Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/file/jiyslmakevjvdwq/Software_v1.24_loader.zip/file was found to be: Known bad.
Malicious Activity Summary
Meduza family
Meduza
Meduza Stealer payload
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Looks up external IP address via web service
Accesses Microsoft Outlook profiles
Suspicious use of SetThreadContext
Browser Information Discovery
System Network Configuration Discovery: Internet Connection Discovery
outlook_win_path
outlook_office_path
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Modifies registry class
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-08 13:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-08 13:22
Reported
2024-11-08 13:26
Platform
win10v2004-20241007-en
Max time kernel
200s
Max time network
200s
Command Line
Signatures
Meduza
Meduza Stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Meduza family
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5512 set thread context of 2912 | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe |
| PID 4672 set thread context of 1484 | N/A | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe |
Browser Information Discovery
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/file/jiyslmakevjvdwq/Software_v1.24_loader.zip/file
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86db546f8,0x7ff86db54708,0x7ff86db54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\ReadMe.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5796 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"
C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"
C:\Windows\system32\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe
"C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"
C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe
"C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"
C:\Windows\system32\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.17.151.117:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.151.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| FR | 18.244.28.11:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 216.58.201.110:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.18.159.164:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 52.41.237.133:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.10:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| BE | 66.102.1.155:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.170.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.159.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.187.37.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 104.21.87.79:443 | bshr.ezodn.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| FR | 3.165.113.64:443 | tags.crwdcntrl.net | tcp |
| IE | 52.16.238.77:443 | bcp.crwdcntrl.net | tcp |
| IE | 52.30.238.153:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.90:80 | crt.rootg2.amazontrust.com | tcp |
| FR | 3.164.163.90:80 | crt.rootg2.amazontrust.com | tcp |
| FR | 3.164.163.90:80 | crt.rootg2.amazontrust.com | tcp |
| GB | 216.58.201.110:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.237.41.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.113.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.238.30.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.238.16.52.in-addr.arpa | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| DE | 162.19.138.116:443 | id5-sync.com | tcp |
| GB | 87.248.114.11:443 | ups.analytics.yahoo.com | tcp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.193.197.15.in-addr.arpa | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | hb.minutemedia-prebid.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| IE | 52.17.36.150:443 | hb.minutemedia-prebid.com | tcp |
| IE | 34.241.172.35:443 | ap.lijit.com | tcp |
| FR | 163.5.194.32:443 | prebid.a-mo.net | tcp |
| FR | 18.244.28.121:443 | hb.yellowblue.io | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | dd0ba55d342730de4b6ab586507f1173.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| GB | 216.58.213.1:443 | dd0ba55d342730de4b6ab586507f1173.safeframe.googlesyndication.com | tcp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.172.241.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.36.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| NL | 185.235.87.116:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.213:443 | ag.gbc.criteo.com | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| FR | 99.86.91.124:443 | check.analytics.rlcdn.com | tcp |
| US | 8.8.8.8:53 | 116.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.91.86.99.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | download2262.mediafire.com | udp |
| US | 199.91.155.3:443 | download2262.mediafire.com | tcp |
| US | 199.91.155.3:443 | download2262.mediafire.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.155.91.199.in-addr.arpa | udp |
| US | 104.19.208.227:80 | otnolatrnup.com | tcp |
| US | 104.19.208.227:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| GB | 54.230.10.77:443 | woreppercomming.com | tcp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 8.8.8.8:53 | 227.208.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.10.230.54.in-addr.arpa | udp |
| US | 104.21.79.34:443 | www.chancial.com | tcp |
| GB | 142.250.200.10:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 3.73.194.163:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 216.58.201.110:443 | www.googleoptimize.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | 34.79.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.194.73.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.234.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| DE | 3.73.194.163:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| GB | 142.250.187.195:443 | www.google.co.uk | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| DE | 109.107.181.162:15666 | tcp | |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 104.26.12.205:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 162.181.107.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.195:443 | www.google.co.uk | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.230:443 | s0.2mdn.net | tcp |
| GB | 172.217.16.230:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads4.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 230.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 73.239.69.13.in-addr.arpa | udp |
| DE | 109.107.181.162:15666 | tcp | |
| US | 104.26.12.205:443 | api.ipify.org | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.2:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| GB | 172.217.16.230:443 | s0.2mdn.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f426165d1e5f7df1b7a3758c306cd4ae |
| SHA1 | 59ef728fbbb5c4197600f61daec48556fec651c1 |
| SHA256 | b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841 |
| SHA512 | 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6 |
\??\pipe\LOCAL\crashpad_1048_TEETSEODSWMRIXOV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6960857d16aadfa79d36df8ebbf0e423 |
| SHA1 | e1db43bd478274366621a8c6497e270d46c6ed4f |
| SHA256 | f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32 |
| SHA512 | 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e7d1013b488d73c587c3c5509a6473ce |
| SHA1 | 415a04e10677d902bef701043f83e3fcb67a211c |
| SHA256 | f592e4708755fa5f43ac28e313276b4c4ffdf38db29317abf3d2ffdd50db441a |
| SHA512 | 155877c241612b566d56cd22e7fa5a99029878d4a1b331da1bf1b43a78f4141aa3e9eeaa7cb8fb4bdcb30fe652a9984b9a45213c515801e851ea7d2942be206f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 36dcec4591b98d65020c8bc72114b85b |
| SHA1 | 04f1b33a63f161e4538bb05c39295df995b1e0fb |
| SHA256 | 7a69344de669bc619bd47a18aa718e809d9ecd7ca9f420eb618527d661b0e7bc |
| SHA512 | 29271ef7ff9ad98dfc13287a56964060445ff47d1178c766f198f1bd60f317660e39d94e9f9fe4a1d44d2845a393d64158cd3223d943a89dbc1f07b0941d3cbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57a909e4b01912a0deecc155aca9f24c |
| SHA1 | 079768b8a3d5c5c556f46acb752d5e5b23c6de12 |
| SHA256 | fdd927c87eda3fa8bf0cdeb7ee35ed0c20a94f3baf68206253e6db40d30cdb0c |
| SHA512 | 783bf26cc484a0cf82f793f79e9e1cc16bfb3eb9d6f4cdaa1958a275dd599db9f9e3d56991bc1283264636997339c1071f7b0fbbceaa97089c2411568eefa5bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 020901584812b9e35310a53c165f30ad |
| SHA1 | a097b24b69317f3c3bade5af35d4a045839536aa |
| SHA256 | 916efede7fba1e5860b0461f0a6b5b42d16cc3cf823d101288ca57e9f9890da0 |
| SHA512 | f152523b496af3b3673c77d58f2542f45112c95dd7ab9b6033b08423fc0a4bb943f0afb6dad80034a41e6f3a056c80b4aa368977d2064fcdcbdced5e5c8ff2b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 45869c35b2cbc2b86fc8828a9c0f2aed |
| SHA1 | 194acce265906594cf10311696c82839796d26b4 |
| SHA256 | 4508f7c08caf799fab81103d0ed6eadff82a5ba17c277df8932ad61c19830c95 |
| SHA512 | b71495b9b2168b8fb9e94c3bf3680d4f255076c5f854230397dafa24490c485d1e5b7228fa31c802f0a79825c8c29b1b0a82dacaddfad7643828f6324051b297 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f83b.TMP
| MD5 | 8def4a5ba7681c0a428950258226f47c |
| SHA1 | 15aa5017ebcaaabc8ece2f0552d4c2564a553510 |
| SHA256 | aaa655d343f840ad784b0686f73db183f6d3e6a6af83358e2113cf04684e3344 |
| SHA512 | b7c08af0f62debf8d9a80be28f9a052af39a528a00a460029cb8e2509929f1538dda5d8b147b28e30dbe4863b7bfe4344092cef2e0df257d52a278ac49ea6cf6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 652f8049bab6befbfbfc5f4d604291c6 |
| SHA1 | 6f2c402e1f843b90ee3293bbaa28e60496b0f91c |
| SHA256 | 11b1d47afadd6c5667d745f43530927010961abf5d33ebdc8745cfad6c64b13b |
| SHA512 | 8796f09252ea63c5e61756841183674f65c12a8fa04ca296a4b273486e8238498a5f5028dee4d50c4c8f10db6172be2358cf31029e44e96dbf6bda15b0a410df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 87b8362259f6ce8d0318a2135974c44c |
| SHA1 | ec207cc0cfd2c7b66c2fac0d51b748110487f554 |
| SHA256 | 10dc630c403244b17503879e19fffbb91da44b07b942ea177929d879b36d835c |
| SHA512 | 199aa00ada75e1690822e842725cd89bcf54eb77ea26e9040a28f8afecd668143e3500e06f87f33e38d237df584acd39d2ce1767e10de88b7436946fab6f7771 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5827a7.TMP
| MD5 | 26cbedd545a27b15df22611e6bb4c014 |
| SHA1 | 05dddba58c051e41dd61466e2a0b82e37ae764c1 |
| SHA256 | 98684c1cb6017a85268b509e35d376a207e9ab6fdbe608a4fa2c688c2e66b12e |
| SHA512 | 04e0c2729b3d2cfd89238e7ae0dcf6718ae30ea125e896de7f82c621ae9798ea4919561c7a8c052d55877d663c2ad6c9093a5700f813ba38a5f0b3f8068e2a0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0f740a77d3c00a5021a1e2f169fdbd5e |
| SHA1 | 2d60e5925cf2af83cc4cde999decfe798fb94d83 |
| SHA256 | 95e22dac9afb0f58723bcbdb74b16dd13f0a34110d1d50df72f9dd2cfe61f048 |
| SHA512 | 4dbb6a9164ec5a40ef20d13ef4ec348955be9da777e5e5bb4af009adc6ff1f4df8cd052122e924765e993707fbee299b9d1619016b51e73a547fcd0868ad08b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\653584e5-6b1c-4723-9ded-04ab35c0706a.tmp
| MD5 | fefbdfeaa402f470dad7609cb64c2391 |
| SHA1 | f958c1804b5a710fdfddbea738b65fb5747e0a34 |
| SHA256 | 08006230fbd2dd7c2b1fd8ed02756f562f86fb37d45bfca8bcb7217c356e37c0 |
| SHA512 | f346e5a48b57c4bca4e4b19f306933ff57a27e0439e0ef3d035eab62a69dbacaf13e08599a2fb1c6c802e0462402ad63a82e71f911004976ba4c50ca0d86b8ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 6b04ab52540bdc8a646d6e42255a6c4b |
| SHA1 | 4cdfc59b5b62dafa3b20d23a165716b5218aa646 |
| SHA256 | 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d |
| SHA512 | 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | c03ff64e7985603de96e7f84ec7dd438 |
| SHA1 | dfc067c6cb07b81281561fdfe995aca09c18d0e9 |
| SHA256 | 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526 |
| SHA512 | bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c2e75d82391d2eecbf51c428874f0914 |
| SHA1 | 14eef2d3e0f942d63de1deda029e8530e87593db |
| SHA256 | 6178d230ea1cbc8ecb7e4f6269376f5bc258afb9980a94bb41b35fd218ba7221 |
| SHA512 | 5a022ec8d6f834ed5fd959b0d6e371591535614903065bc4249b20f246982cf750d39aadf095ff1cadb0b84b00c8a15fb5fc00ad146ea9f074ae1379557bbc9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aba5b2a9d587006a77e68f727e7698b9 |
| SHA1 | 68fbef711adc321987a95d7a7f6f5024d171522d |
| SHA256 | ee075308e27a7df1b80688ee3aa3faea0edec071e84a3cea1200b0f201ab4355 |
| SHA512 | aea0e443dee603f5e7306f4c19c5b66dd630bce0063dfe09b612702221b654c420ab7a174208c71ad31d19725b749c60072c1ef5b279dc3bc5cbae02388de021 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 73385d54f9e6a7774597799e231ce444 |
| SHA1 | 9c2ca7a1a2dfce0b8aefdf68a790435803ad81a8 |
| SHA256 | 9fa8cf9a8c030f2ec155e7ba5fe35f547f1c46986d69bce1ea0075fb5071d889 |
| SHA512 | f07deb32094aa64cc18586fe07a3f56c22be72cfba85128d54dc379022a9add94a0174af93067323411720e1a46f9e27c4009f9a79c70f03ba47504dc10c0c41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 82c2c73f5292b9c2af913d642eb8a538 |
| SHA1 | f29a20b5a336a9b80ed7eb78586d5c95d1668132 |
| SHA256 | 3d992adfdcf6c33a72cc2408647d448bb4453818b4314707653f330a1b356716 |
| SHA512 | e884fd7ba82f7e7a603b5dabc317ff3bd88c6dc6b08ca5f7ebd689eed63ef0d37f5eb394804adf7e6dd6eb77003952d43160dd63491151ed730b5b9f750953f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 40e72bd7d04ec98d86f69ff58a037e8e |
| SHA1 | 04b681470e0d6132e16d9904759d40d2a2fac4c4 |
| SHA256 | 12eeb056846a624f43fc827fd38b826ce33a983892bafea46010893a4f7577f1 |
| SHA512 | 8d9f470da1c7dda422f342f4a7bb5a43a35b5883158200a1853eba57c8553faf7bec8940ace061fa10198fd643e9c7c0d6af9a094e734e066facb2f794b300a5 |
memory/2912-526-0x0000000140000000-0x000000014013E000-memory.dmp
memory/2912-527-0x0000000140000000-0x000000014013E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6a550e45c774bdb68ec426a32ad6614f |
| SHA1 | f22486fcf3c8af56114b59fa66ea451cc71c928d |
| SHA256 | 5594c6e34d2c48b870cc25cc827d55f41dbdf36a99d90eecdfa9a61b2f3c326c |
| SHA512 | c4c72055eea0850bd8088fd8de4d28ed9a5d89ae2849a4f480d3aa4c56e63e1649b6165fe5a21e48f528d51274ce59f198dff36c6a385f0012396a0f42ed80d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | c98eb618071d6c942fdf0fbfbdbbfa25 |
| SHA1 | 4c5baeaa21334e65cee7a3a06c294a41fe4cf231 |
| SHA256 | f2402c95ac1a94bc57b94aa501d63ff05d52f154236f528719244f15019c95af |
| SHA512 | 984b06b9f6fed0877d957af4b7fcf3ec1fcebe1b5d1103d5294f8704bdc377ffa6393b5df09cf564f18d512cf418aed827a97485a947e13fa16a88d49d8986df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | b4bb17312e0b5b7fbf5c849ce6757e8b |
| SHA1 | 2953ec7f62141788656b3a0d6de5dd016845150f |
| SHA256 | a9417851ffe6f1911c773466ab93d34e8153e5b6649c6d729c3a8d386b610c2c |
| SHA512 | d52dd0c9287653527663d3ec20e6590cfb3eeac1c0a445803216fcbcb5904d55e563a8aa17c6a11809a3f52cc0835b44af0c1ba272d8529d348103de3cac1811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 0b39978f820c5e52201ed96bf0a93bfb |
| SHA1 | 96dbc0bb751e5230487e17fd7ebc07b0df361094 |
| SHA256 | 2402b04e7b77650b2bab870602fe5ea6067bf0a62bd47ed42a2bb37c25a3b303 |
| SHA512 | 7e452d994e0cbccebf01552c84c7b5fe5d34ed5f62e73e8594b1a475adbefdffebceec606597c9962be2fb2d9b9fc9ade204eccbb903fa075450b1f4efa12fde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 30b4c72a19ff340837c08fbecc0d805b |
| SHA1 | d3a63fdf5b2fd0cb3b3d13e32a36e6d4dec28b2a |
| SHA256 | 4ef1e33ca595388d02de0fd843375db706da61ad3cef82c0b2c10bb02067f3f3 |
| SHA512 | 673335127cb5b4f902609769b8d6a238f5c133baabeb1456ff16dfa286f14ea6e51ff5f4469eb55c1afd92e3df3855d92b669a6b880604b108e97b9f136da948 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 74b3aff73f5e1e65d5388b700d6204c7 |
| SHA1 | 2c85c5368680791afbf462782156e638fdabe67a |
| SHA256 | 65e2990f9fd35842f92dabb9063e3a5a7444d19bb3be64736db8ce8191831c2f |
| SHA512 | 74905d07dc719f26b1c0d11fdc52d6c145740d95295e238973d4a142c1a0a123d6fd93a254f043c46202ba879094e3a706cbb8c0a744b3ed51ef1dbc38d56f9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0
| MD5 | 6ceb73c590344b8bc4a89cbc258b6d20 |
| SHA1 | fb229c3160396e6a4ce41a17b98c4c38cd684214 |
| SHA256 | 6fe7fa31099be2d2535b549b438c48dc695a0983845ad3a6e9886055444c4eab |
| SHA512 | 31f2298291e83b00829458a3d64458c19f0accff3dd28626c717e3d00b7e35d5beed210eff918c49f4107dabb05578d4f2bc06096b1b687aabc4f8ec6da958c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3938ceff67088949_0
| MD5 | ca5802d8b2ab18867f1440abb77539e4 |
| SHA1 | cdddd24c018c2a92d2f2be84abae4baff3d86e00 |
| SHA256 | 2c1e36531061534caa5e25b843771e69978cc18e1536507214503a7aad74b128 |
| SHA512 | 3803e9a76308d3ba64d04537bd80df8fb57a12cd5697f2eceefbb372a1ebc85abb8b4f8264b9099781657ed26457de72d9a36c971745b23ac11584b91c18845f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0
| MD5 | 0cd92719220d2d9c8a2be23f0c799cee |
| SHA1 | 3544e6b9fd32c17137a6f199cedc30c900d600e9 |
| SHA256 | 1e318f928539b2c1da4a5e221c9760f49e4c430f086e0db6de96b58fa9da4db5 |
| SHA512 | 24f09376fd6bdd76bfe317915f1f2711b19ca9c5624eb679c6125292d4895b4d2f8caf59e1cc388cbeb390958e1310f5a1de976de7957abdb70a3115f62411bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0
| MD5 | d951649cfe667851664e095bf80d8b27 |
| SHA1 | db7db5e79ba97c3638c6a29147c807bdffd070e7 |
| SHA256 | 6e052406be67a64cc7c1d2c2c78a2c507cf9e84f6ce34a3c21ad750a84302989 |
| SHA512 | 763490be17af450426a1cd5e67995bd3a1e2c4aaee1d65c5daee287be305be1176996597779b2810699495ec9ddc1f9cb79c133d423151e69837af9acf3fe8ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0
| MD5 | ab63284444e0b2f84a8e745e1a10e3cd |
| SHA1 | adf18fda86b8afcae2b6630b9e178816f729afbd |
| SHA256 | a0c479aba856e2196560909a968e68e221f8cb203483d4c44d76d40f27ad3b40 |
| SHA512 | 4895609948849547b06f3b71e1c3bb02415e33922e9e9a51a2f200b5a778f311d3729ccd9da78ba050241606e828b02ebcd458f3fc59057b3cdb3b98fac5722e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fa2b2d2ec266008d_0
| MD5 | 910c0d4c95f299c1b2b61869dc930980 |
| SHA1 | 758f0288152486f91a9622e23b1b57163d77b335 |
| SHA256 | 5c4a8cae2d207b29d6094866b16db29cbc2c25434a787fcfe06bd6c875bd1a5e |
| SHA512 | 7ca242748e996cef7bcdd9ae82465c1fe8a6d520adc3b0b887dbe40a1d9e15eafd56e9f4a3c0dec4f61476e8a46c1c35e236b7340b595d8cac23a32704dcd117 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0
| MD5 | 9fe2baf553949f1e51a95bdfb64ab1b6 |
| SHA1 | 70c080a4a0b2a970e1d78b2062d48ece4e0103de |
| SHA256 | 70157a9139e8b91bfaed7c0f1232180605cb8757a72263d6bf17e031b90da550 |
| SHA512 | ff5695317b14e01839e694033014cd5ef3eea279e72b30a14c1fab05a3a6689811fbe25908764a5fa7128dea161e0354521e6a2af344d2ee71439b76da9601df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5c4430c7c3c92854425ac2e0fdadea86 |
| SHA1 | db5ab25f1ecfa981b9d2e612ef83e27273a19e7b |
| SHA256 | 061c3a3b451b5a56606e385780bf28817215a0d568eb00060f0a0bd8f2327580 |
| SHA512 | 969142fd7180c0ad12d39df4e2c5b555fdb0b41057f7d33bc2b87ca95805b5c8079c1da570219db72b609acf2d4eed785f7f50a851fd75c7be9a508e1ddd5381 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 001dc3797808f411076af979f0690f72 |
| SHA1 | a9507e3e3bb30cf635619dfb3cc0ab66660e5f5c |
| SHA256 | 32ddbc53d075993b8e485c11b1fb2e9b9a1ca9f2112774d69956a8c4e577c8c2 |
| SHA512 | ad4e4019827c8e1670c37891a155c20dfeecd8f06b7460494f78ff1222326d532a66491ee0d0101b27a5813fddfe43cfde39c0b01e3acd01ec42f3f92340d169 |
memory/1484-626-0x0000000140000000-0x000000014013E000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 0b8c363f3bf927b8159593f337abd864 |
| SHA1 | cfa20c2fad87ebdfb2b9badf7e6246e1a1bfc679 |
| SHA256 | 2876ec62df2cf8c044e42585738c3818a219542e4066398bcafab407376a29eb |
| SHA512 | efb49a27e1ae1956844ca74944e693c7489f3fbe2ef84ae3b16c414d7d37f1ecc0c63e2511ac7e02d4dbdc6cc78e27f01d1a3d19c41b11bcf40533e78a5f8db3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 67e486b2f148a3fca863728242b6273e |
| SHA1 | 452a84c183d7ea5b7c015b597e94af8eef66d44a |
| SHA256 | facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb |
| SHA512 | d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 2bb59e1de2f38815431b689166066669 |
| SHA1 | f650be8ce2afc32e8be5dc45c91e5f95df3faa86 |
| SHA256 | 910d906f9b74428b057de12d2bada3ad3f88ea46ecdc2a41169da81a71a41f4e |
| SHA512 | 1f256d700a5ea1921e5da26c59415cb635cefbfd99adadb6bb7c20e62ada09ce6279d42d6fffbe07e4a660b8187069f9848791af27963531e3ada2a25aa0f3ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 69e7f6e7355f3f5f5995e0e4eba0c08c |
| SHA1 | c1c52ee2f31f959ffb709ab955dcf2c47ba191cd |
| SHA256 | f9263cca33b058be94378ec47aab92eef0b05f1b979c3e0578dc59d2712f6b6f |
| SHA512 | 65a7d9af6e7137d10652c624b65315986e147a25a52769bf747147b45a0c3f2b44d304b2cf8d5f3e2749484176e1edfc3bc3290fc1f564d8ea3a73b82d7f4b2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 1274384b5c36e4db9721d4567f92910f |
| SHA1 | f23ad6e7fdda7400279fdee921714617e24cc054 |
| SHA256 | e8fa079c70a1cca3c78eea7a506754f56315cb597eb51ed430ecbb1f4f6aa920 |
| SHA512 | 131a435f7ccb7004e79f9585c5b9f5995bd2bfb88fbd343633e4d72de242e75fbc5ec57f51a2a655c35c9499fb6fb6f608157d2301ade61ed1f749da687af130 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 504092b351ace41b9d544539a2187aaf |
| SHA1 | 7b1761172be370839d7f857b3baa49d071bffa7a |
| SHA256 | ec74596dda7eca33470a1591b958cf52cd129bc2b5d7a49c7cd84c38b5018c90 |
| SHA512 | db1cae615b25ec513fb2fcde190eb73e8d06c90114bf74cb2f4a9ad63703a237624754ad251160a10e6cd4f798abac8c5c9d8f11795e9c6ed1c29196c4c16058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | dee46781c0389eada0ac9faa177539b6 |
| SHA1 | d7641e3d25ac7ac66c2ea72ac7df77b242c909d3 |
| SHA256 | 35f13cf2aef17a352007ab69222724397e0ec093871ff4bd162645f466425642 |
| SHA512 | 049b3d8dcfb64510745c2d5f9e8046747337b1c19d4b2714835cc200dc4ba61acaa994fec7c3cd122ba99d688be6e08f97eb642745561d75b410a5589c304d7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | 2abd079be1223e68fdd6f520afe8fab7 |
| SHA1 | 0f52ef825e632aa99b80724e2fc419fe1413ff39 |
| SHA256 | fc998bd9e644618ab3ece7ba644b58e43e6503e49b8ea2d19c6ee725c4676c75 |
| SHA512 | 41d1bcc91961d70146f3434857c2265d2c1ec8cb81d388ddd187de5096e580bda69da20cf4ed56d72aac3d4e731f177b99daeec128e0ecd68dd37beedf4b3f70 |