Malware Analysis Report

2024-11-15 06:01

Sample ID 240918-h82fesyfra
Target http://fortnite hacks
Tags
redline credential_access discovery infostealer spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://fortnite hacks was found to be: Known bad.

Malicious Activity Summary

redline credential_access discovery infostealer spyware stealer

RedLine

RedLine payload

Credentials from Password Stores: Credentials from Web Browsers

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Opens file in notepad (likely ransom note)

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-18 07:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-18 07:25

Reported

2024-09-18 07:29

Platform

win10v2004-20240802-en

Max time kernel

233s

Max time network

240s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fortnite hacks

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Credentials from Password Stores: Credentials from Web Browsers

credential_access stealer

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\AvalonAtomic\sloppyCatsV1.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 5932 set thread context of 2032 N/A C:\Users\Admin\Downloads\AvalonAtomic\sloppyCatsV1.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\AvalonAtomic\sloppyCatsV1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4676 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 3248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fortnite hacks

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91f3746f8,0x7ff91f374708,0x7ff91f374718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3372 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2f8 0x4fc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6176 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7744 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7296 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,19203780435485552,13230500986260854095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\PASS.txt

C:\Users\Admin\Downloads\AvalonAtomic\sloppyCatsV1.exe

"C:\Users\Admin\Downloads\AvalonAtomic\sloppyCatsV1.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\Downloads\AvalonAtomic\sloppyCatsV2.exe

"C:\Users\Admin\Downloads\AvalonAtomic\sloppyCatsV2.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
GB 88.221.135.27:443 www.bing.com tcp
US 8.8.8.8:53 27.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.206:80 www.youtube.com tcp
GB 142.250.187.206:80 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
BE 74.125.133.84:443 accounts.google.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.238:443 consent.youtube.com tcp
GB 142.250.179.246:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 rr4---sn-q4fl6nsy.googlevideo.com udp
US 172.217.131.233:443 rr4---sn-q4fl6nsy.googlevideo.com tcp
US 172.217.131.233:443 rr4---sn-q4fl6nsy.googlevideo.com tcp
US 172.217.131.233:443 rr4---sn-q4fl6nsy.googlevideo.com tcp
US 172.217.131.233:443 rr4---sn-q4fl6nsy.googlevideo.com tcp
US 8.8.8.8:53 233.131.217.172.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 172.217.131.233:443 rr4---sn-q4fl6nsy.googlevideo.com tcp
US 172.217.131.233:443 rr4---sn-q4fl6nsy.googlevideo.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 230.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 142.250.187.206:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.212.193:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
GB 216.58.212.193:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.204.65:443 yt3.ggpht.com tcp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
GB 216.58.204.65:443 yt3.ggpht.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 216.58.212.193:443 lh4.googleusercontent.com udp
US 8.8.8.8:53 rr4---sn-5hne6nz6.googlevideo.com udp
NL 74.125.100.201:443 rr4---sn-5hne6nz6.googlevideo.com tcp
NL 74.125.100.201:443 rr4---sn-5hne6nz6.googlevideo.com udp
US 8.8.8.8:53 201.100.125.74.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.17.150.117:443 www.mediafire.com tcp
US 104.17.150.117:443 www.mediafire.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 117.150.17.104.in-addr.arpa udp
GB 18.154.84.84:443 cdn.amplitude.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 157.240.221.16:443 connect.facebook.net tcp
US 8.8.8.8:53 translate.google.com udp
GB 142.250.200.14:443 translate.google.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 52.88.38.117:443 api.amplitude.com tcp
US 8.8.8.8:53 8.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 translate.googleapis.com udp
GB 216.58.204.74:443 translate.googleapis.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.179.227:443 www.google.co.uk tcp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 117.38.88.52.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 216.58.204.74:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 www.ezojs.com udp
US 104.21.63.106:443 www.ezojs.com tcp
GB 142.250.200.14:443 translate.google.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 g.ezoic.net udp
FR 13.37.187.223:443 g.ezoic.net tcp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 106.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 go.ezodn.com udp
US 104.16.53.110:443 cdn.otnolatrnup.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 api.btloader.com udp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.26.2.173:443 www.mediafiredls.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 bshr.ezodn.com udp
US 172.67.142.121:443 bshr.ezodn.com tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
GB 18.245.143.100:443 tags.crwdcntrl.net tcp
IE 52.209.163.141:443 ad.crwdcntrl.net tcp
IE 54.229.75.199:443 ad.crwdcntrl.net tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
GB 143.204.68.51:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 143.204.68.51:80 crt.rootg2.amazontrust.com tcp
GB 143.204.68.51:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 223.187.37.13.in-addr.arpa udp
US 8.8.8.8:53 110.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 173.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 100.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 141.163.209.52.in-addr.arpa udp
US 8.8.8.8:53 199.75.229.54.in-addr.arpa udp
US 8.8.8.8:53 51.68.204.143.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com udp
FR 13.37.187.223:443 g.ezoic.net tcp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
DE 79.127.216.47:443 id.a-mx.com tcp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
DE 141.95.98.65:443 id5-sync.com tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 15.197.193.217:443 match.adsrvr.org tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
GB 18.245.252.28:443 cdn.prod.uidapi.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 c3.a-mo.net udp
US 8.8.8.8:53 oajs.openx.net udp
GB 216.58.212.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
NL 79.127.227.46:443 c3.a-mo.net tcp
US 34.120.107.143:443 oajs.openx.net tcp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 dnacdn.net udp
NL 178.250.1.11:443 dnacdn.net tcp
GB 216.58.212.225:443 tpc.googlesyndication.com udp
US 34.120.107.143:443 oajs.openx.net udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
GB 108.138.217.61:443 hb.yellowblue.io tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 65.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 28.252.245.18.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 225.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 143.107.120.34.in-addr.arpa udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 83.138.19.162.in-addr.arpa udp
DE 3.78.168.176:443 tlx.3lift.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
IE 54.170.214.71:443 ap.lijit.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
FR 163.5.194.37:443 prebid.a-mo.net tcp
US 8.8.8.8:53 p4-abrpvgkc3d6uk-c7iwimyzhrc3agbo-if-v6exp3-v4.metric.gstatic.com udp
DE 51.38.120.206:443 onetag-sys.com udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 11847fa6e0bf008b2655ff67e98defd7.safeframe.googlesyndication.com udp
GB 216.58.201.97:443 11847fa6e0bf008b2655ff67e98defd7.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 61.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 71.214.170.54.in-addr.arpa udp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 230.93.153.18.in-addr.arpa udp
US 8.8.8.8:53 37.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
FR 185.235.86.159:443 gem.gbc.criteo.com tcp
NL 185.235.87.171:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
GB 216.58.212.198:443 s0.2mdn.net tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
GB 216.58.212.198:443 s0.2mdn.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
GB 142.250.200.34:443 cm.g.doubleclick.net udp
GB 172.217.169.66:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 159.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 171.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 198.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 153.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
GB 172.217.169.66:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 sync.teads.tv udp
GB 2.18.109.35:443 sync.teads.tv tcp
US 34.98.64.218:443 us-u.openx.net udp
GB 2.18.109.35:443 sync.teads.tv tcp
US 8.8.8.8:53 check.analytics.rlcdn.com udp
GB 18.164.68.60:443 check.analytics.rlcdn.com tcp
US 8.8.8.8:53 35.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 60.68.164.18.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.187.225:443 cdn.ampproject.org tcp
GB 142.250.187.225:443 cdn.ampproject.org tcp
GB 142.250.187.225:443 cdn.ampproject.org tcp
GB 142.250.187.225:443 cdn.ampproject.org tcp
GB 142.250.187.225:443 cdn.ampproject.org tcp
US 8.8.8.8:53 download2267.mediafire.com udp
US 199.91.155.8:443 download2267.mediafire.com tcp
US 199.91.155.8:443 download2267.mediafire.com tcp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 sys.ctrackapp.com udp
GB 108.138.233.86:443 sys.ctrackapp.com tcp
GB 108.138.233.86:443 sys.ctrackapp.com tcp
US 8.8.8.8:53 go.etoro.com udp
NL 104.109.249.151:443 go.etoro.com tcp
US 8.8.8.8:53 marketing.etorostatic.com udp
US 8.8.8.8:53 etoro-cdn.etorostatic.com udp
NL 92.122.63.182:443 etoro-cdn.etorostatic.com tcp
NL 92.122.63.182:443 etoro-cdn.etorostatic.com tcp
NL 92.122.63.182:443 etoro-cdn.etorostatic.com tcp
NL 92.122.63.182:443 etoro-cdn.etorostatic.com tcp
NL 92.122.63.182:443 etoro-cdn.etorostatic.com tcp
NL 92.122.63.182:443 etoro-cdn.etorostatic.com tcp
NL 92.122.63.182:443 etoro-cdn.etorostatic.com tcp
NL 92.122.63.182:443 etoro-cdn.etorostatic.com tcp
NL 92.122.63.182:443 etoro-cdn.etorostatic.com tcp
NL 92.122.63.182:443 etoro-cdn.etorostatic.com tcp
US 8.8.8.8:53 151.249.109.104.in-addr.arpa udp
US 8.8.8.8:53 86.233.138.108.in-addr.arpa udp
US 8.8.8.8:53 182.63.122.92.in-addr.arpa udp
US 8.8.8.8:53 api-gw.etoro.com udp
US 8.8.8.8:53 api.etoro.com udp
NL 52.233.200.252:443 api.etoro.com tcp
NL 52.233.200.252:443 api.etoro.com tcp
NL 52.233.200.252:443 api.etoro.com tcp
IE 13.69.176.12:443 api-gw.etoro.com tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 252.200.233.52.in-addr.arpa udp
US 8.8.8.8:53 12.176.69.13.in-addr.arpa udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 c0.adalyser.com udp
US 8.8.8.8:53 cdn.taboola.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 amplify.outbrain.com udp
US 150.171.28.10:443 bat.bing.com tcp
US 104.18.87.42:443 cdn.cookielaw.org tcp
GB 2.18.109.60:443 amplify.outbrain.com tcp
IE 34.243.20.101:443 c0.adalyser.com tcp
GB 146.75.72.157:443 static.ads-twitter.com tcp
GB 13.224.245.61:443 static.hotjar.com tcp
US 151.101.193.44:443 cdn.taboola.com tcp
GB 216.58.204.74:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 60.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 42.87.18.104.in-addr.arpa udp
US 8.8.8.8:53 157.72.75.146.in-addr.arpa udp
US 8.8.8.8:53 44.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 61.245.224.13.in-addr.arpa udp
US 8.8.8.8:53 101.20.243.34.in-addr.arpa udp
US 8.8.8.8:53 tr.outbrain.com udp
US 8.8.8.8:53 wave.outbrain.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 analytics.twitter.com udp
US 8.8.8.8:53 trc.taboola.com udp
US 64.74.236.63:443 tr.outbrain.com tcp
US 64.74.236.63:443 tr.outbrain.com tcp
US 104.244.42.3:443 analytics.twitter.com tcp
US 172.66.0.227:443 t.co tcp
GB 2.18.109.60:443 wave.outbrain.com tcp
GB 2.18.109.60:443 wave.outbrain.com tcp
GB 2.18.109.60:443 wave.outbrain.com tcp
GB 2.18.109.60:443 wave.outbrain.com tcp
GB 2.18.109.60:443 wave.outbrain.com tcp
GB 2.18.109.60:443 wave.outbrain.com tcp
US 8.8.8.8:53 script.hotjar.com udp
GB 18.245.253.22:443 script.hotjar.com tcp
US 8.8.8.8:53 dc.services.visualstudio.com udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 227.0.66.172.in-addr.arpa udp
US 8.8.8.8:53 63.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 3.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 22.253.245.18.in-addr.arpa udp
NL 20.50.88.242:443 dc.services.visualstudio.com tcp
US 8.8.8.8:53 privacyportal-de.onetrust.com udp
US 104.18.32.137:443 privacyportal-de.onetrust.com tcp
US 8.8.8.8:53 242.88.50.20.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 p4-abrpvgkc3d6uk-c7iwimyzhrc3agbo-469645-i1-v6exp3.v4.metric.gstatic.com udp
US 8.8.8.8:53 p4-abrpvgkc3d6uk-c7iwimyzhrc3agbo-469645-i2-v6exp3.ds.metric.gstatic.com udp
GB 216.58.201.114:443 p4-abrpvgkc3d6uk-c7iwimyzhrc3agbo-469645-i1-v6exp3.v4.metric.gstatic.com tcp
GB 216.58.204.82:443 p4-abrpvgkc3d6uk-c7iwimyzhrc3agbo-469645-i2-v6exp3.ds.metric.gstatic.com tcp
US 8.8.8.8:53 114.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 82.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 216.58.212.226:443 ade.googlesyndication.com tcp
GB 216.58.212.226:443 ade.googlesyndication.com tcp
GB 18.154.84.84:443 cdn.amplitude.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
DE 79.127.216.47:443 c3.a-mo.net tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
NL 79.127.227.46:443 c3.a-mo.net tcp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 8.8.8.8:53 hb.minutemedia-prebid.com udp
IE 52.19.11.194:443 hb.minutemedia-prebid.com tcp
US 8.8.8.8:53 download2298.mediafire.com udp
US 199.91.155.39:443 download2298.mediafire.com tcp
US 199.91.155.39:443 download2298.mediafire.com tcp
US 8.8.8.8:53 194.11.19.52.in-addr.arpa udp
US 8.8.8.8:53 8f0aff5e6ab7967164df18ee292369cd.safeframe.googlesyndication.com udp
US 104.16.52.110:80 otnolatrnup.com tcp
US 104.16.52.110:80 otnolatrnup.com tcp
US 8.8.8.8:53 woreppercomming.com udp
US 8.8.8.8:53 39.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 110.52.16.104.in-addr.arpa udp
GB 18.165.227.106:443 woreppercomming.com tcp
US 8.8.8.8:53 www.chancial.com udp
US 172.67.141.135:443 www.chancial.com tcp
US 8.8.8.8:53 www.opera.com udp
DE 52.29.175.89:443 www.opera.com tcp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
NL 92.122.63.46:443 cdn-production-opera-website.operacdn.com tcp
NL 92.122.63.46:443 cdn-production-opera-website.operacdn.com tcp
NL 92.122.63.46:443 cdn-production-opera-website.operacdn.com tcp
NL 92.122.63.46:443 cdn-production-opera-website.operacdn.com tcp
NL 92.122.63.46:443 cdn-production-opera-website.operacdn.com tcp
NL 92.122.63.46:443 cdn-production-opera-website.operacdn.com tcp
GB 142.250.200.14:443 www.googleoptimize.com tcp
US 8.8.8.8:53 106.227.165.18.in-addr.arpa udp
US 8.8.8.8:53 135.141.67.172.in-addr.arpa udp
US 8.8.8.8:53 89.175.29.52.in-addr.arpa udp
US 8.8.8.8:53 46.63.122.92.in-addr.arpa udp
NL 92.122.63.46:443 cdn-production-opera-website.operacdn.com tcp
GB 216.58.212.226:443 ade.googlesyndication.com udp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 sync.search.spotxchange.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
GB 216.58.212.198:443 s0.2mdn.net udp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
GB 216.58.212.198:443 s0.2mdn.net udp
GB 172.217.169.66:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 116.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 p4-abrpvgkc3d6uk-c7iwimyzhrc3agbo-469645-s1-v6exp3-v4.metric.gstatic.com udp
GB 172.217.16.227:443 p4-abrpvgkc3d6uk-c7iwimyzhrc3agbo-469645-s1-v6exp3-v4.metric.gstatic.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
GB 142.250.187.206:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
DE 18.199.220.232:443 btlr.sharethrough.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.179.227:443 www.google.co.uk udp
GB 216.58.201.100:443 www.google.com udp
GB 142.250.200.34:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
FR 164.132.25.184:443 rtb-csync.smartadserver.com tcp
FR 164.132.25.184:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 232.220.199.18.in-addr.arpa udp
US 8.8.8.8:53 184.25.132.164.in-addr.arpa udp
GB 216.58.212.198:443 s0.2mdn.net udp
GB 172.217.169.66:443 googleads4.g.doubleclick.net udp
CH 185.196.9.26:6302 tcp
US 8.8.8.8:53 26.9.196.185.in-addr.arpa udp
DE 18.199.220.232:443 btlr.sharethrough.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 216.58.212.198:443 s0.2mdn.net udp
GB 172.217.169.66:443 googleads4.g.doubleclick.net udp
GB 216.58.201.100:443 www.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 983cbc1f706a155d63496ebc4d66515e
SHA1 223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256 cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512 d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

\??\pipe\LOCAL\crashpad_4676_XOMVEXJDXCAEFPHF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 111c361619c017b5d09a13a56938bd54
SHA1 e02b363a8ceb95751623f25025a9299a2c931e07
SHA256 d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512 fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6894153af6352f7a50e502e958897762
SHA1 cbaa5a29ffd8e433e82a88a618a603f9243f2a45
SHA256 1505f2646bb0c917d7e13b7bc0296bde2e0eaa27b321c005ecf0acfb494b14ae
SHA512 7d29a3a2d1999b55c20b6477e0c9514596920f91e3626f64e0790b3e4db246da98f9005a5d47d5fd67055a9decbb254f695bb9a3fa2ce7ec8d6b02ba391203de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f99a662dc740b729c48e86ce149e9518
SHA1 41a272c15f24629e9368552c2dfa957a5777fa54
SHA256 d61defa413caab55b92a955f49fa776302227c38066ace0b1cd72a6c2702f459
SHA512 90609da2e1e4f64fa14f4d68bf669ccaa458726c9586e8bac0b0c2fb8f2c0e9d247a845c155aa6527cd31a22a51054d9eb4b4afb6710f27fd3432692023cca05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 05bf892bae3115781e311fe3dda0c1aa
SHA1 e885a7617ca84e58ffcc26e7f299bd9503df25ee
SHA256 717ab4388ddc87f4359a35c7e178a69ea114080089188b13c3dafd5e85ac866a
SHA512 e54305cbc2acbb6b6d2eb40e27224c098e9cd0ed7e90100e3475507864ad344a09969e8e1617ca73b4a6d84232fe6c01dc3d3454798e14fd46c655825ab22836

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6b441fdb03ad3cb440777b973f30e673
SHA1 26953efd9ca0fe9e667063fe2b1a89675ce063f7
SHA256 6d1b637307bf41228a809f38761b62302a9bdcf44887cb6ddac3db5cc2e65285
SHA512 18ee17066e2830b8f6f212effb8ac9cc1caf77acd7375ab499078530bf03133e12760ddbd01cd0d917826aab00f94fcba354a4fececad855954c49a74538f1ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4ce50b8229b886bc56d689b127c449cb
SHA1 e8f81ce681312039da2e2e81f123d32157c70194
SHA256 a3add2c5dd2af967ef43ef800e2b51136b9324bf07e08a83a95644e5f856c02b
SHA512 0d0a20a6e7e196c4cbcb0d73e94cc4dec2be82ed002d237d4e3d5a0e5cfe3d2752ce96f004fca2e20edb5f070ea183c383f34e52eb8bfeb22ac994a76cc57ca8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1a6c1f0e0a1ad05708ef0742964409c6
SHA1 1a5357b97cc793a3f1d16038dda56baf2e17bb32
SHA256 849449944872e86428d913d23125eccc5ae076fa6d12cc052ee83eb91a733678
SHA512 9390517bb165f098a681cd4d5d2f57773347060403bb1d903a0d4d1155e0f4f75a0198e65d36093045501be8398c87affd9b19b48356fdab8d21eb69254c15c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ceeff0d7-08b6-4f6a-a780-252527ae6f96\index-dir\the-real-index

MD5 4ffce3c1a7a490b1ba613190c613ff39
SHA1 7fec59698151ee695b0c10a4502da0e83b6b1141
SHA256 8e7298cd432fa683e860f37526ca423c0baf09d5df516e91b0b35948488049d6
SHA512 f7ab1f3ae877e35223d524017ef753d0389827c80db2cfb45acf271b895bb60084667f81c9ff458d0670de055cb675a51b7de72793b1394b2aa20ac2ffcda016

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ceeff0d7-08b6-4f6a-a780-252527ae6f96\index-dir\the-real-index~RFe57efee.TMP

MD5 8c77c3e411991fe5f727e3aebf5139ac
SHA1 e8af2e5968abb56dbfb1682831dba69343467abf
SHA256 31c6afd5456fc9835ba6c634119b7501dd4f9a0761a36ccfcb151d0e45b99eba
SHA512 f2c040d1d1fd1ef82c3b4a2902573e7739e0fe9ec32b3c537feb4ecaddfa1f280d95416c1fa3c68d245fc67df5fe58b40adc4ce2e735e5b466a0d146a4c69365

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c4a0171bd422dc8ebed4787781e22e01
SHA1 adc9585ce48a1e9da201715afb38f71538b52f26
SHA256 c05ea9880e168a7ebe8a4616a336f43b126395cc195f8d1243dcc0776812d036
SHA512 d438844e4f34f60988a8b4e3047359e8ae9472a556e7b4d4cbad1a50a4a5a0004da2954f6124c2bc21c016d1a7eed346f647b57f87651bedc4c9674656928b32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\19efaf5a-d853-4cd9-8401-16ea97a2bd58\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 58c3f0c14e5a52d7493fd394a070ee49
SHA1 d232394fb6ffed40efe05c0212af98d567263b27
SHA256 d49ea4a1cfc33f8940b69380c484cb491dedced6cc76678957d28a498aa827d7
SHA512 aa1e1fb67bce486fd07c06175aca273e44516cc18d632c2693c464626ae340982d29a6b107d391f1c22f399945f9478408b57de28c958859a376136dd6acd84a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e9a2bf98fd5fc41f49c11dda0d1cb9e8
SHA1 313eb243557d5d61c9257f474a323cfd41faec42
SHA256 7d5fb83c4f2ded6d5bef71dbbd939ee746f21e87ba7632b1563f26af0d0674ce
SHA512 06587b22505637c134bd9fec9399a6278f12b6d5e83e754a1faa2e15bb3b955f6225faded1585623402af994c4e472268ff0ea86ea3d1e13bf043f1db1c382d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 36c1bdf571c3eb45bd477df474131491
SHA1 363c4d3abffc2b82ee02dbb38a4e06848a3212f2
SHA256 cc951ef9f66e26918524e86b7b0e7890ca7d8e93559b438d442288ae5a2e98a0
SHA512 d11e96f05495a0eea23e94366da8fd922c8617b040b6868a59bdeb4ceabe7dd9aba1b9fee3a6dd34add5e8fdc0498609bf302a47d1186193a097e72a822bb3a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 48fa34b447583f4c47a11ce49cd9198b
SHA1 fa37a3f84dbfa8d42d885f648284533bc9fa867a
SHA256 f69a513b28020a7c90a6310f39c460e174c47b5142b9ddc7f30a39beee42fbad
SHA512 20ca7049ff8c3bd7c7801ab18d84b8e4a44271254aa60b7c03cf8f356d434c2b2e4bc5adc47c3cb6467d33f96b9024e63f161365a5e4e8b3e023aeae4b225810

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 cf4e779eef89d9c5fb496d22e0d7098c
SHA1 7018fbb9203c7ab378834761fec9c68fdf818367
SHA256 c5920310b9d34641d4295b62783c0aaa4e351860bdbe5b832d558621a78e9e62
SHA512 97cda67c42b7e890388925d7fbcf375d42561fb70f2a4590fc8e4885363b8ee520d6a346d63309c2038b048abc37634962e925b1d4578fa8ebe9ab7ff72afedd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 3b2e2b104f6eb1d0adc8eaa5c0d12105
SHA1 5109d568665c8be449409045f8b0a5db8bbe02e4
SHA256 1472242ad74518e1da7ef2972de48513720dc904c429ab02d6de868dfb5fb329
SHA512 ae77393a9c7379491959567ff1b1fbc864aa472c7dee621469d43ff9ff5756149362973c7eb6eb3f1f80b73025af143e54167e1010adefee6be420f851259285

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 45c207496bf7b128c0363c82c8a28689
SHA1 da765f606e972847c7c700e1c099664acd9aab38
SHA256 8e9b9b5bff06b338e19a87f5336f85132ff039b0ce06a30817116de3f61b0dbb
SHA512 d11cead2b3998757725732ce2e425a5882b33d658916212f2a858af6df13f0db9749380f05b44c752ad24e1bf732563657ef6995d91c8149e6280a7d77de5261

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 02cdf9505966d660ae430b9258726521
SHA1 7a6e5afa2c4cbab3d2e24fb3fe15eb43cf01ca82
SHA256 e5483c5b5f4d089cab46aa7f7b540832ae0e727f5173432e012e9897a9e82207
SHA512 7a9375eb4dbefbeb1bb0672fa07676fefdb21a7a9ddddf63949c87c251a0928649495215533e13f48510b28551da346c163266a8b3dc0dad16c1d8995a4c4ff3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5aa20db1fe3266936a6ae8209b676b31
SHA1 42481456ef6a3a327ba82fc8939fcb735df0f135
SHA256 8f5afe3b455b9b7006d0021089fca64b586ff91031855cfbe81847ef57e277f8
SHA512 ead8b325c551c9d2485ffc04322e41e9cf7c5b7b82b1dff9ed087faa015666e6484af3f4becf6e7891014c1df34581201bde6a470a9240581836dae1dc29df30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582f87.TMP

MD5 94cf5479950081ffcc7c607cf33b846f
SHA1 723ddb9ef09c98366106e4fae31ee71f66a2a3ad
SHA256 f671ee7f8b032bba78683daf5c57102cdbdca8634b730b7f65fa5d674301dd61
SHA512 8d085a998387bdeaf6a520918706b52c9f58bbc44bd1f9cc195fa286d2bb6fcf1760363e23e6d373401aa263afa5ec91a29d41633e7a4c75daa96c1bbbbe4cfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b1eed6ccc59088b8789cba5c32298519
SHA1 2548f27b51cd804d3e9df3adea00e89fdd206aa7
SHA256 66b46226de8d911d1f6ab96232c23f3a49abb1c3e8aa091af2bfff84e9892c79
SHA512 6457577895d10ff945ffa52b548a2cce48bcf02c750b07a2014fc0ad55d0210f0c707197cac63717876992a26a8b84202f188388cc8993cb493c7536b79d3504

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584292.TMP

MD5 6c9e0f06a3d4371f35eafb9143b174dc
SHA1 4f88961d7412bbedcbbeae530497b98e5d4e6533
SHA256 8d3887d33c26eb1300d237d08efbfafaf29e35a94a868c80909f40e11861ef15
SHA512 57249b5bcd555ba77a249b828a5b44900ea206392e106371c868a0ad7345502e7d7bc986677e5dc1450d9d70f816cbe8ff5a292ef0765b9ecfec8f9ff5d71f5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 29a0a504a3098ac1d0554ce50bddbe49
SHA1 9dc5c60a93ecc7eb5065032cef840be2f57413a6
SHA256 ba0dc12472435481d468c38a301bb2c218259211772ff254e3aa1309404463f6
SHA512 3df4b0d9724210ab94b757627af8f05d16f220a880962af31a57ecd39b83a1ad1ac1598f05cf1ccbdf54337b4b89917a22bb25389ee76103522a90d4d2a0c13b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a6011731b4b0750dcb732103b0cdf102
SHA1 81d13e5b9e5162b470d274a6c9d008af37bb68dc
SHA256 cbf26de30c250c3d614dcf8f7d53a7d1a47cdfadfdf077bac7d6f4702f5fe5ea
SHA512 9827b2a935857be1b397fa41074db1875ca8db66cbccda12053534e3bcbfc0f50b324e9da22f4f936a828efcdc9eb8b06f58a9efa52060527e554b7c16be930c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bffbbcf7-6017-4ccc-b65d-0ba2d0569e79\index-dir\the-real-index~RFe584a52.TMP

MD5 c5c824c306b90fc18ff3e3a89f799071
SHA1 3369430fbe11be08772e4389e342221f161a24e5
SHA256 f1da27966f49ebf9f8efd9fd181f00e85c636a6e8cb3eb738ac094903d520d98
SHA512 28624590ba049f48d94a41cdc6aede3080d4d3b3621070cfaf9f62f47000ca3a3641ecab0717980abdef11243bdff072adcb265a84931acac9a02b5f5567ac6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bffbbcf7-6017-4ccc-b65d-0ba2d0569e79\index-dir\the-real-index

MD5 d4585aa8827de56c0c7939b7030378c1
SHA1 c114645021424ca76ddb3cb7bb82e454cffd64a0
SHA256 346f3317eb8db853a206636e4e721e216f6a9a15e89cf829f6d0f55cdee03292
SHA512 d75dfc18d99636d3666eafb970d8a650e5f40f000ea88d799d43fd5d7254bdb13a80d143cf354f4eed1b66cc5bc05c831c3d6789e482a0f64ef7ce6221a8f9d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bffbbcf7-6017-4ccc-b65d-0ba2d0569e79\15f1deb2fd3b6cba_0

MD5 c1ca02ad59e334bdf7301850b40be87f
SHA1 a76f840d3c58d5d25bdcf67628a7b909ad07418c
SHA256 85afa3c2663195b6a08c35176a28d5aae1ab03f2226dc6458fb3b1afec703094
SHA512 5d51d4e0809bcf9c45e001f58262afd73143100ca0e1a9da30b945d74ff1c2116f204e773b5c1da7bdb8cb41654df4be88321c55c2620cb9d32289f89598c72e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ceeff0d7-08b6-4f6a-a780-252527ae6f96\index-dir\the-real-index

MD5 fa6288b207e98b998a63bcd03e625a27
SHA1 7af09c32b6b2f5c6b9ae8ee097bc7d1517a7a0df
SHA256 c785291c66bfab337195aaedb79f8197e1b9f1e1e9cdccc2070787d11bbea138
SHA512 5d29b5c8f2895ffccdbbd1918bb35e1fcc0529b83111e8d08939bbb1c83a8e0a6f0c7d9c036898b24499a34d95d9cafd031c6ca1d83c52c467b3a015d23fb60d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 61a343823d11de0b7a9a265cf5d2b7cd
SHA1 de09aa0698ab53ae5539d3609d9267cbf80b3023
SHA256 d86e304aef04c5ab33497c914505dca9ebbaa7588ef9cd6b2ea966aa169189d4
SHA512 5124b82c634afe959f4443ce7ae830c83a30e53364c6187a47e3abcbace118dd720f9ac69a9d02e1bdf63370ea8cf094e656c9eaeb3d46e36eacec7b6b1abf08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e6b2fc19df334b6967f0aaf63c03651d
SHA1 a98bb995409d7f77631c3e8470a503beeb3f37e3
SHA256 8a815e1c0a54d6733120b78bb8bdf30c0d35190eed74ba822e7f37477fbc6d13
SHA512 e6930afeab9c3ebf8b075dae513439bd08994d9ad38a3d61818ec2d3903dbc777084d70fee84341b3cd1078332cd60dbf4750574e71228556c202c54f28eec6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ceeff0d7-08b6-4f6a-a780-252527ae6f96\index-dir\the-real-index

MD5 0880211774aedac1ad5051f1e390c6b1
SHA1 f96b0b585ec92b6fbf858debf3bd64743f505cb2
SHA256 c78ac163c7702950cb0b20267e0cd0ca854b443f6c0949382a6d2c7542a757b2
SHA512 572adf5c7d3fd74d54e7c12a363dfff42646c261d5e52722d6661855065437218bbf48697ffa5df996fd400b8a0415112e9150ce7d32bb39b49da0d61de226fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 928d216af911fc8e34beb437e7452296
SHA1 720b8fca19f3184d485cd7adc39b581a0f7d42fd
SHA256 cea354bdd54692ebe779a51f997e11e9bc6edcefcf6752e4ad222e0256503e1c
SHA512 873ce1726ef969f7905562ab4dd16544ad86523e2c001a276414073394d5f307be8eb5ad31735176fc701d88678835973322caa9b9306a28b6533f86da1f42ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3f48ed0d29b3413ec506fc0e2e08d877
SHA1 1221e6ff1e1d88e850de12f51247713ef415a1d2
SHA256 b982be6338433cdedf2c38eb7e1caea031d5c1f3df66e2aa08172324354dd8e4
SHA512 af259796ecdb8d1b9f3edd81e01b1197d67c34093a55e8df701bdec9bec1bb7ae9f71c4cf1e6240010fa8c9eecf4586b8bf5b80378dae63c1fbccfda3ddaa7b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4c2e28e12fbd6f030e4f97af84f16848
SHA1 59bb2e4d65e5847831f2313ef92c86f3b1290c65
SHA256 067cddfa7004605674dbc0d9256b413980e2df0c23dc2a9ffec57b453ddde187
SHA512 dc75d0777a89caae05d6358b4310e76804bf68d8577c1b2cdfd526e3d68f9467964ecf00c4a0108afe1ddc5f164c48d2d87c210d9b28012cc7cc67a9a2939acc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7

MD5 c3e000f1b515c327841a0a063a364383
SHA1 43f6aba238ea771cf299eb1c76a0f3944b2a893d
SHA256 268e5bc3de347edd0d6ab8860b22a19e7ce7b41f0acc72c00a8a945d4e4a8e43
SHA512 54206abdb1cf03a672d12d49560c5c6039d1956603e19e8a10502baa7bd8df82064778f7100f911dafb02a1105e38c175faedc92f1e0af028ab8552547e94f08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

MD5 c6150925cfea5941ddc7ff2a0a506692
SHA1 9e99a48a9960b14926bb7f3b02e22da2b0ab7280
SHA256 28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996
SHA512 b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 e86762423a86d81b0746a714ccc4915b
SHA1 22546f63c5d720ab06519ddd14727a0917e10c20
SHA256 15391b466bff22723ba579a154e019803aa0ae3f0b4bb6706dc51b167338785a
SHA512 111e15731a14105819003f70192e9c29bcb60d098d62142a18633b7552582847d95569890a2f8b27d89babff44f7c7d33b6217f721fae8cf10c3e3a3c6c61384

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ceeff0d7-08b6-4f6a-a780-252527ae6f96\index-dir\the-real-index

MD5 85ee1463302217a18252e4718e71a07a
SHA1 119d0192adebce0896f555c229e3083b6e2326e9
SHA256 98b5407049ecb2adeabed7a376008c49296b6dce0d8868178f48936a49e2f1e2
SHA512 ccddc348dca0ef4c55140cb08910fda66d49bd5ca923b6e5448fbd4503d414fb74644297045c9ce1a979a0c9f6e72c6f368a3008d390bb8aa01cb38601a02794

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cc1eb47924fc730d238a537d5479e916
SHA1 29ca57463437d2eda7934340a23ca6a5b1455d43
SHA256 30bcb3babc690ddd7e5476f5bd712fbf862dcad6e31afd835f6d580887de9b4f
SHA512 209557454e08234e8d63d5a5aac93ed474a0e3a563d48d90363b7fd96aa2bd01a8128b645048d950e16e33dc83c893b43abd4c0756bf9a8d8ad36a6d68ee2d5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

MD5 82d6a85f87bfd8d4d2db664dae26b0e8
SHA1 0b157668ce87bd3d80eea75529f62869dd00d158
SHA256 af1ebdac7138371d72b1ac71d19651fdadeebef69ba1a830ca2d5aa1be442a79
SHA512 89ccec03b3b458dd9ad17cf00523eb9c1658c080be6f0e18b98d9c32ec0a01566c01061c3a52d16e4d35513d392b72458b0ceb21ef1a9fdd49a0cebf64b6fa80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 05f3e4a089a539dbc31d0873f47090bd
SHA1 b14029f1ba9b365e91b88194ad40d3cae6130517
SHA256 a6feb75021a851b195c0069bc5646793c6116ed36fad68b91dc90e2f57e8455c
SHA512 2744ec9c47b352e5b83225543a1ccb14fa185dba0da3ec940cc71d9fb4d2f10122b3ac0a53f47baf7aa280a0d767668cd7f5c1a33fbbc69eeadcdf3d4816ddf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fbd4cbdfa8f0382b6d32e81c2749ebec
SHA1 45e453f43f7245a6b763b39234100f267e8cfadb
SHA256 aaf86e85164a307cc7d1d2d4cb3b9d3a8153713811cf675954186fb0f16771c6
SHA512 c22bfad3186bd614a5ef3cd78fd612f3aa1becefb44f36e7ee4e1cb75c5b08d82fa64fe113549febd7821917c6a1d8973fa8412b9e33d12d29a4fb9d2258f8c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

MD5 3856de7c74fe6337d7ce813fc7bccee6
SHA1 cdcfa9794d003850048544a3c91e77da5ca1471d
SHA256 862f70d9b90d2587e8367b318e2e579f14b0e62428f6f0d2ff48d8a55dd94bed
SHA512 39ef7ed2d323c89582ff85bf0e0040729179aa4ea4f4e512eaae967a823375cb95b8ac914a9dc3c267ce75fb2a4a3860923011f42f4b9381308b9639f57b12d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

MD5 08ec57068db9971e917b9046f90d0e49
SHA1 28b80d73a861f88735d89e301fa98f2ae502e94b
SHA256 7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512 b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 41392a558e023e51a1bed0c2ee274e75
SHA1 e5b63ab794e29a763b1e84d08883fe5627d89db1
SHA256 14dc4e9e5f58f38488bed53ecccbb537d36c7156d16f7c72bce8c4da6a5c69e6
SHA512 063711a797fe5e6c3c0bd43e8d953799cc6a494b921ed4b47def7c073559be4966bb5c9e9063d090748809219c55a89260ab931ca1c872d2d12093505d921253

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

MD5 660c3b546f2a131de50b69b91f26c636
SHA1 70f80e7f10e1dd9180efe191ce92d28296ec9035
SHA256 fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9
SHA512 6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 d2155aa26ba85d23cbdb242318f9da8d
SHA1 d19b123d77bb65f6fd5912fd17e8bc71e3522db9
SHA256 ce67d212e81563a4ee7fb62aef4af4481a053b8fc369430fcf0c74d4cdfb85f7
SHA512 f0d4a8d0be7c89ca95bd54621c09aafeb86515c7e5e98a80c3d9ec288d1883887950fe8e7cdd257d376d152b0b3fec2d2eca7477fec4fd9ad0a623fab012bf48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

MD5 5e3bcb85c3140b9e389c132f50d5b710
SHA1 b4cb74acc71d5cf828506f413d9141d9fd804d22
SHA256 de937b8ee5c03e7592c2b6c170279a4d3f516cc335adb63b7cb78294fd443c45
SHA512 09bf3d4ae5422587042b601790f074976d82dd4e1e89cdd68e45e98d911f3111449e8a1044dcf72187a03450fb8a2fc880330f7648a229d2230b5d2f19ad63ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

MD5 d14a6556da7a2e9704cd04eae28cdb46
SHA1 a80812c70f13b49597079e3561e68fa177535a9b
SHA256 b5a9c272adc373ba2512fae681f3c14db8efaf0158d32890b0cae1df47784ecc
SHA512 73a3e0f274b6d107cbfa4e633f71c3df9de34872f63d9f1bbe2e6c347e27ed1336755a97fc35cdd5f5d9a35413fa2c6d225bdb8140ad16ae8b9a20ff2d6785c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

MD5 7142d0b5d0c1b22b9722bdf6f3d66cd8
SHA1 687b06c23bd54f044739e55499b0d848669b46df
SHA256 c2b0d7e89e3cda69bfe7ac059cfc96955c84cb674adb745cc65004a5053c3eb2
SHA512 a4f9af93a3a055d1c70eb00735f80223257cef034c404ba4ce846c929aaeba3f050baec41e6c19404fadf983c609191adfb026f8a761bfa9d3032b03eb2d38eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

MD5 7929c3dc6d6518974576b3e40dffb430
SHA1 68f72a67f42702cc365c3e5f34b66829fdb6354f
SHA256 80f0556b4290215413423b2f1627358d9a56d008ca97da1a1f2ce5ae62128293
SHA512 379e01be1db2c205a321c248a2367956cc9fd73384d6158d3fe901f3b28eaa48a24685b8ebbe1058bfa17a995c3b365b34b4d61c0aa5df041548c74b0bd6b686

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e710a2b484929ddc1fc83df6bc9eb594
SHA1 37adfb398d422ce3c9a306fcbb94a6abe8c8df29
SHA256 0538e04e1cf9cff523e86573e03e4184625193b4e6eaa619be8891b28fdd0266
SHA512 0c4cf79ee3771da2b3e28506f5a13ac53bb12b026620743f63f28951b487b7aa0c5fcbb892459679da30c45764d7f4649d7495f810e5d2be899f8f6a6fb7f755

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

MD5 5f747c64539885d991db99de756ce1cd
SHA1 a767f8dcef5742cad81e949f0ea5eb91ef0dbb55
SHA256 85ba8c5dfb41e7d6b7dbef0f0a180b487b7d600af5eec1d2c6017fe231b43abd
SHA512 1470b4b0272c7d5d3e8ed144ef1d2a2d9e3a89c99c9ad76a3eda2259ec5e84db693e447b555d9849b89fd507ae5050a461cf02ea70daf993aa74b4a1bd141bef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e51181ae6e333d98b8e96e375a8195b3
SHA1 cfa8366b1e03cedad7419f6a1ab4615d55746196
SHA256 59eb5fdb2e151420a5faf689e8badfe7501d0055b2d76643c8ec51e0b38e510f
SHA512 3d57d64595199a8721d457ce88a6cc5b7537ce91475e98d2bd27b0820ff6e0bb01ba6fc9590cadb88bdbafdbfa471118fd8ce88379f705c9488bc20522108609

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 71652c35499e2efec728d1403eda5ba5
SHA1 dd101fb95210114782368c979c30225c50d692b9
SHA256 cecbb9f64bbe454b4c903dc95c20af75e0faf346393f81984635122596efa10b
SHA512 be6e652c5eb7b6a34edd9d7fe9f23dafc8d077c49753dceaba27f40fe6d6297dbec91d81985bda84d8fa7783714c163c79563b14071d03dd540b9d8a3a9a64a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 895e6f8c7e3a82fdfd963c02daf362b7
SHA1 d139e35af3f331cc3d389bb70adea7d950e7f05f
SHA256 0f215a621f6cdbb52b820ef830e4afd298d758b4dee5fcd28fb7df5c36f2b515
SHA512 50cca2b9778029a19edfa049b241269b4e056fffb2b2ce2123698066f0d2028a1232716104e7daa62bcb68ebb331d8ff21ac364c712a59e013d71e92106a8f15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f8df18c2b3870689a24293b4b40b131a
SHA1 39e43f088c39c8995eadd635c080a338cab38cf4
SHA256 41df1ff89258d229f3b2fcb9c90cdd976f5a32f9b4ea34710d57d32a9fe5a73e
SHA512 adfd3e984bc2982556436e59c26e7e75eb57914fe17adde711b31d6fe1e401b5fca8b5ac2155dc962a40c6e645a3662c5b3ae38cc39994f4496fc9bd183ce43d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 66d0d26caa60feb7bdf98a9628e959ca
SHA1 610c6e527b697111af32397d5e7ff9f35f5481c9
SHA256 8b775f52c04da396fbe6bb1bc57a30fde24ec1f55ceffb0dd261fa4ec2b2e672
SHA512 ce2cef1e957024401f0be70c26d6eccbc00cd07dc931f83bab0e156ffd5f0ac399025cabeb37b22b2ac002452ce34e45199bf25b4d8e21eb50365691cb50e528

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a11a9ae14c4ab31434dd38686783c504
SHA1 dbecda703bc92c0aa1373177221972fc223062be
SHA256 6c0afa2804eee1e54b8146f7829f3368ae79e3ce84329c0f7015ac095564df80
SHA512 5a5175105d36a7b9e9b34d3d7ddec0228d31c1401e7fc5486c054a44bd13af6f737dbccea75d8d26669421c57d004bd166aecceb463cddc2722bd3881a350218

C:\Users\Admin\Downloads\AvalonAtomic.zip

MD5 bf4098bbdee4430ac6d12b03c484d4ab
SHA1 839ea1a5449ba5346389c939c1e5ef3bb9b31e95
SHA256 25edeb29bc45aeab9a79413f6b8ebd44a6c8737355a29c59b4a26625f2cee174
SHA512 0f63161f0b30beb8a576f08013a6abad6d11296fa03be83f2446456bbb7fcd6c8237a1e218ac9b07cdc4c2a65a5e2897536cfeeec222437fc1135801a226f56a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

MD5 09e30ec0ae2a2effc2b6872b0af0aae9
SHA1 b0237ba13c5160a1bdca9c048c78132f1afffc27
SHA256 4fc13a7ed321277251af657b0d604a5c39ded056cd19a14c214473c8a7f1901d
SHA512 f7e7ecb843fdefe4e43e7a436ef0f433cdb82d4a0e1558eebb70c4281bd5fbc242bb3bd87d8c6e3ef09a01d9b54a0b7c5883691e316895e45c5bdb0232429012

C:\Users\Admin\Downloads\PASS.txt

MD5 24a9c8a22071ab7d51b3b3967382b9b6
SHA1 9f3ef3bd2946f5a6f01c4121e031effc32ad5b9a
SHA256 cdbb0ab98b182a26c9b7243c13a146ec893bc2dbf609ee72b6121f4bd6c24b9d
SHA512 f32cd0eefe472d638c74fb3124ef5d1ee7dada8f3ee56e9109da793183578ae025c3a9b5b2c77934f1833b1fae39aee1c6b8c9b82a9d3b09ae5e95e1f1ea3e52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 18fdd63e1c77afdcf99ad676d710ee70
SHA1 fbac1e5f3c8084b406b89d546f28e8ba663796b1
SHA256 9281064defa6a45b938d41fd1115421132623b705797ac5c63477a9435fa494c
SHA512 9737ce331f0aaf081226b5e0ea3b211da5851f761fc9d0c9312398a90e807812a132dfc66aae2bb70ea9f29da70fad277c0bec34a1e41df0874e739aa779708f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f291e2fd647e25f7ee0b3041ea0c47ee
SHA1 6c87321daf673d31cbdb407d8efc90061bf38e47
SHA256 c40674ad029d6256607d9284c9381e8aae141bdcd3f52d7d35a10870c4f7ac30
SHA512 ea53d0ab2edc5c7f4103a038960c8e2faafdb022e41aa543275ce15115950099eaf23ac4e9da86a145afe225249c7324a29456b7b42de7996265b92ed0aa3451

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3bca119feb23388480ba521869c7324e
SHA1 7712ce1278f9c56ba6f5e653b9c17d759b14ef96
SHA256 8923abd1b0bff5e51df1e04de299093b0486215a4b9e6cd3caf74421fe19b0ec
SHA512 4e9afc6b6cbe9b1e1b806fc27b93ae9a29355d8b8f692f1d4b1a852cb189b6153fa3156b408c30ba0525b7409b598d79900d1205e2a0350a1f640025dd8bb448

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 4b5c5f4ece932f6300477156a0dec79b
SHA1 3aa64c9b8c37db47b4a53b9bb01a54fb7301ea7d
SHA256 b6004945ca84c3eed7eeb75bb81f0ef6335203283222ec0bb2c3134f8ebbc0a2
SHA512 6d093758b66c3f0061a8bbc9bbee6d08759a3efa2c83d40c94a2fafdf56654a68edeeadc70663392402a02cd5ba4e367290abc149f884c2fe8f1eff833f1cd71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e26b9a6c5e928d1fc87c54c9cf243426
SHA1 75e01f291e8b247a68d744ddb4e9e9848fd1204b
SHA256 bf4972b0ec25776461b7cf89e473540f547477c771ff96963f7376fe4ee0a169
SHA512 00f7798af5b024e59f3c0106ac81688a31d99763f9bdd5e837a50bfcac2c263cdf778d7c68677c39285810a04c120d68f8ca93392a1348d4c272b781bafa8687

memory/5932-1810-0x0000000000690000-0x00000000006FE000-memory.dmp

memory/5932-1811-0x0000000002970000-0x0000000002976000-memory.dmp

C:\Users\Admin\AppData\Roaming\msvcp110.dll

MD5 46bdeb2cc910af30eb61315ab46310c0
SHA1 ddbcd3c44739219db97ddf6d86baeed77e6e5643
SHA256 8f028d17578b9f9bceac10d4ab89903899c796d08ef921dfbb92297d29f457b9
SHA512 b7165e1d299a7153347530ee81c55a5cbf6d76e9a205ce0ce9b81ec54e2f819484a663fa52a41838464a618df06f66c327d41bc115cca3ba0fb8b2bffc02bebe

memory/2032-1818-0x0000000000400000-0x0000000000452000-memory.dmp

memory/2032-1820-0x0000000005930000-0x0000000005ED4000-memory.dmp

memory/2032-1821-0x0000000005420000-0x00000000054B2000-memory.dmp

memory/2032-1822-0x0000000005390000-0x000000000539A000-memory.dmp

memory/2032-1823-0x0000000006500000-0x0000000006B18000-memory.dmp

memory/2032-1824-0x0000000005EE0000-0x0000000005FEA000-memory.dmp

memory/2032-1825-0x0000000005640000-0x0000000005652000-memory.dmp

memory/2032-1826-0x00000000057B0000-0x00000000057EC000-memory.dmp

memory/2032-1827-0x0000000005800000-0x000000000584C000-memory.dmp

memory/2032-1846-0x0000000006060000-0x00000000060C6000-memory.dmp

memory/2032-1855-0x0000000007250000-0x0000000007412000-memory.dmp

memory/2032-1856-0x0000000007950000-0x0000000007E7C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 adff52d29188474c1d84f9501e719df7
SHA1 d8beb20fba814aee644e5a54d292ff0d5736249b
SHA256 45d3eae404f75df996d6da386dd946dc5e161362d38410ab6238e37547dd087d
SHA512 d8578c17ffafb6155a39a47d5829101f8faf52d184838bbf3910aa48a274ebbe75a0e27a49d9843e6f549e1e6e1ce94e84ef7e1bacd448bead09511d5fbaa786

memory/2032-1859-0x0000000007620000-0x0000000007670000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

MD5 df7d103bbd49c15be5ac5805ecf86879
SHA1 6363d13a0939aa7d4344c96c5b5bce51628ebee4
SHA256 f992572da4484587290ac621ac57c9c42a76791f415f0558f2bf83d94f261064
SHA512 4c506ae155c976767e3d1d962cd19d667faadde5993997d34499e7bbd3209307e37818ed41a397771343c6920af762ea14a80f2d6283a4c4e0f761adad9a5878