfd083461bf6c511ffc3c20b8d1.dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.17.209.59:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 59.209.17.2.in-addr.arpa | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | udp |
| GB | 142.250.187.206:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dd2754d1bea40445984d65abee82b21 |
| SHA1 | 4b6a5658bae9a784a370a115fbb4a12e92bd3390 |
| SHA256 | 183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d |
| SHA512 | 92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1 |
\??\pipe\LOCAL\crashpad_3528_JLCFXIIDRCUULCLW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecf7ca53c80b5245e35839009d12f866 |
| SHA1 | a7af77cf31d410708ebd35a232a80bddfb0615bb |
| SHA256 | 882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687 |
| SHA512 | 706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 65e16e78f6984354b823a85b2b1424f5 |
| SHA1 | 8216dd5974731888e58515196fef594ac146b291 |
| SHA256 | 2e55a0da9e11c0618cd42facd37b42dc04e3f3cf95c0554279e47a3d927d5f7c |
| SHA512 | c63ada573a970aae7307b7eae5a6585b226db570d16cdf134e5e4c40bcc5c0e717239d23ab5c83ada63282c408038fcb5e0b8233cf8332ac5c4bfd68663c51d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5a802881ddfe7339f59480a152ebc09b |
| SHA1 | 85068601977133fad768aea670c9ab0f97605f25 |
| SHA256 | c21f559ff7070e39d63b05e317d4f5bb6a0cfac3c7b9a76640f29eb2ce0772c4 |
| SHA512 | 60b254911b53e57de082ce449718eb05bc7f54c05dd441b36cec43162a8dd24426952cc23f95c2d7402c752a8d64ce8c62943c1f39b518098660927ebfa9cb12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2264718bb68558633ae7f6f6f3129b00 |
| SHA1 | 5a7fd3a07ced71556da87316f806d9e235f78afc |
| SHA256 | 1bf6c0261430ee281edfe99d868b4559f527afbca856cfff1fd88b7c9034a353 |
| SHA512 | a72c5bf853f29e7e71ff9858c1585244ce4b1a7a00a9bb89e0bac9b2168704b8dc78d1c159cda782fda286a4a0af7b2ac690dc6920b1ed9a2329602c481ff7f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e8627be418f1f3486517db621a6f7f3f |
| SHA1 | 95755332e19e500aa933c5428aa072acca34b2e9 |
| SHA256 | 71ce3439770237eb31c65f7c787b6c3e8f383c551e05e81d2f9de330927a5ce5 |
| SHA512 | 935b76e143ce2082831572ad51c0b0ef58b4f35188f211846a62f84178871826ab439779e885bd1131cbc56d240f9eada03394ec60cf1483f4e4b60c06a67130 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6f299d5395c17f0242d0b6f61fe028f3 |
| SHA1 | 9e0821ba4dd0273b2ba096dd7acf28433026590e |
| SHA256 | 8a8cad85e56a319e2f9e60e15c93dba4c2658d9e02e414f4443a76e7acb27802 |
| SHA512 | 4ba9cbbc0766680c474e584fdb7e17aadfebaccae3b5aed51423495332fda30ca418ba08284444edb413087b1b3caed6ec2825525e4955871cff11c3ae8a117d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | a8afed32334a97c981a84a4bf47943ed |
| SHA1 | a1f8e497fd647e83e644349ac6e9279ab682c1fb |
| SHA256 | 9cf7ee9a15b9834e641b441e62ef7ea407a6e854979acd2a0a2f7abafdfc13b8 |
| SHA512 | d4209b24d27a619c5bb83035ae3a0c6ca95e86dc0ae6f4bb0a90915d7144696f5328e283d37398956c46d3256ddcb9844d2f01c490c8f224469bf83a185d04a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fa74f0ec54adb880216ac7fb7a5a22c3 |
| SHA1 | 20e262df21f49e48dc14f1c52448a6b14145b5ff |
| SHA256 | 855061ed20c4cca0fb4d40f6cf8d9d544661e6e09f0a11a50d32612b38d985da |
| SHA512 | a607ee8b1756297c0759accd5d69c8084cf85cd8c4fa718b5c567efdaae31dcb79712e8a204d30cab470a225ab65475cc78668a07726e2fadb5199bec8e090cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | c324e9a7421f1b17a4e52f0552553a92 |
| SHA1 | 4ff1998135d2ae7e504e7ec21c955d11180138bb |
| SHA256 | 9dae5ec128d657712b4b2719ec3f4c97e5f8a614316630bf1fb5c657d92894b9 |
| SHA512 | 53640669d27772c390b805000be40c732078850ced8434dd8a6c4a105a0d58a2db148098062da26d82984204a06e28d75f3bfa48eb0efe5ecaa766d174fec741 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 4c0945f9cd3425f23b18a632dd19099d |
| SHA1 | 9674c45b6c1393c7296f08dbe50cf71420b41f3a |
| SHA256 | 871a22125ada1947db0d9b93696124666f66054116b8db33b3b6733971084730 |
| SHA512 | 0a69031e5dd0e84cf52376953f751eab6772746f4b1c33a1951dcff2ee68b972ea19af8bc63f402c93fd107649af337334f0fb077452f24bc3b6328b083a8296 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e17d0aae60a9c48b0a229b8689e44f68 |
| SHA1 | 105b169d9c79d9e9d694832b7cba64d035a2fae8 |
| SHA256 | 9e4ef500e6cf3362db1a88f3b57d9941d02b9f5c7daaa59c2905634459386ddf |
| SHA512 | d0868a6f9f0f26b79bad4830519288eee281fd628b9ffd632a8561577b75941a5825edb6755c212fdc1c9155a91164ffef7468dbbfb46d2bad79669360aa4bd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7bb7e0078bd80d67217536e1b8067fc0 |
| SHA1 | b51c730c3d9ff98cca0a4bd52c618ddee620af0c |
| SHA256 | 3fd03a6a45a5f8dd570a2928411a5987e0166153f6224963aeee25757618266b |
| SHA512 | cfdf4d35f0f1f5144596d2951641b868298bcc83aa9992efcbb065a7f572152feb6b9a4fa22f0df115c453fbed5a12b96219a1b27be17380bb49890063643bee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58623f.TMP
| MD5 | f98817ec768684422040047a52db885a |
| SHA1 | 9c6481af0988dd0be4425735d43a0af75518cf8f |
| SHA256 | 40d53cbae70bf6169f94b6c744c12846b1fc2f37fe5b2505d5824417e9d9e8f6 |
| SHA512 | c5287b4eb9192ebd834d6d8b4b9e9ea9bf55bbba1d6f364dc59b6c7d2c0271d8080c3a2c1166d35fcfce92c61988bd0f8a05328a2c3ad2184ad9426bdd4e1f49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 42a0ee4a10061aae074dc508b990b5b8 |
| SHA1 | ffafc86fe2936140e49e058939b4e60805e9c1e8 |
| SHA256 | edf2b6cbad0ddd523f37a588b544debd399fb0c8c073350a980fe68eaedbbc4b |
| SHA512 | b67372b17ff2b02a9e7ba3b9897fcfe9dd3ca4fd5d59925017baa66083fd55556af55a7d60d0b2d8a17aefd323be2cc07bb3f5e076879c65d841c9d719e9f9bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3d6282b707c3350b3813eccb5130ae5c |
| SHA1 | 392b3e0d14f598aea4b434e4f07aca1e29f2bc24 |
| SHA256 | 0493cd9e74bbfb8fd7824f781c62e54156f8b0f9a54255f72c7eb2372f04d5e2 |
| SHA512 | 1480551f0a4778e98a82ac755160e74a7a8794cffad4a4b99d062f00b4dea16044db52e1c65bfb9d2f93290433aebc572c411c6bee9123d0544d9f2d469e4c08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a515.TMP
| MD5 | 82700e87674913609e68c903b045fc17 |
| SHA1 | 5aee46a7ec40ea46e47c119bf23b4a68e1d392b8 |
| SHA256 | cb9bc4100c76f0481d2ca3ff81e1e2466780a8afeaaa56018f5178a81eda04f7 |
| SHA512 | a0fc2b13cb7ff80d997af2ed35819bbb1d00300a499641f05e4381a39c2c281ec6b72a7321ceb2bf684a3adbe1086b460a975638eb4441bcb0619e7af0095fc1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 548b5555f6889fda54406069e7963d53 |
| SHA1 | 787fcc3b61b065bd4b408350f56b07b4244745d0 |
| SHA256 | a3f7b00da2a1d67e2c9a8cf828c531c2102435d7abf4fb9d12df6ea5c7fd6f15 |
| SHA512 | a214500e94d6792bfeca7a899d919280028956550c1c2805ea838cb0e6a3fde607c83e021de3ae296ea1bae2896c0e3aa9b52d45369fb39fb63fcf506e4072d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4fea375c0ebd7cdb5ab6aa82893facae |
| SHA1 | 0f2f6e5b646d7254cab8f77cffdd82bca45cfcff |
| SHA256 | e4d8f7a700adb104d3eab82b3c73cc73fa615268d2f2e8e34e8c69ad51dce761 |
| SHA512 | 69cae15ca879e037de25f374060607251a7a1b2d21d765072343666820415bd1af96ba811cf341975f1e3a7200720ac351f95a6b8319043ead20e2f7f142f9ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bd700a20dd183f38ed7195ede97aedb6 |
| SHA1 | cbfb67586d6877f5354994041babe928de5c29f9 |
| SHA256 | b6dc6086cc5ad64dc438116d703285dfabf025273dab0269bcbebe2344c76928 |
| SHA512 | df32365bf0e09e03a67b0a05be69b84a8e12140f578b9a16a46c6aa0777638d4b172e0e0bdf94785a2025b71adb84fc5f19392c5f99446999a9fde40b0b1c1e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\90e64c92-5ddc-49b3-86a0-76ba677c2edf\index-dir\the-real-index~RFe58d32a.TMP
| MD5 | 1ca78a0ad747340117e879c1a450b5b3 |
| SHA1 | b4d0b2fb3603a218688b67b9c032cf4536dea3dd |
| SHA256 | 54b07e6f7f36d36f629186bb7f35f4e1a9c194bef351976fd4ad85ab2de4872a |
| SHA512 | 3c1efdf505b0a1cce092ef1f2c1c7be0907437346a1eb0f81a8667a3c35fc26d222ded87a5dd3d620c7f58d8b23604122dd84988c662440d0c260ef3be35bc4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\90e64c92-5ddc-49b3-86a0-76ba677c2edf\index-dir\the-real-index
| MD5 | 13870318e22e4e227ae99323f19a6911 |
| SHA1 | 75f48ec13004b1cbc61022520583da173678a6e1 |
| SHA256 | 089cff6d45217b496cb265a8c1eebd5ed21b53d6b9b7e0caa525804a2a867503 |
| SHA512 | cea6147769039d0d2dccd02e5525151679ce061d0649761dbf8523b396ffb4899019c426ae24cd0a8d78b60763fed4547e98fa5310715711732e860e5fdd0879 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 44864f70d15a9361715ac45fc56fda59 |
| SHA1 | 973be2115718a97a4e172c4fa1b7c133a6813b82 |
| SHA256 | 649c5eda2b06862b52e1108e6fb23ea9118bed0c7f01d55947277f1de6b71df8 |
| SHA512 | 5cafddfd702936c755444b5c8dd35d164e3111889ed00fff6cdbf28b6095e789147ca695b08558a7e34a98ab4f8bfee0198f9fd3bb835ff4e0381fad0b032a47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bfcff8d676aae78bb8c7a2c12cb56297 |
| SHA1 | 3bbc0de27cde9c968fd22d2d9e4ad25159f5316a |
| SHA256 | 0d03e4776192ad99f6944839a816ae4a9080b1262ff8f06aaf90b09d5853cba9 |
| SHA512 | 0aa7b14251dbbb42ec6c2f7ac5b19d089a56246b98d578743f4154f9736fb6134dcce5a384b44b1a04dd32435f70d0c972bf6b172fab7bf1c5fe4427eeca340b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 366ba33719b4e7110f6a0e3ed3b632d4 |
| SHA1 | af4093b6f393a29ca906efb097806dbc87697ece |
| SHA256 | fe0d49a6af7975d1a509b1abda9f2df76a357a3631edf99961e43ff33e9ca7ff |
| SHA512 | 25529408f15a7de0258ed6beb58fbc8590aa07c7e00ffc910e486f5c64e677d4f8af77208e53fa3067843b131425d01cfc0bd0d9a98154f4d0f62f7019647f6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\90e64c92-5ddc-49b3-86a0-76ba677c2edf\index-dir\the-real-index
| MD5 | 9a137535d4389ff76d65dcfe4ac0abf0 |
| SHA1 | a9f0bdc558796f05b5c4518cfb403575ee142244 |
| SHA256 | 74d5d64cdc2174a06da447ae41679419f8c4a59146d4c127c8bedad06d5ecae7 |
| SHA512 | 8b5eaf615d6a586e4ce374ffc622e3242df5e7ff219b2edd901795fad05617b34c27c95db626cce7dd5fd91a600074877d60b68d41c91b6a8af8eac069db85ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp
| MD5 | 82ce322cb795d0541aff1415663eeff1 |
| SHA1 | 35f8f6380eb9781ac95666c091a8aafa716d5cb4 |
| SHA256 | e7e9355c77474a49bbb2002b0689f0e6ea1f0bf048f3b4920c527a41e8e45c44 |
| SHA512 | 085d12c94d3b3ea9ffe76379599450ace85283703ad9e87dbe359ab0a8985e7de2c9a1d918ba57dcbb0adc52ca50b16eead76b6bdec39028609e2c180068d826 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 6cb3fed5949d3859f21ee24eb9a6a19f |
| SHA1 | a0c69b261b542c41ea437c0de03c983eceecbe5d |
| SHA256 | be74ddead342819fb558ce64a016824b5fbf6420ff3c22fbf190b7f4c517da93 |
| SHA512 | dab2b5a2c86978d9b6595e35f0545f8a683a46450d0769dc4b043ae1f44671e994a122793303a346dcdaaedf33969d004e2d2737757198cfc71ea85996a03d0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f0edf80dcab6d31c6b0bb157a86ca918 |
| SHA1 | a681ea22b3e325732ca92274579be6bf9048a4b6 |
| SHA256 | a1c6efe5122561570fdd1b383a7e84ed094d10239f9812eb0b93fbb3a9e0ee8d |
| SHA512 | 81b29a201e726ca0cada4859e67359a42c5de24963830e14097d837fff515db4ef010d83e1f72ed73d36400068d49baee70228c3a335e746261472dc62177f48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 58756d99d2376dcfbede6057dd25a745 |
| SHA1 | 76f81b96664cd8863210bb03cc75012eaae96320 |
| SHA256 | f5d0da7b010b28a7fe2c314724a966c44068a8c8fa7e9a495e1284aa501067fa |
| SHA512 | 476e35c3da0cf223e773c2d26403c12f8c8d034273cca9e3c4cba9359f8506159c2a5267793c8bd9982b636191ddda62e9119593f5599053894c7027a58acc10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 4308671e9d218f479c8810d2c04ea6c6 |
| SHA1 | dd3686818bc62f93c6ab0190ed611031f97fdfcf |
| SHA256 | 5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a |
| SHA512 | 5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 546dc33178c5d6dfd147eb524c028527 |
| SHA1 | d9b762ece8f3327c4b994b17c4019e902a7d34aa |
| SHA256 | 1fe73deca2752c5bbd64bf30d3a2957781d63a9d8b1f85d36ac15b24cdc1e64f |
| SHA512 | d5fddb38abf73e283cf43d2a94d26174095047e942e5e867cc1bcf6150adf871d15fdca0c24ad29df5107c3779cd85b773070a105045aa46cacea98c804b7735 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 86d95dd4e9dae5ac15822c6280fd1ff5 |
| SHA1 | 188258075f78716e7a19eedefc6a295220e95df7 |
| SHA256 | 7a38db88e734f3ff40208c347269bf17e79d63a63c4e87c2d6b52ce9af06f57c |
| SHA512 | a916701eb1497e30102e5a7bf7ddf9a4a87ef238c5af11904cda92edafde94f749a07a89705e0579153dc65dabefef1d99a7c65468f27fe192c4092358326c30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ea01644fb84412d57071b9324126da7e |
| SHA1 | fabe5bf25894858f697ce25137e439b5874bafa8 |
| SHA256 | 9c9d4ae4c18675bca267aad4eba1b830ec2c429c88692936999e7da65147be5c |
| SHA512 | 39f86642ba96371fe84b8735d86dfb6c0b22e7945265792ff152682495fdc8f67d8e8c76325d1ee9607be843efc151ff67fb4729e7577094b0df6e3cb06e8927 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c2aa0123d9d88b4459345ca3721437f2 |
| SHA1 | 24302b93da0933c5824ba48b9b8cdbf1d17a31eb |
| SHA256 | 7819103588b5c4bc91eb9c4b830235194a639f1d83980dc5d7cb7b46a3300394 |
| SHA512 | 3fb4f3fb66911f587fe8c3227f2f8781cc0ce4e59d74c9605a1a7343f199b70ea5918bf1b78996616dea50720a91de0a03a4a1a633f708955797908a93398d22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 847c59f26be0908667efe14b77cab58c |
| SHA1 | ec8c30d3daa70dfab150f0c8792954dddd4ee7b0 |
| SHA256 | d528bf8e42430b1cf41afbf5d85b120c207a530995148681f04d530afdeb342f |
| SHA512 | 279f39b0b34d9a2b8aa24c2f264ba5738d4b768d1a788647e5b8b2b9ff51b2fab1392afe3a2bf6513217f1220589928ee4ccb53b1d2f07203a7a62535d04ad33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7aa849679c5db59bfe6c71ce7d63f629 |
| SHA1 | 01910e1bd7225f22a6fd2a75e85ae908d5699d0a |
| SHA256 | 492bc31258b29cd8183da12e10f53ae401bab6af66359343780b5ebdad1aa835 |
| SHA512 | b15ae4a749e4765c9a578e204ce01d234f4a26c5b0645f77d558b00e9b8e0243d4dc761f60b87fec05c64468d4b6c9c3b4cf30c5bd58c97403ded91a2f913ce6 |
memory/3116-1291-0x0000021278770000-0x0000021278792000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_iybfe5rb.unu.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Temp\6tEZGZEs2t.exe
| MD5 | 588a46f868c4f4dac5b9b255f2584362 |
| SHA1 | f6b4502c0abe6f2ba66cf98b84a90dae89efcd97 |
| SHA256 | c396b25bf0b7ad349be220d1e1a78604eb1f83b6c42776c53cbb93155ef57a15 |
| SHA512 | ea1294e53bf6aee1266de52d38f40be8689f0f8056a43cba04c57c63b7640f9e1b84e1431e79d838b8a9d61956b1044e730b58883882a71e5f02ff477b17972a |
memory/460-1307-0x0000000000410000-0x0000000000945000-memory.dmp
memory/460-1309-0x0000000001000000-0x0000000001001000-memory.dmp
memory/460-1310-0x0000000000410000-0x0000000000945000-memory.dmp
memory/460-1311-0x0000000003BB0000-0x0000000003FB0000-memory.dmp
memory/460-1312-0x0000000003BB0000-0x0000000003FB0000-memory.dmp
memory/460-1313-0x00007FFE83050000-0x00007FFE83245000-memory.dmp
memory/460-1315-0x0000000075C40000-0x0000000075E55000-memory.dmp
memory/1784-1316-0x00000000009A0000-0x00000000009A9000-memory.dmp
memory/460-1317-0x0000000000410000-0x0000000000945000-memory.dmp
memory/1784-1319-0x00000000027F0000-0x0000000002BF0000-memory.dmp
memory/1784-1320-0x00007FFE83050000-0x00007FFE83245000-memory.dmp
memory/1784-1322-0x0000000075C40000-0x0000000075E55000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a078fb69afcd2b551362f817ff88b752 |
| SHA1 | 84fcb9a8772baca90d25c468047562a7fbbbfbfa |
| SHA256 | f8ff681036f889051f2acbf41dc234b26335bcf3e4242ca8c24486b82cbf00b9 |
| SHA512 | 4a32b4edcc1182f322ab733c83b30e9eb66d02bb12c82bace53277069450f046344ad572fe30576c086d842b0992f44f5dd72e9567d3e7ceca7d99c4df6e60a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 703a4c9bf0be66204a4a0f931256d163 |
| SHA1 | 98e92b4acf747aea907669899bc295c880a99a5c |
| SHA256 | aa9fb1daa075397b48eb8bd839f4f8076513242fe71642153faba28714af3e98 |
| SHA512 | a7a7a96997d0fe76ee19a73dc5043f1450938a8906a7d413d5e61546c36b141f147d01309e12e791fb7abaf06b550c0cd1eaf317552b6760a2f9184f6d197a3e |