Analysis Overview
Threat Level: Likely malicious
The file http://waveexecutor.io was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 22:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 22:30
Reported
2024-11-09 22:32
Platform
win10v2004-20241007-en
Max time kernel
69s
Max time network
80s
Command Line
Signatures
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://waveexecutor.io
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9118846f8,0x7ff911884708,0x7ff911884718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9158306186263306615,13076839170250127173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | waveexecutor.io | udp |
| US | 172.67.167.94:80 | waveexecutor.io | tcp |
| US | 172.67.167.94:80 | waveexecutor.io | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.167.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 172.67.167.94:443 | waveexecutor.io | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | magictag.digislots.in | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 8.8.8.8:53 | i2.wp.com | udp |
| GB | 91.108.103.37:443 | magictag.digislots.in | tcp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 192.0.77.2:443 | i2.wp.com | tcp |
| US | 192.0.77.2:443 | i2.wp.com | tcp |
| US | 192.0.77.2:443 | i2.wp.com | tcp |
| US | 192.0.77.2:443 | i2.wp.com | tcp |
| US | 192.0.77.2:443 | i2.wp.com | tcp |
| GB | 79.127.237.132:443 | images.dmca.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | magic-shield.digislots.in | udp |
| GB | 185.77.97.2:443 | magic-shield.digislots.in | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.103.108.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.237.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 216.58.212.206:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 172.217.16.226:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | d9eefba2d880bb9729f2cda79836c5a9.safeframe.googlesyndication.com | udp |
| GB | 216.58.213.1:443 | d9eefba2d880bb9729f2cda79836c5a9.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.225:443 | yt3.ggpht.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 11a94ad743a33e37e245215c66199437.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.17.151.117:443 | www.mediafire.com | tcp |
| US | 104.17.151.117:443 | www.mediafire.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | 117.151.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| GB | 142.250.178.14:443 | translate.google.com | tcp |
| NL | 18.239.18.117:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.19.208.227:443 | cdn.otnolatrnup.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 172.217.169.10:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 34.211.179.126:443 | api.amplitude.com | tcp |
| GB | 142.250.178.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 66.102.1.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.170.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.187.37.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.208.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 104.21.87.79:443 | bshr.ezodn.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| IE | 52.31.95.82:443 | ad.crwdcntrl.net | tcp |
| IE | 54.170.33.189:443 | ad.crwdcntrl.net | tcp |
| NL | 18.239.18.33:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| NL | 18.239.83.98:80 | crt.rootg2.amazontrust.com | tcp |
| NL | 18.239.83.98:80 | crt.rootg2.amazontrust.com | tcp |
| NL | 18.239.83.98:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.179.211.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.95.31.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.18.239.18.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 189.33.170.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.83.239.18.in-addr.arpa | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | udp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| GB | 87.248.114.12:443 | ups.analytics.yahoo.com | tcp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 18.165.154.87:443 | cdn.prod.uidapi.com | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| DE | 79.127.216.47:443 | c3.a-mo.net | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| IE | 54.154.69.158:443 | ap.lijit.com | tcp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 18.239.50.3:443 | hb.yellowblue.io | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| FR | 163.5.194.30:443 | prebid.a-mo.net | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.131.71.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.154.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.69.154.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | f142b82d068cd743791adf0f57080a77.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| NL | 185.235.87.162:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.88:443 | gem.gbc.criteo.com | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | download2283.mediafire.com | udp |
| US | 199.91.155.24:443 | download2283.mediafire.com | tcp |
| US | 199.91.155.24:443 | download2283.mediafire.com | tcp |
| US | 8.8.8.8:53 | 162.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.87.235.185.in-addr.arpa | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | check.analytics.rlcdn.com | udp |
| NL | 13.227.219.97:443 | check.analytics.rlcdn.com | tcp |
| US | 104.18.159.164:80 | otnolatrnup.com | tcp |
| US | 104.18.159.164:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | 24.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.159.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| GB | 54.230.10.104:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 172.67.141.135:443 | www.chancial.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 35.156.1.158:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 104.123.95.139:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.123.95.139:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.123.95.139:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.123.95.139:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.123.95.139:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.123.95.139:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 216.58.201.110:443 | www.googleoptimize.com | tcp |
| GB | 104.123.95.139:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | 104.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.141.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.1.156.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.95.123.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 172.217.169.10:443 | translate-pa.googleapis.com | udp |
| DE | 35.156.1.158:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_3076_SYEIDZPDHBANCOWB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c033f731f23217ae9a0c06a421b11da |
| SHA1 | 31f93f57d32d7d94c416cf7551fb461a4605ebe1 |
| SHA256 | bef71655aedc00b07ea39f9b8cd7c33f0fd848a6b50e882dfd6bf0f8b43b49c6 |
| SHA512 | e34310e44f1b62a4c48951728f936b6d759a6c17fa3277d1cd5725dd78a4a56d1c0bb68fd00e12a5671890c6ff1fbfc8510f145986cc8ad922bb30de0d9a8c65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | b32379de795dd8509296ba4618531b9e |
| SHA1 | f88b439a31f9d6cc16ea2d81d404973318707109 |
| SHA256 | 76a15b211232edb36a9384455e44a1394dc0628f854e2f240bdab2120d982dd3 |
| SHA512 | 5c2520c12ec23ecb38637d49dac2eea40a208ce7c3c239ad899f8af3ee856f655b1fc46879ef4990f9bc6aa1ecdddd7e7fabd95f885dbf0e086c5d07f4265d39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 0fb8040d00480b9a2ba2044904c5fcc8 |
| SHA1 | 38504d896ebcc9e38e5981b1a542aec2160edfdb |
| SHA256 | 8bfbe4ac74793211f7b8b49c65fb033774beeb51950110b7e66ec0d3c9f319ae |
| SHA512 | b786482758a38710cce38f27e8616af1ae8cdacad71cd7b99e2a39c55d7cf9e014659286c66e7ebc5b2b84d83f18be36a506dee3da363a752a5ec25c03ebafa9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a760fd1a701be44b10b09d3038fa2020 |
| SHA1 | 647fdda339446eaddca5c01b2682e7b1cc53478d |
| SHA256 | 8aa04a9d60e700ce5f66239d4fcd9ec97e6a8e7b64e40d31c1c1914cd1132beb |
| SHA512 | c4e51a4e249fd84b85f15e81916ad0e655b51a708d6d539916269f567b99127fd308fcec3ef1236faecadabdf96d831790086ac65d3918ac2d321310e063d946 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9fd663359a27a6f8ab9e00df7e02a09d |
| SHA1 | 3144d747db0fe5a7b95d91de51458273165e7087 |
| SHA256 | 401bde98eda1b8154dc60ecad15fa0be4b942f5d98025edc734bc800e9184054 |
| SHA512 | 42fdd92d3288b236bf63e6987bdd8acca46f396105b40f0a7251c1cd99867abde702bc93a5f59eede8f3468878b54aea6c5bbc4400325b5326f80fa27b517a61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 6b04ab52540bdc8a646d6e42255a6c4b |
| SHA1 | 4cdfc59b5b62dafa3b20d23a165716b5218aa646 |
| SHA256 | 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d |
| SHA512 | 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | c03ff64e7985603de96e7f84ec7dd438 |
| SHA1 | dfc067c6cb07b81281561fdfe995aca09c18d0e9 |
| SHA256 | 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526 |
| SHA512 | bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 429b3ba7998e92f6751be8cb25ede098 |
| SHA1 | 8c31992d3f28264b6d18fa65acc7dd1301edabdf |
| SHA256 | de917bca796f4f60acb7611ca6ca85d151b2e6f15df0911c6203edd8eb7958fc |
| SHA512 | 7f8c41df0bde1c22b87c74ac3b35b7447c1a956a0ba3dc9e5034dcd8cb5586ce43ec4b9af0b82db63fa6f995bc0ee27c2568eb72796a83d0c98abf75aff10ccd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | ef8b09f2df1c04901dfd8f5e5f326633 |
| SHA1 | 57c877f6c01f8f41aafd8a0e4b5a7444e3890d02 |
| SHA256 | f3e517f718fdbfc155538067dd9550d19f9ca91fea4ae69330a5f2c638964bcf |
| SHA512 | c0334d4906be1620c68f9b6e74d5235d4bfec252582b6f00430ef5b8e484867848c7ccaad269d2e14adc35d603d3b6d028ddb6c2a2b98b2032c937b7d67dde6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | 49760e0b6bd7d05f4ff2327d1fe99c6c |
| SHA1 | 8a3844104afde1320696e1fd18fc497b02e4d4b6 |
| SHA256 | 5329d774686bc44bb512314254e377b584ece426e6770460825b1ce40b8480cc |
| SHA512 | 78bc8304a35e144250c23ea3695e6b95e2d71a401e346def0440877388d4dca2ece9996087a92377aaa16f65f9daf2e61e169919feb3a9ebe9ec50430b6518db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d88e1cb4863c464d55cb91261b5b1b29 |
| SHA1 | a5db796c618dd6aa74c9fd766648e34fbeb987fe |
| SHA256 | 5130424f5744aea0ec6f94bd179f9c346e5e29cc70b5e85bba34e9bedd03595c |
| SHA512 | d4f46e1b17e61544dbb0c10ea6dcde7c154707710b8d0dabcc8a4293f1ccdd3974a7b71fffebce854580d6074d762cdb27912ca4e2201d78bc18f34e63de6dd8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584c56.TMP
| MD5 | c5102684686e8561772fcfe0d8c9d60c |
| SHA1 | 93ac1d87ad7377262357bd2456e39ad52e6f7e30 |
| SHA256 | 888ac1ab9a8f6d1df5a39ecca8765b8bd376b73fc7c44d3b5f39c1558244ee91 |
| SHA512 | 19206890a063796a95fcd41b380cd42256551420d914806e200fb523eb593259fe13e315f13a9ee7e85a59b412431ef94ac9f0dd51437dabcfd698caa7414724 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9fbbda90cba3be7e840ea84125420929 |
| SHA1 | fb31ea7276f4735b8eb8bdeafab8091785a50dd1 |
| SHA256 | e621e03b279df3065622c069b05c35644f8f63c191838b025f55a519e61499ca |
| SHA512 | 639d94cee91a601ea6e64df6381fd8ba72b831cfb38468329e8b38dc01d98af4d6d586fec30e7f26441b9d68403660a8b3f4c47120b3bb7f93cecb91ba13545d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | 2abd079be1223e68fdd6f520afe8fab7 |
| SHA1 | 0f52ef825e632aa99b80724e2fc419fe1413ff39 |
| SHA256 | fc998bd9e644618ab3ece7ba644b58e43e6503e49b8ea2d19c6ee725c4676c75 |
| SHA512 | 41d1bcc91961d70146f3434857c2265d2c1ec8cb81d388ddd187de5096e580bda69da20cf4ed56d72aac3d4e731f177b99daeec128e0ecd68dd37beedf4b3f70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b
| MD5 | dee46781c0389eada0ac9faa177539b6 |
| SHA1 | d7641e3d25ac7ac66c2ea72ac7df77b242c909d3 |
| SHA256 | 35f13cf2aef17a352007ab69222724397e0ec093871ff4bd162645f466425642 |
| SHA512 | 049b3d8dcfb64510745c2d5f9e8046747337b1c19d4b2714835cc200dc4ba61acaa994fec7c3cd122ba99d688be6e08f97eb642745561d75b410a5589c304d7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | 931302af96de9740cce133eb0cc01451 |
| SHA1 | 3ab3cf928950655fd28e6932da220804752a273c |
| SHA256 | ea560920f6b2b006efbab84d042fd3c7971df0c0277bbf3251dfa267b40c24ce |
| SHA512 | fbbc7e581faabffbb3f9faac2b7037f161e026c19744ed11f30b091fd89fe18c6274f1a427ac7d94eee5c91640da7a5ab1408c374b7f342be145ab4c05462c5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 806db0e3d4a4a3a574f448be2f6cf518 |
| SHA1 | a7a5355f1942b565da0a1980449ca8d2769a51ca |
| SHA256 | c1d41ce426d6919f39025a06f257aed28ddd91435da7236cc7de3b59c385ed88 |
| SHA512 | dfe1fbc43cdd32815be2441b2f23a8cd9fe6859ae55a905de89bce2f38cfe9fe83e120e10cb70d8a3d2d90976cc51877e94defd753a05ec7d67fa41c6fcd2ade |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 180cce25e4c27bdbc4d41d4ce6b972e1 |
| SHA1 | 96d55eafdd457e9a85b350e4c7344cf1036b1bf9 |
| SHA256 | 5bdbbfedfc1598bf5e75eb5718e687cfe34d5d6da56591f9855cdf039c1ca84e |
| SHA512 | 8ca4626f4d77aa528b0c894fe7ff783a45758590c0e6122d2e89b01e1a1b29a9cf06f29814837c311ded657fe7e8d6eedbb42c0cc7f5ae13392b23ba74badd44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4bb94acb520584b9e1f4f40371c25c08 |
| SHA1 | 94f2066780a613ca7708bf57cee8996585b8f9d5 |
| SHA256 | d3b3cd39e08a75b508a85abc574ab3452301e4089ad9b718a3258d7ae7cbb9ca |
| SHA512 | 28f0fd6b7d75ddd2fbf7d7b180f57c968fb913326d4483cdc51a3980336de730ac6e84318aebfa1c7ec45e4319dc136f470e19ccd624bc3351a6a2bbb2cb0994 |