Analysis Overview
SHA256
d893667722ead622a8309c287f75d5e31aa8614db99ddf3866d1956d4ec83219
Threat Level: Known bad
The file NeverLoseCrack-main.zip was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
Possible privilege escalation attempt
Disables Task Manager via registry modification
Checks computer location settings
Modifies file permissions
Browser Information Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-06 21:36
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-06 21:36
Reported
2024-10-06 21:39
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
145s
Command Line
Signatures
Disables Task Manager via registry modification
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe
"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k color 47 && takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant %username%:F && takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant %username%:F && Exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32 /grant Admin:F
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers /grant Admin:F
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2jTr0Dq_kmE
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x2f4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2jTr0Dq_kmE
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2jTr0Dq_kmE
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?client=opera-gx&q=neverlose+crack+cs2+legit+download+no+virus&sourceid=opera&ie=UTF-8&oe=UTF-8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?client=opera-gx&q=neverlose+crack+cs2+legit+download+no+virus&sourceid=opera&ie=UTF-8&oe=UTF-8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cheater.fun/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cheater.fun/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cheater.fun/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/results?search_query=neverlose+cs2+hvh+config+no+scam+no+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?client=opera-gx&q=neverlose+crack+cs2+legit+download+no+virus&sourceid=opera&ie=UTF-8&oe=UTF-8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2324 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr5---sn-aigl6ner.googlevideo.com | udp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| GB | 173.194.183.138:443 | rr5---sn-aigl6ner.googlevideo.com | tcp |
| GB | 173.194.183.138:443 | rr5---sn-aigl6ner.googlevideo.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | rr3---sn-aigl6nsd.googlevideo.com | udp |
| GB | 64.233.167.84:443 | accounts.google.com | tcp |
| GB | 74.125.105.40:443 | rr3---sn-aigl6nsd.googlevideo.com | udp |
| GB | 64.233.167.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 40.105.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 216.58.212.193:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 216.58.201.110:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 173.194.183.138:443 | rr5---sn-aigl6ner.googlevideo.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 142.250.178.1:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.cheater.fun | udp |
| US | 104.26.15.166:443 | www.cheater.fun | tcp |
| US | 104.26.15.166:443 | www.cheater.fun | tcp |
| US | 8.8.8.8:53 | cheater.fun | udp |
| US | 8.8.8.8:53 | 166.15.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p4-c4u2npiclvbqu-6jianhwpcgkahtul-if-v6exp3-v4.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.201.99:443 | p4-c4u2npiclvbqu-6jianhwpcgkahtul-if-v6exp3-v4.metric.gstatic.com | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| GB | 216.58.201.99:443 | p4-c4u2npiclvbqu-6jianhwpcgkahtul-if-v6exp3-v4.metric.gstatic.com | udp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p4-c4u2npiclvbqu-6jianhwpcgkahtul-358626-i1-v6exp3.ds.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | p4-c4u2npiclvbqu-6jianhwpcgkahtul-358626-i2-v6exp3.v4.metric.gstatic.com | udp |
| GB | 142.250.200.50:443 | p4-c4u2npiclvbqu-6jianhwpcgkahtul-358626-i1-v6exp3.ds.metric.gstatic.com | tcp |
| GB | 216.58.201.114:443 | p4-c4u2npiclvbqu-6jianhwpcgkahtul-358626-i2-v6exp3.v4.metric.gstatic.com | tcp |
| US | 8.8.8.8:53 | 50.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.22:443 | i.ytimg.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 64.233.167.84:443 | accounts.google.com | udp |
| GB | 216.58.212.193:443 | yt3.ggpht.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | p4-c4u2npiclvbqu-6jianhwpcgkahtul-358626-s1-v6exp3-v4.metric.gstatic.com | udp |
| GB | 142.250.187.195:443 | p4-c4u2npiclvbqu-6jianhwpcgkahtul-358626-s1-v6exp3-v4.metric.gstatic.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
Files
memory/2044-0-0x00007FFCCDA23000-0x00007FFCCDA25000-memory.dmp
memory/2044-1-0x000001D6B7B70000-0x000001D6B7BB4000-memory.dmp
memory/2044-2-0x00007FFCCDA20000-0x00007FFCCE4E1000-memory.dmp
memory/2044-3-0x00007FFCCDA20000-0x00007FFCCE4E1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 38f59a47b777f2fc52088e96ffb2baaf |
| SHA1 | 267224482588b41a96d813f6d9e9d924867062db |
| SHA256 | 13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b |
| SHA512 | 4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b |
\??\pipe\LOCAL\crashpad_316_WHJVMJVUIGQUUABI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ab8ce148cb7d44f709fb1c460d03e1b0 |
| SHA1 | 44d15744015155f3e74580c93317e12d2cc0f859 |
| SHA256 | 014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff |
| SHA512 | f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b16decc7bdc3bcc6dc0571b25edd9716 |
| SHA1 | 806467a56b643122026d67cf3365b77fc54ddd1c |
| SHA256 | cb625801dc89a8d4444a7b338e314f85b02174d9a9c0ab35cdfb9951179186f5 |
| SHA512 | 663ca85f8416468c405298309928931626ffec5dd0a260e3e52ce24ce857378f929b5e5cabd096b938de4b189f654d90161d3d263e1afc8d09d032c3b041f883 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 685ca5acf417be0f074260add31098a8 |
| SHA1 | 650b17263a9dc345877d1ed93ed10cfe745d9a52 |
| SHA256 | 1caeb66d2fcd4c95a3c45ed27e9674106e867792a0e706154cc15aec5b272520 |
| SHA512 | a34dde5ac4628baf59c99fae0db11ec7a9836dd663345c2557f9adf77c1b356b28252f1b7baffc24a8b5c2b3ef3c2fdf9b88232da2aa7d61048239683885e482 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e87151f81d3fb0abbd00cc39d052577f |
| SHA1 | 1f2d230252bf7daa0fee1dc84c5d0b98b8ca7842 |
| SHA256 | 9f93fe793aeec65def1f61a19be90cd7c1c1622c49bcfa9f715de68f7a1c202a |
| SHA512 | 770d3595f90cc76d015382310b8b6f75449bb11ff299eb3d4706282248b66334575c030c9aa1868a79b598f306b6ffcf20bda3fcaea2b44fd142b18acf47c5d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58240d.TMP
| MD5 | 20cb63009b76f0cc7ae9f076767889e6 |
| SHA1 | dc2a3776999c599bd5f4fd860b60384989595ad1 |
| SHA256 | 6308cea1a31f838cf0bc558583c8d45ee6fd070ca4bfaabb48566d6b791f1bd8 |
| SHA512 | 84b622589cd1cfef605a17417428e115f12edda6c961d25430b79aa1e918c9a8100004d20c5167ef707aca40e7fd5b61853558cc3113ce5b794cae1240243717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9a84813e6aefe2bd1343a800b5cc87f8 |
| SHA1 | 01737d175c21184b513885afb422a2076c1e64ce |
| SHA256 | a803dd1db371a1d08865b4778bca8bfb9683233b492dbf33c5bf50e79b7165a4 |
| SHA512 | 45200d52aeb2f3ccd67ba67129d413fa7a9d60fe6cbc2fd8fcb962d8cc56cdc2d58d1e9e38ad0e0e19091633fabf5ce04e73e78221305e8da33b1cbba3b33cb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6cd64166a2f87eee75d9667ac43d2adc |
| SHA1 | eb69f8b8a2dc8857235cf21022f9d4a24ebfb790 |
| SHA256 | 509a4cbd2515102a2ef067d5135d39af515c6b46dc52996d8f14743bf07bfa53 |
| SHA512 | 7700c3c2e274443c33182c60d1f2cd701e8c93d85b9ab7cb9fca3fb29383cf36817546003283f80e0df3a1d0f65ba24935830d29a3ef890bc44ee966bf0eaded |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | d50ab8e866600acd4267da30760213ff |
| SHA1 | 2b9f69a0a6ab6bacec96adaef432a123067fddf9 |
| SHA256 | 25792c39e3868fb744e432d1ba0ade42ee3889206833723a867a5ecaa5e5c0ba |
| SHA512 | aa9e02b3f5dcc28ce82fd7ba6bedb0d26fb86ade39d3630a7d04324ebeaabe25bfa2d2f6bd2ef01893f0c2bb681105c7e330f7f79090d370ecb035ee5988b717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | d426f91c4085ce0fd228b8241ffc6092 |
| SHA1 | b8aee79a3e854ae301afa9cc822ee9933839d5ab |
| SHA256 | f020095933fb6569d5dc697031a1ddcbafb7ebb891dd4fc8a6aaba7238a27663 |
| SHA512 | ab9b9a90177bcee2172e55d3dd209c3a11402fc36f825987e499bc3e9ad3b4d91bf7ea1736ad20c94bbca4eee22ff741bacf7a368f7be277593d919591e8b581 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 778ca3ed38e51e5d4967cd21efbdd007 |
| SHA1 | 06e62821512a5b73931e237e35501f7722f0dbf4 |
| SHA256 | b7e1bfadb8d9c061f17a7234df012df7842ab1aa8fb6f9579fa3f0a3b4a75bc0 |
| SHA512 | 5f6f02099ca8079305fb7e7f43ae4344d522271fe30379c0854d6a81b7d8adf408a50a4b799b5f52e6ed162ba6ce7fe97e24a2b9719df780e75683d3aa103d09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | d4573f829b4f14307ba330cb30e84a4f |
| SHA1 | 914f31667c202743a1f761d6e5d97af867692822 |
| SHA256 | 153998221610cf51fb52561639d94a86a7e027225571296ce96aa1d716916828 |
| SHA512 | a2df48fdd73f7615c370c063e175d76f35c3e73e6c7b06f8c96c222b0810ac0694044084dc824f57c4a67dc783fcf92412c89927abb358f2c4af260bfca737bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 0b2cb411df0c267c83abb83802dee87a |
| SHA1 | cc65aec20bacb8bee07f10981658dec751b6b270 |
| SHA256 | 77177367eae44aa70ec5fd107ccd6c589092ff93e9166b9bdd19a0477d2d2e42 |
| SHA512 | 17fb4be12d013d7fc19d6e26a6e25131e88ce6272fec1bce23a94d6a6a3e309ea9dbad75fe91b80862fc014de1687016b3418215d962836bfd0d536c4f95b22c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 6446a11e503a678306ea9653aeffb08e |
| SHA1 | b774ce5a88202a719e6a7be53bf3373473de31c7 |
| SHA256 | 680d8582801792b0578b94bacf2a68c231bf4f970d00b8f92fa85e32c6ce94a1 |
| SHA512 | 3f282eebb712ab6aee8d47222af9ad05cee7b292a0e463cab8ab5999db5a727dba80aab6e98aaf2f8d4c3932daaeff08ec44562287b786868d631d4b295de6cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 8eff0b8045fd1959e117f85654ae7770 |
| SHA1 | 227fee13ceb7c410b5c0bb8000258b6643cb6255 |
| SHA256 | 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571 |
| SHA512 | 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 0ceb818a26c32ccc800255c207c0afac |
| SHA1 | ecca1bec3f2eb5c5c444eb86a9835ed4ffd9766e |
| SHA256 | b8f195a536a61525543f3a65ec2d11ec9cc27c2c18b74def7ac218ef4fa41124 |
| SHA512 | 8f89398cca104d6fe7b4c3e7d86cdb6b401f1368ee711b7650c19a688dc616c36093aed2bf0a4dd27a269cfd6946bd3b4a435d4f9d6f2f48eab8ceb3803695f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 4165e15c0e8e7f5313aba85f1fa09233 |
| SHA1 | 15566d6448757cbbf77ba502d1451b9751a9de0d |
| SHA256 | cb66c6e5653cc31df85d918477a83b8ce0e896f5bdd5878a09d00810eaf9ec90 |
| SHA512 | ee14c5f30f35b0e40d8fa082fbbbba642943d1c1039f7bf8c37ef83fedd15495946150074a1c4b603e581be3029ef9fa1e78e235286aaf276899823ce025bc19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | f737d4b852a8f4d2a41e8f9033e13aaa |
| SHA1 | f1f7eadf66cfbd6963697d102b4bb1e8de28da2d |
| SHA256 | 2aa331f40ecbcae2cddc8cd73e836b5c2fdcfa9e03e49a6ec55e7e2d6673197a |
| SHA512 | b567703c94d991d71b692808eba4e7c593a7eaff3e8e31f3e2bb397d36d47b3baab4168339beb15df3ca3f6004c88ecbca863c6fe286dcfee4355181c0c904a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a420b70660f767d4cfb84a5e14af05b1 |
| SHA1 | b463f89de05a5c7c6579d420c7ec8d93ca1abe69 |
| SHA256 | b61994943f15e4c836c51bfec793255bb9f51ccfe856c51b125ab814acf37bbe |
| SHA512 | cdc2a404a53625e8576dbee4b8c53dc6d492f9db97af98d2c81c1b6785bf9307684de49c7c99e0135818207743cfe683b756bc58d8199f2b541072c2640aad91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 3ae1995c4386a237a76b4b2e130ea792 |
| SHA1 | 4baa513a767c8b6fbfc3408426e3b31cebe4b506 |
| SHA256 | cf9af2225e3587f66e810b188efb087dbe0209b22e15b3f89f8f42a6085d8630 |
| SHA512 | c3ec4fb27240a3785693595af47eb9d8d3495e70db17ce88e6ed8bee5e328f061cc5c678402bdbe2dc138ca0c008fa01f28322d9cadeff08bb7f51b28f4d66dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 8fedad582ed732728070d4754f196d07 |
| SHA1 | b94051359a5c4deee990544c25129c78842c6e26 |
| SHA256 | 74d56ad209629b7d461ca2a689440333f48213a55bb8892c2b3a473e6110c261 |
| SHA512 | 0b1dc36cf4e9193070033827b00edeaf825bebdf4930ebbcff2629620e7431aae282f0b8f669b5ade4bfaea2722bc2f486842629289a28ba6bd7da5f55a29a0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b1370169-d0c7-40c2-8510-a4b7d21e3e0f\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5276683083725710cffd6f516c3f9d07 |
| SHA1 | 9eeb63b267a5f1490e978804f29fcb08d0c47052 |
| SHA256 | cbe0a5bd978f914774439bb144b739a0354db23d9f5681b3f990c285b23c8e13 |
| SHA512 | 4ec6ed0411bae2173abfbc0d3e9f5ce8c74fe7612ed06c03868d8a6fa09b54f2c591f9bb0910944b511da7d2cff1a134a31fa4fba96e6c002bdc9e5253570daa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586944.TMP
| MD5 | 2658df40cb0d6a012b1386f99d759582 |
| SHA1 | b539e78b9a5a6dca515e7133f626c4242e43e1cf |
| SHA256 | 2178021ef2bb4aacb64a587f33385cd5743384fff7e6005eebadccc4bb96c637 |
| SHA512 | f741a9d0e5a5ccce75ce7c56ada713ae2e2e18a4f7262a7486cbae5eeb287ab88e9b324efe62edb5b7f376f004c067e7bd8be19f67f7a0e8155cc97a7cb572f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 115c2d84727b41da5e9b4394887a8c40 |
| SHA1 | 44f495a7f32620e51acca2e78f7e0615cb305781 |
| SHA256 | ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6 |
| SHA512 | 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 2d0cbcd956062756b83ea9217d94f686 |
| SHA1 | aedc241a33897a78f90830ee9293a7c0fd274e0e |
| SHA256 | 4670bfac0aeaec7193ce6e3f3de25773077a438da5f7098844bf91f8184c65b2 |
| SHA512 | 92edce017aaf90e51811d8d3522cc278110e35fed457ea982a3d3e560a42970d6692a1a8963d11f3ba90253a1a0e222d8818b984e3ff31f46d0cdd6e0d013124 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | c83e4437a53d7f849f9d32df3d6b68f3 |
| SHA1 | fabea5ad92ed3e2431659b02e7624df30d0c6bbc |
| SHA256 | d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb |
| SHA512 | c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 350fef14b9432c8888714f9d69ba79fb |
| SHA1 | f02876195e3b3628384124d63cbcb3606a06996d |
| SHA256 | dbb362d29b9b4111e7722bae880e8a79ef8efe96db4cdf7869195f5cd0066fc5 |
| SHA512 | 8fab4f3151a81a2cf0465aaf245d507da97c230eeb86dd6e9cee798e4d8d953aedb2e7e4cc004fdc8a5f7e8af0ded27aeefb4c626ad61c95f38572e13d49d419 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 9a95465d3764f96b7999c7c0f30f87a6 |
| SHA1 | 5d2f08cb28acc8716afc6406beec43120b5737df |
| SHA256 | 425485dac92e5a7f24fbe3c728977bb245cd9425ddfcfe51352eebbd8bd2c0fb |
| SHA512 | e80de30197ce9460abac1f3831a85da660aa382afbebd41524b448dc0e092c0270e5758c6b5e67992d3129ac6e3bf55f5a01316c0515b241a4aa88044af59913 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5874dd.TMP
| MD5 | 0135d78fce3d44a691676f131d6c783e |
| SHA1 | b11fd6872f78f64c7193f268b3700d9b0499110f |
| SHA256 | 1eb505492c8da7df3aaa0d4a33f25748fc5c4268c5839f22acbff4e1cdff016a |
| SHA512 | 6e5d76f9578f619dfce4eeea3cd5446c0c8abeb8c4f520242e5db2e0730c39624f9251bccf19845ad945a9cdd860576e28e5f42b8ab66ee27be98a3625491062 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | de23825bcf93469db88e349ba1637e3e |
| SHA1 | ee80919ae566685627a9b76a7c4cb92ffc8e4a55 |
| SHA256 | 872810ab46f70acc65014fa120fad3b0ff971eb6e4472b412352bd399b1058bb |
| SHA512 | 05476f557daaac9808b4d94112a8c65c5660a159b4f0514352f5a44ea3ef1a79b53293fc5776d6270161bf8d9c57b3c654db6fdfa842029068eb9002fb1f6b1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c4df5f49-38fe-4954-b9fa-f87f18695d62\index-dir\the-real-index~RFe589efa.TMP
| MD5 | e2159f18f55a9cae94042f1ea3d1a564 |
| SHA1 | 95722cd3ba9afc01a284c8e80508b7b2fd54512a |
| SHA256 | 469d223fe09e85c03c4549e3cd3c28d80ae8f08239f4ce297354747615a44ad0 |
| SHA512 | df4adc70e020e4df5bf1fb96f46ea6394ce4d511e5b730fbf02f6f161ffca37c3f4819d7d4f8e3bdc731204238198ff1e82e89aa671040d57abbc6c52c183329 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c4df5f49-38fe-4954-b9fa-f87f18695d62\index-dir\the-real-index
| MD5 | 8a4e549a31582f09befd2f8b7a8df230 |
| SHA1 | 5c12d1f2f74fde8db1dd4cfb684e512f1dcb58f7 |
| SHA256 | f2c9f2512bc59455cb6b90245a26fa7039e7abcfc4be6fb2dddc412cef31616b |
| SHA512 | 1b90f0e6b2ca52012953392747c745406fb442e8c5d260db19992af299432fa31b67625244ab53cc9c29631c8c2aadf1c22f6fd55bded2c7e46673b116f06b8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9a30aac35eb0d91efb62c1f8a2f4173d |
| SHA1 | 0e84d7c62ba8238eb341ca04aebe0f6536348a6f |
| SHA256 | 17e8facd281f7e5d7e6c3c63930b3dc7217124025af23836b1d4ba69f4cf7a8f |
| SHA512 | 490921893e788a2238e091b9a0cbbc7a0d122a10c60db5c4cdb2073e67c7d9e0a0d5730279a5f4f3d93a0b5f795cebc6c81b8614752fb231c45eb57c3d48ae51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 39a1b420fac77d5731e5b0409102a646 |
| SHA1 | 97a47dd7cbd412aba6ee2e3408b02303355d7665 |
| SHA256 | bf0145105c4ac5e9f88a9948f37ac3c7255fcab01804efc035eb35f78ed047a2 |
| SHA512 | 11871951eef99fc89ae1f869fe901700e287441c856d45a170ca66688e713e5d7305e99810e85671fb96437c518c9e574a01cc177647e87cc56528bfbcab111f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 881e4a72996a064a7d71c441b1eee402 |
| SHA1 | a8dc603a18f37888f3b493d1a513857e8ba5ef1f |
| SHA256 | 8f7094e61107175d67d6f6037fce5a632a099f50be61d0b3fd5d9b00f070c911 |
| SHA512 | eed88d2d8cd525cddee6d56d91d40ec4fb834ef79a9dc8ae5ffd0e78a9cb91fe91401cbcd1b00c79b6264b3e31d8b52ad38be6dc9d8e1ce215697643b7a256a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a464bca15b2f4267055632132c58febc |
| SHA1 | be1508b964f290e5df73e2fb0b7c0cf046ac804b |
| SHA256 | 020307af1c6aa776d4af6f344ac714ee07772f51c904c59eb5d7739b021b67b1 |
| SHA512 | 7fe8d5253df558c9ea8a99aff097c34adb39047ae94aeb64a934346b9853fccda6f9791c5b7193cac0ac0c5999e0f82bfda92a6ae462ae3431904c41650957e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9c39b2dd-5d50-4166-8209-1a020eb2bf0a.tmp
| MD5 | e57530a3dd0cb56ec3f6d8a9abf403eb |
| SHA1 | 52181d3897bf8583afb82229a61a0ae5cb82dd34 |
| SHA256 | fde8edc4c5ab83afb2a27a040d812c4df65f32063f1d846ee325ddb772dd4958 |
| SHA512 | 7bace1f5144c5ede18fa1f7cfabe35161b0fcb8bc78744896a151cc95b96bd0b7c016141a8c04867b0839ec0c55a45d4e80f0301bdd432cace8cdd1364406b17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bb8b8f5c5dd3b2b1dafc7efe811bc1ce |
| SHA1 | 912c3f6e385b693878645015a71990c1bf9de9d9 |
| SHA256 | 696c08e148056468dff657176291c66ca8de508af34e30b1d75fdab96ac753e5 |
| SHA512 | 445cf8f180e67fc58797e8afaf05abfbd0ecf9639fff96634dd776a905dcc380d989bd1fbb71b472b627348ab9c213625a7bcd388c2e4bb6a26b138de9bcf359 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e2039d4e89f17fabb6a619fd1b95f7de |
| SHA1 | fcc2f3232263513fd61ac9d12a7d336e615da8cb |
| SHA256 | 06303acaac3e1200c78c70c441acee055f7511840370f9e4c548c4efb42eb622 |
| SHA512 | 29211f7be32c181552deacce9e7ca49ebd0545a23c4f99d916da818ef071ad5f9aaadaf1f3b292d3384e59a53b44f8edbf07cb3a83c149729dfc524c7a9bfb2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2ce3541e27f36190d836efeac6c3555b |
| SHA1 | 0936a8fa8335a7c2ea9b7c03ed49e5f4c2810db7 |
| SHA256 | 095c54d5e96be6f6fa7765ea0abe5609e36ad2477f489dde0a3141c0089b3510 |
| SHA512 | b7fdd821f0add93c9d5fd696709d7b361d3783c0139ef4a70192c629fe90f68473ed5cd2872e9f412b73317e7b82352cd9825d3dda92e1b3a0a43f3d9f50e36f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 7c2224075fd41741e27aab8e01cc338a |
| SHA1 | 61ab9ba861743b87f8af0c55e977aa1c653f8d73 |
| SHA256 | efaecafb3b690ff5bddf38ffb089a715f083e311ae55761697fcd3ba69b5a141 |
| SHA512 | d6dbda96d49ff4b36d6906dcf001e7ffbbd953e06a347abd5d3db8784feda2d134b875f7612611061628ba175656fcb6da378e8bd06764a287add3e64e33ce82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 7680465c99b9bbd9eb5e3055a95ff481 |
| SHA1 | 4f035af69ca6076226746c23e900846846dce364 |
| SHA256 | b53b1d67494e1a4c85056d2bbd233fb9241dd02d88261f72aacf17584f0731e1 |
| SHA512 | 3c78423f29234a1bc867a73f3c8ddb792869fdb388537867a8d78e68d545386c6cd92891f05221194113ddbc822532184d0763ec329db396c7d41c4f59d447d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | c63acd09d7abf05d6087981958d3349d |
| SHA1 | 6a654ec747409592581ec6fdf5594a6e516846c5 |
| SHA256 | 1ba6177f62935e6623f960004b38e76c47260fc47708006b9c5a9aa9c2aa4001 |
| SHA512 | e5e19cda45283496c4dcf8878d75fffb345431c6688042380040e9382be194ff2f2951288429bb1002df0fa9be77f4930ede6fa74c861f1916f8a75bf72cf64e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 329171b680f802225de8e319988de67a |
| SHA1 | 39b51c4bf371089bf2223f41f731dc3442b991e9 |
| SHA256 | 5f785bd507da25f5698da1ae9281950ec415a560cb8058c4bd282582cd17014c |
| SHA512 | 7238601e40e049a3d0825bfc99633f5538c6929dbf0f14c848819d763d0e318d862ce342509555752305dbd64d2889d7bc287670166f5cf35564b785ea8dfa3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | dea2845a168742c75f21eb3eecfd073b |
| SHA1 | 5317695bc387b1322068fd6a6b93196651865a12 |
| SHA256 | 4812d8c0819d7375a860894444a505167bd45b212f6981faff32b0ad7712c06d |
| SHA512 | 6c8d9413a26bc75cd0219d0da8be77fbb2d8869d3fbec5ef3f922b44281da9878aa172d322629b67c9b758fc253a98aacfb18ffdaf5e2cbbd1e5cba55a05930d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | ea72a4e3b1d503709bf4894acc0d993b |
| SHA1 | 5dc1085aa6602623ba36d129cd14eaa2153eebb8 |
| SHA256 | a748205e9bd601df0b0beea943a4f3c9cf1ba5cddc17a7b8d72119057b0407e7 |
| SHA512 | 72b1bb7d1739515be17253714ab74a3b8f8850b72dc5d391bea2caada0ed2bace4c5fe799ef4914f68ed2e817b74ba3d3aa1f31e1bfaef1618c23d02c7f1aa18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 04f4c51c1b1ae4347d3ef9e63dd650f8 |
| SHA1 | 87e0f582937e3aa332e9fe12b9bb0b8b45bfc418 |
| SHA256 | 590d1c3dd1db6db4deb55d98a95fd11ed040d8ca1775f406558b66441b50e6ec |
| SHA512 | 9c271842736e0cfb9198bcc29003fe93b319984fa65ccc571fc5bbfbbc7165fe89effc76f9a2fa4d052bc44633badc2dc8bc73bb3b68022a4d1c626e386c23e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 6381aee94589eb62197302f2dcaceead |
| SHA1 | f9c10d1b729d5958b698507afdc27fcdba8dbf78 |
| SHA256 | 95aa54df31d1f8fc7fdbab297730882029b052eb9e79898ce4feaa6f3d6d52fe |
| SHA512 | c169b380f85a532b8c84c2bf4fc910d103294d7dc060d1d10d8f11f004726bc3e81c8b611ca3d0311beb8773de1f89c28b20e4fce832f9f8f60baa53ecb754d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 5571d8719004cb53a65451e857eefa30 |
| SHA1 | 99c8a889a8e6c14366b32ea5ab714d0005263a5c |
| SHA256 | 81a63d0ecbe981107ca5f6ac4138803453f1b20d05b741e67ee4bef0641552d2 |
| SHA512 | 1d862137deb4cd270ec8dce26f44a5834aae9f3f2c9dd2e496ec1beb1aa430109b2bda5995a5c314fcac5fa6fb4e64e0b1c7cbc502cf23df9abf6410f9051621 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 2b175f9be1bc413666c2cb94b7b82aa6 |
| SHA1 | 296e059cc0330c35c1a6bea8192c835894a63178 |
| SHA256 | 0d7de85a8632a76524cf886ae28005a4e8b1c8f06cb19b30e0f51375a27cc0e9 |
| SHA512 | 101552f23d0f961e17ca887724da8011f5dab7a1324ebb775e5d6c1e41718f4f2d6bec317aa9986fc8b28d8064adb0cde9fce827029da55762ed0558acae5606 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 214f75e42aa5cfca07257cbf8c64e83c |
| SHA1 | ba4bbe71d4ab266bc145305217cdf86a7777137f |
| SHA256 | a6760631fecfe59ed152aeb2c51fdcb515ac00cd4755449016b5b34813735d00 |
| SHA512 | e8d896c8c3509941fbce96e2847838a520b3bc8d94348b1121840a1a2a45328be939238423a03cdfb7823cf128eec3190de8b4c1924553d603ef02fa856217e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 7fda4c62c1bdeae7a08e6fd438104bac |
| SHA1 | b1f626e78f5f6d7be993303a49eb81f0fa4ce57c |
| SHA256 | 4dbd328e347e890a801d51f9a5f8d38a3efd51ec34c0aa22cc83d0a95d6d9d71 |
| SHA512 | c4a36a3c1ff23023533dff103a108844b7cfe4e793aba0b1b5576431e77dd6e9edf29fad68132577ad6ad55ca7a011a38723da2fa15d9071d2c6ba4e02d1dadc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5f056791b62579ef960de7325552211e |
| SHA1 | 10569ac2c43e7dc05b47b736e151a42382b1f409 |
| SHA256 | 7c000ed3137907eed223ca526b66f1e2fad96239de40a9ed878588b16b4f0d93 |
| SHA512 | a05230d8530965dafbf6ddfb8bd1079a826861ff3cd36d633df31219491dbd72db16444563b6e47b1f8196cb9379cbfda63e137a330edf50902b9844d8b465f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | a5cc79fbd666432c461daec09604f082 |
| SHA1 | 9a3df93d85aca657c5c8b60f9b4063128319647e |
| SHA256 | 9a7f91177674363a59d898f41192d993f0dab2ce2c93a180b6d1042ea4b9e279 |
| SHA512 | f93ebbb16738cae18477a0bd833098abee3a77880b8623ae2a462ee8e209487045121700e013dd0da1c7c3f5c9f24a56f02a5cba837df4ac1f33c9f6e3522c62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | 4bb71581a47e597283a0da0f6bef0eaf |
| SHA1 | 536ece5dad210a9ad160eb1243f836ab18482410 |
| SHA256 | 045771bfcf6c64cb008723fac614aee762de1c3b0f8f2e9895a37c788cd33966 |
| SHA512 | e481ebc6878a88a0cadc0123e5fc56ebfd549cfd76df69ef6d976c9015605b7d75092321f7f49d8c61cf611f3f9a39c96bfee995b7f9be3461f44e5379b79d19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | f730bff0cf8edaeb2843488eb25f2871 |
| SHA1 | f911d18a07b3dac9b6cbb8562e4589fb034bc31c |
| SHA256 | e21091eeb35a537a27bdef9bfa0952083e2cc4bf8fd622b8bb5d4757f0eac12f |
| SHA512 | 6f5b0a66135b227f36cbbf4f0a2c5af95887a92ad4b59937cd1168d35fefa8860b2a08364f60f788b52c19b49bef3282edc70ec63d7b5b29a8d6909d3aea0e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a865f2e2c267300be20c5eb310cf43bd |
| SHA1 | 4b44d7e62a9f4def96b6d1675fc6a107e35ee55b |
| SHA256 | 08d8304c1cbf6dc78b3e0f4c59ebb1289872c7731b6c9cc050e7072adacdabaa |
| SHA512 | fb7181a0a6bdd8dc8bd292765107f799ec2806aa225e2ef6699ef18a13a64a6362ad27ca6bc5c67f8ca3064a10bd50cbf88331c1529f461680031b478ee65cfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f123a0719bb2ba08806a61fb9ce3cbdd |
| SHA1 | ea0c5e5071f125e0c8508449a0bb840094cd6d31 |
| SHA256 | fa8a890585b7b08ccf9c27dc0399964b780072c7a1196b25f614bff4d1f6defe |
| SHA512 | 54fb461c5e8058ea25d88a194f44631d9413bfec21f45bc29fcce2a646f4cba7b282526cf7e599605f632d3e866601587f5d23c973df40f0db5027d9128b0c63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | d8873cbac3efe2a5036d6858af30c688 |
| SHA1 | 3fad1362ca9842c8065842903e92a34caf1e589e |
| SHA256 | 6fe461cf28ee7a69910b21a299b7ed081bcb3bf99cacb6a591a9d77096771cbd |
| SHA512 | 2a4bee6d8bc4db460e0f8180e1442cf63c7dcd77c54951f75e7ca5ee5de88ac14874069ac4365e7c152cbc4809c87e9859505efa80d3a163f136723f667fcaba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ed5f4fcff84187b4d0cfcacc3ae77a1d |
| SHA1 | 6cbbcbd40b4796fcb171c23282e109b7c0a13e0e |
| SHA256 | b7b832bc2cd853fa3111e32975bfee5abd3dd35a1378dc7d42e72c6c3bb94269 |
| SHA512 | 2dc372fa2e761cc7dc8927779fefd5553871aa93027e86d5b688c427a9bbcd01c81fe2008de80cbf7519f9a1437bcd24f8e613f363b39efc47cd4df33e8a9226 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | e383ef862f4c7f2a0c8914815681208d |
| SHA1 | e280c3d5ac7a4168711d8ffb5943c86fe04b9d04 |
| SHA256 | 37cd92c2c53e7a916e02f3c90a58ecc8510dd2663b6c8ec44407765802c9a90e |
| SHA512 | e665e11c24e50520da6b83f877fa45fe94ed6eb502c4f9bbbbdc2fe539b54111d0a7c442c5828b1f58d000e3f90f33ab600dc9f120e4eee8748931378b265c48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c4df5f49-38fe-4954-b9fa-f87f18695d62\index-dir\the-real-index
| MD5 | ec3bdf60fc94a1f5e5991bc03ca626a3 |
| SHA1 | 70f31a31408c62799c315e910e7015efdaa5b944 |
| SHA256 | 85065ed21f4ce54eac9f5d81c7294564ed04b1564fe723cc94f3669022cccc9e |
| SHA512 | 7a09579d085073a106f7b81ccee5db99ba4fddd235a61e9b2ac446dab9ac4452f9940798eba7a01b85073e915737791d69818ce2fc40a53e402f132102a26900 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 55baacecb7ed96337ccd5cdfd425cfb8 |
| SHA1 | 7a40d743a398da8d9a82552add7cf8ed18eced1a |
| SHA256 | a12eb809f22787c2ea9579cefe9fef3678b68e03e921b135a80447da61efd1d3 |
| SHA512 | 6f7e19c178ec69cdee110d61d4ac0f4cc086ef7ee014709348a267952f5085a54f4cd5c16fc088a7ba231d0ca3381136e7d58ab6ce44ab0a32807cf4d6fb5431 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-06 21:36
Reported
2024-10-06 21:39
Platform
win10v2004-20240802-en
Max time kernel
95s
Max time network
96s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "empty" | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe
"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
memory/2868-0-0x00007FFCCA6B3000-0x00007FFCCA6B5000-memory.dmp
memory/2868-1-0x00000142C7E00000-0x00000142C7E22000-memory.dmp
memory/2868-2-0x00007FFCCA6B0000-0x00007FFCCB171000-memory.dmp
memory/2868-5-0x00007FFCCA6B0000-0x00007FFCCB171000-memory.dmp
memory/2868-6-0x00007FFCCA6B0000-0x00007FFCCB171000-memory.dmp
memory/2868-7-0x00007FFCCA6B0000-0x00007FFCCB171000-memory.dmp
memory/2868-81-0x00007FFCCA6B3000-0x00007FFCCA6B5000-memory.dmp
memory/2868-82-0x00007FFCCA6B0000-0x00007FFCCB171000-memory.dmp
memory/2868-83-0x00007FFCCA6B0000-0x00007FFCCB171000-memory.dmp
memory/2868-84-0x00007FFCCA6B0000-0x00007FFCCB171000-memory.dmp
memory/2868-85-0x00007FFCCA6B0000-0x00007FFCCB171000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-06 21:36
Reported
2024-10-06 21:39
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "empty" | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe
"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
Files
memory/3916-0-0x00007FF92DA03000-0x00007FF92DA05000-memory.dmp
memory/3916-1-0x0000028D33570000-0x0000028D33592000-memory.dmp
memory/3916-2-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp
memory/3916-5-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp
memory/3916-6-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp
memory/3916-7-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp
memory/3916-70-0x00007FF92DA03000-0x00007FF92DA05000-memory.dmp
memory/3916-71-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp
memory/3916-72-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp
memory/3916-73-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp