Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/folder/pdvnpt1sbe0w4/Software was found to be: Known bad.
Malicious Activity Summary
Meduza Stealer payload
Meduza family
Meduza
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Drops file in System32 directory
Suspicious use of SetThreadContext
Browser Information Discovery
System Network Configuration Discovery: Internet Connection Discovery
Event Triggered Execution: Netsh Helper DLL
Gathers network information
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Enumerates system info in registry
Modifies registry class
Uses Task Scheduler COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
outlook_win_path
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
outlook_office_path
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 11:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 11:46
Reported
2024-11-09 11:56
Platform
win10v2004-20241007-en
Max time kernel
570s
Max time network
601s
Command Line
Signatures
Meduza
Meduza Stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Meduza family
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\SRU\SRU.chk | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRU.log | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRUtmp.log | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRUDB.jfm | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\NDF\{DE394C64-86E4-4C40-949B-9793F6844AD1}-temp-11092024-1153.etl | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4050598569-1597076380-177084960-1000_UserData.bin | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRUDB.dat | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\NDF\{DE394C64-86E4-4C40-949B-9793F6844AD1}-temp-11092024-1153.etl | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99b641b1-a396-43db-878f-0a458b1fd8a7}\snapshot.etl | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99b641b1-a396-43db-878f-0a458b1fd8a7}\snapshot.etl | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\wdi\LogFiles\StartupInfo\S-1-5-21-4050598569-1597076380-177084960-1000_StartupInfo3.xml | C:\Windows\System32\svchost.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5920 set thread context of 5552 | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe |
| PID 2316 set thread context of 5760 | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe |
| PID 4864 set thread context of 1512 | N/A | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe |
| PID 3128 set thread context of 1288 | N/A | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe |
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\svchost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/folder/pdvnpt1sbe0w4/Software
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff996cd46f8,0x7ff996cd4708,0x7ff996cd4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4200 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"
C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"
C:\Windows\system32\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"
C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\ReadMe.txt
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"
C:\Windows\system32\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe
"C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"
C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe
"C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Software v1.24 loader\lib\HikariCP-java6.jar"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Software v1.24 loader\lib\HikariCP-java6.jar"
C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe
"C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"
C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe
"C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"
C:\Windows\system32\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault0e6efae6h0358h46a6h91c0h52edf79dced4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff996cd46f8,0x7ff996cd4708,0x7ff996cd4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,17618507612175817369,6885199037232831087,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,17618507612175817369,6885199037232831087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24 loader\jre\THIRDPARTYLICENSEREADME.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24 loader\jre\THIRDPARTYLICENSEREADME.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24 loader\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24 loader\jre\README.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1236 /prefetch:1
C:\Windows\system32\msdt.exe
-modal "262818" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF20C4.tmp" -ep "NetworkDiagnosticsWeb"
C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun
C:\Windows\system32\ipconfig.exe
"C:\Windows\system32\ipconfig.exe" /all
C:\Windows\system32\ROUTE.EXE
"C:\Windows\system32\ROUTE.EXE" print
C:\Windows\system32\makecab.exe
"C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24 loader\ReadMe.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.17.151.117:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.151.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 3.165.232.112:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 216.58.201.110:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.232.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 44.240.101.157:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 142.250.200.42:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.178.3:443 | www.google.co.uk | tcp |
| BE | 66.102.1.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.101.240.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.42:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| GB | 216.58.201.110:443 | translate.google.com | udp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.19.208.227:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 104.21.87.79:443 | bshr.ezodn.com | tcp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.208.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.187.37.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 3.165.232.127:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| IE | 3.162.140.85:80 | crt.rootg2.amazontrust.com | tcp |
| IE | 18.202.187.23:443 | bcp.crwdcntrl.net | tcp |
| GB | 172.217.169.78:443 | fundingchoicesmessages.google.com | tcp |
| IE | 54.170.33.189:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.232.165.3.in-addr.arpa | udp |
| GB | 172.217.169.78:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 85.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.33.170.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.187.202.18.in-addr.arpa | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | de81cb7e6ddb1b9300ac6f1cb6f7f0ae.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| GB | 216.58.213.1:443 | de81cb7e6ddb1b9300ac6f1cb6f7f0ae.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| GB | 87.248.114.11:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| GB | 216.58.204.66:443 | ep1.adtrafficquality.google | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| GB | 18.165.154.87:443 | cdn.prod.uidapi.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.220.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.154.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| DE | 3.120.207.148:443 | btlr.sharethrough.com | tcp |
| DE | 3.120.207.148:443 | btlr.sharethrough.com | tcp |
| DE | 3.120.207.148:443 | btlr.sharethrough.com | tcp |
| DE | 3.120.207.148:443 | btlr.sharethrough.com | tcp |
| DE | 3.120.207.148:443 | btlr.sharethrough.com | tcp |
| FR | 163.5.194.34:443 | prebid.a-mo.net | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| IE | 52.50.99.59:443 | ap.lijit.com | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| IE | 13.224.68.7:443 | hb.yellowblue.io | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.207.120.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.68.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.99.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| FR | 185.235.86.80:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.99:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | download2334.mediafire.com | udp |
| US | 199.91.155.75:443 | download2334.mediafire.com | tcp |
| US | 199.91.155.75:443 | download2334.mediafire.com | tcp |
| US | 8.8.8.8:53 | 80.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| US | 104.18.159.164:80 | otnolatrnup.com | tcp |
| US | 104.18.159.164:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | check.analytics.rlcdn.com | udp |
| US | 8.8.8.8:53 | 164.159.18.104.in-addr.arpa | udp |
| IE | 13.224.68.44:443 | check.analytics.rlcdn.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 54.230.10.67:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 172.67.141.135:443 | www.chancial.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 35.156.1.158:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| CH | 23.50.98.41:443 | cdn-production-opera-website.operacdn.com | tcp |
| CH | 23.50.98.41:443 | cdn-production-opera-website.operacdn.com | tcp |
| CH | 23.50.98.41:443 | cdn-production-opera-website.operacdn.com | tcp |
| CH | 23.50.98.41:443 | cdn-production-opera-website.operacdn.com | tcp |
| CH | 23.50.98.41:443 | cdn-production-opera-website.operacdn.com | tcp |
| CH | 23.50.98.41:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 216.58.201.110:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | 44.68.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.141.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.1.156.35.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 41.98.50.23.in-addr.arpa | udp |
| GB | 216.58.204.66:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| DE | 3.120.207.148:443 | btlr.sharethrough.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| DE | 18.199.220.232:443 | btlr.sharethrough.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.3:443 | www.google.co.uk | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| DE | 18.199.220.232:443 | btlr.sharethrough.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| DE | 3.72.6.211:443 | btlr.sharethrough.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.178.3:443 | www.google.co.uk | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 211.6.72.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.15.104.51.in-addr.arpa | udp |
| DE | 109.107.181.162:15666 | tcp | |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 104.26.12.205:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 162.181.107.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.12.26.104.in-addr.arpa | udp |
| DE | 109.107.181.162:15666 | tcp | |
| US | 104.26.12.205:443 | api.ipify.org | tcp |
| DE | 3.72.6.211:443 | btlr.sharethrough.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| DE | 18.192.67.89:443 | btlr.sharethrough.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 89.67.192.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| DE | 109.107.181.162:15666 | tcp | |
| US | 104.26.12.205:443 | api.ipify.org | tcp |
| DE | 18.192.67.89:443 | btlr.sharethrough.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 23.62.195.195:443 | cxcs.microsoft.net | tcp |
| US | 95.100.195.156:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 195.195.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| DE | 18.153.93.230:443 | btlr.sharethrough.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 230.93.153.18.in-addr.arpa | udp |
| DE | 18.153.93.230:443 | btlr.sharethrough.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 95.100.195.145:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | coolservlets.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 145.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | coolservlets.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 150.93.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | coolservlets.com | udp |
| US | 8.8.8.8:53 | coolservlets.com | udp |
| US | 8.8.8.8:53 | coolservlets.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | coolservlets.com | udp |
| US | 8.8.8.8:53 | coolservlets.com | udp |
| US | 8.8.8.8:53 | coolservlets.com | tcp |
| US | 8.8.8.8:53 | coolservlets.com | udp |
| US | 8.8.8.8:53 | coolservlets.com | udp |
| US | 8.8.8.8:53 | www.coolservlets.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e443ee4336fcf13c698b8ab5f3c173d0 |
| SHA1 | 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a |
| SHA256 | 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b |
| SHA512 | cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd |
\??\pipe\LOCAL\crashpad_1068_PTMTGXFZRBXIHRLQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56a4f78e21616a6e19da57228569489b |
| SHA1 | 21bfabbfc294d5f2aa1da825c5590d760483bc76 |
| SHA256 | d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb |
| SHA512 | c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 173c865cb5b95cf4e818c0a65bb425ca |
| SHA1 | 94b74687ce3cc8591b68b7fb9404c70b17849d79 |
| SHA256 | c8d21d60183984a0cb6426770cb362c147a76b60540e80d5dffca2de2b66fbf2 |
| SHA512 | 3423081d00bb9cce564a6a43dbdffdb6828b3e944654f4122a51e24e5552c55c55b8db25e6714b83ebd80ae601b5147991e6e27ef6e27b782a79b862adbb39db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f03a238e66f0c181cf2289e853b181fd |
| SHA1 | d5a94040d91c52e718272e46a3b219ad3ca40b20 |
| SHA256 | 2ac4d0ee3338f9b7430afb6daf4e4dcefaf2f57c92c03201bb3e956c21042f21 |
| SHA512 | 556c66fd652ae44a03603c108ae90e1e383febe1d6ed11f738c6f15e4a63635f198bc95744e8b428603ba877786807c5ffc85567bdb285c6b3494c0ea51cfcce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc1980035f9c50a4b9b81198066811ff |
| SHA1 | 053b6681de10bf672abe6515acb733eefca7139f |
| SHA256 | 28913217155ad5c3dca5bf206509c8979dd33947ffd73225c8930cf72aa7181b |
| SHA512 | ec8c1927be77a86b37beece682c546cc127622f6673a8c72c8807a14c3bf0e4940b2ccfba8276a671d96c7f6d12f85f7501c785ad19ddb94574ce8d766ce71ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d79d123a31a766e2805c113646990e5a |
| SHA1 | 42f1e4b75dbd2471602f49ba6917e8d707247acb |
| SHA256 | a3bfb4cd490e5858811b6cb79afae816ea8b73a4b73d5b69b77ca01cbbd41334 |
| SHA512 | 5fa9fb69ed3db9a46fd884c624431c3f602708ee3f414937b9230605d14a7cfc2fb765528c0b761dd0c4ebab908b118d021840040d434df96e589d588b57d6fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d97.TMP
| MD5 | ce75da49e523f855e1c093979375aabf |
| SHA1 | 0e64ebb6b782c418e0d9977ac4675577c38158a1 |
| SHA256 | 7e9181af02727654e6af7e64b1eb42c24e3d62f9626e4a1ad2b8dd27ad808790 |
| SHA512 | 98e8a8daf63254937d61eb6f8ec79b03aaa04c210f600af4a23453bce07162c76bd308b2b943553e8ceb24f7cf95764e86d3e9b263f1ac813208c05f910c7249 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 12ae53d237ebc4ceb10a76dc71824661 |
| SHA1 | b173a7acc35d9ca37cdee9230ccd9f6854adcc5d |
| SHA256 | fdc08795c2998412d3a282c87343ef45e5abe7d7cec458638baf1baaf9e41326 |
| SHA512 | cc1a88745ec61eda050290b2c1b614c55b8037c0c4aa80cf3fca775b8c1a7f8ea39f74d60f283961852e8c113885a0c459c188d269c03946a4a8cece8dd2fc56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7ea7a1214c987cea62ba8af32efc91da |
| SHA1 | b1dfca75507d12c9a202c08170d2e08e35c95bc9 |
| SHA256 | eb1a6bae1e368479fd983f35282f6f24cab440b8b05fdada4ce156568333869e |
| SHA512 | 994ec32a28b051c5fe966203d034e29b3172c2675849b6f24ad282249a75a7d9784735c971e6ae9b3e481f6e7a2307b98f4dc6475c576dade1a988ac90ef40fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 756f5e031460316658b2a920a27aace5 |
| SHA1 | f3f840661f03863aac8ccfb262a400e880e7da10 |
| SHA256 | fd493c3811afebe3047ae4d5f6424496bc40446a3f997eb7cef8371d38067491 |
| SHA512 | a79c20e1e949ad79da63c60bf773240b83f076a2d48954ad2834e57ced30161360e8557f7a4a4a84485338973e9d887533994a6c9b9946718e83a1d904e3d9ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | f79882e12fe87d482fe216d30ef3c93a |
| SHA1 | e3031f2d694529705d8634b397815cd907fec24d |
| SHA256 | c95d79ddd197080d143fdbaf458ce6d653621088f2d16827b3037f4417a32f61 |
| SHA512 | 075f20268aa1b46fd322da5220b1705e42076d6ee681417bc95d5e900c6ed9929eca102796757e5db387db56ed2e97937e074b5af75840e55b018623c0a845c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | c03ff64e7985603de96e7f84ec7dd438 |
| SHA1 | dfc067c6cb07b81281561fdfe995aca09c18d0e9 |
| SHA256 | 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526 |
| SHA512 | bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8f590c8227b547c6dc609b591445241a |
| SHA1 | 7cf7eb3358a0dc667a22f23025335a3354a546c5 |
| SHA256 | 2c68f5463d67cc04c0ba65d486b2f573a6d54f497f831c3925a2ce0a0db30f7e |
| SHA512 | 4298602753770f8e8c1c4f1f9197bab8800220d46ea0df4bf4ec56c739aee1a952ebe67eaa106deac0bcfe3822621e030c0f1ba849e8f379b4589636ee6090bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 923ff56fd5f2b6265f24ce83d893c831 |
| SHA1 | bb994d5b73205e4c2c75b2471c658c12c02eb3a1 |
| SHA256 | e31f216130f0d6ef92e05a37347eb82bf9c0675e9553d3a5b3a63e763c6d3843 |
| SHA512 | 9c8bb5e36d6b68eb6068a054b5b8509a2b8d5b277d619ba635415b618481e5d560187f4c5b061add16bb23472cdfc28e9c2170841dd9fba7187aeef2135620b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2ea431a4932a61bc5a66bc9bac8c9b87 |
| SHA1 | a189bfa10185d7af641bc9008e21c6bb566405df |
| SHA256 | eab822385ec5b5e8eb7e0cc594931c58273c104ea8cfe9d110b602ec2e731c21 |
| SHA512 | 484a68d5b4f93a71d1541b15f7d46f3288c897f4c67996c09712a094a9ba339e19c8bee94a8ceb629e1a081e0e667de99371e8b352770849d99c9dd2f14d67c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2a6924a2c07eddfa26a1a2875e3ac6f7 |
| SHA1 | a2bdd51690326568eca00ba15939d1a98b49068d |
| SHA256 | e1a3a342cfde551e50e37e15483bf7064472fb86f2d9f5366171c629473d79c7 |
| SHA512 | 5c56ff5ac7eafab0bd13ee62a77f1b600bffed7cdff7a296e632bdda129de56ab2ed32cc475170ca8ee8cf1e1a865738d383698a77b0d75c92d004afcfb1a439 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3739bbb057a9780bdab986b4e629a1d2 |
| SHA1 | 1ae44eafa028863a8b7c4ff6b709be0b3252e603 |
| SHA256 | 6086400ce28d58183805348539c94320ec78dda45e2d1828bf7a7f0df2a44a3a |
| SHA512 | da2ffb6b6b7b6825e7ff8a8bb88139c9c07a6c590c8d811d35675d2c57e0aa46850420d2355b47068261e4d131c30ed3a81bf35c0ea13508a231fca25d88a778 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 92dde571ae996f045caf0c18bada0a83 |
| SHA1 | 92a6582a7f058453de686b15a9912f1934288a70 |
| SHA256 | 3f2d91c1505ca6e2eef2a3d5463b64fd5bc018540edd6880a765379b53462e51 |
| SHA512 | 91179c7dda1e9097757179f7cea5b4da3cbda073bdb8d168be48e5c8bf1c1dc41124ab68b1d9583f8646aac140a2fd5bec443a2342527d1d12a1307e31b0a9e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3f4b2118ec663abc395de0cf8855d17f |
| SHA1 | ccab0fc218a34ba972befe090066eb0380e346b1 |
| SHA256 | 883ea7a9cf503ffb6dbed841368815fbaf6e12c82924cd74dbd507589d14e018 |
| SHA512 | b95fcc10e8008aab53c4a767afb1738dd06c455df3a5dc491136e67b7e01a73e33ad83f9cd87aebffca8b21b9216b08d042ba18ff07fbb50b98e692c248dec38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ea1304041d7ae3733deedd5901074457 |
| SHA1 | 0b4104e0beda78a182adc894c29c564fefcb05e9 |
| SHA256 | f4c42a4b974cb6f2881b384fc977f6f97ad6d78556270934d513da0691a8540f |
| SHA512 | 4a932c8a4a45adbbc4aa4ab87626a95a775b89dab65d910e1240330fe8faea7fbc40fcb4e9b6b0b81618e123e541a1c2bda96b23e80b35b2c972983021be3a78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7ef3b041c35c8200f9f7b4551b48caa5 |
| SHA1 | 7c9014880c6607d7fffe721b6786b6198e567043 |
| SHA256 | aaabd36c0d0704c5561ef632293a59084c2eb999018d464b300e6e13fc7a9718 |
| SHA512 | 3b5729d344e5beb73b01f5c661a312c69faedbdfdc266fc7b15d7f90357f026315d412bf8a936b2f8b64a5302bbf8c4133bd0150818358a503644238790b9534 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9d4107ff19d8700ad62f581e3e6f5220 |
| SHA1 | 131a63828259f2ec286aed3d6902337dbb5ed293 |
| SHA256 | 9ea1f05e9d6c5cea540c13dad249bf30a5ac19085cc6b458dce80e63ff836657 |
| SHA512 | d6e2b80c8f67211cdc67e710db2833752ef49d7931df15cd1f4bec597b5da59c1fd8db46113ad91350e7c494db7540fca7772395a04a01d4a54e299da00115c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d5754cb30d7cdc29d05efbfef51d9071 |
| SHA1 | d9fc281a44ec888b5823d5cf2c755d2594cb5b16 |
| SHA256 | 3e3836d4f13a91a4b530576b33bcaee1ded85dffe1d68b1e58a2d2f079e58581 |
| SHA512 | c9b3c4b99c0b63e7586442e292f7c89a5d3e4745ab100b953ca5f6e1f398bb8ec2c069c39e0a72b5d4aed4c70d2cd4dc4a1b0ce1b47965115a5abf0b48b182ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3da838ccc710d72f16abe788e4d7ade9 |
| SHA1 | a4b67206078863f7a4ac6eb7da62fa55d2ae9ecc |
| SHA256 | 0b0ebca3d00655b1c43ffc3c004b3463547801d7839e3dc57cca64622329e2a5 |
| SHA512 | 79dc74850e153e0bae5ae7c91f5814cfbe231fdfc408e82e311b11c34f9a3b22501e8912973ce1fdc95264f9d0bcc36d936dc2770f6b372969ff9dc87c62c0f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ace8891be2fb1b7_0
| MD5 | 8bf545a833a0a80b3cccfeb2d4911350 |
| SHA1 | f11cda8c22f2ee88150860286d26f1e81c688200 |
| SHA256 | c4f286f041f7188683400ff05038cae4b599d3bfedd66724c875fd6776e2f0be |
| SHA512 | 4d944af5112ea38882fc42b31c7218bf8077d5bb31b5e82dd324435d0854d1cdb88bbd1490042e494595dace09517b51de7deba2670167f2c6e8fe42d6c701e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dd7d1bd103899406_0
| MD5 | c1acf9df0c7a7a152bfaa0b0ab27f6a7 |
| SHA1 | 309cc63009934dc0eb2ac518a1d810afdbb122d2 |
| SHA256 | c43a591826f6471aefbd2dabc577ceab12146c6190baaf39e4bc76d71c5238ca |
| SHA512 | f4d2e48177ca83a7073eceb135ae27159ef93c6db1b55a944629b7281df80ef121dc300bf37141ee009994f94089fd03f654a29a947704ccc81a0e15d9807bd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a6d1963d9316db9_0
| MD5 | 9f435723e492069f5b87b763bebdc7fe |
| SHA1 | 962ff7ea99448aef36f633b5b479c0d2c1207903 |
| SHA256 | c052502f8449d6c0ef4ecb6efceae73bcc20903d7d4d9053048794dfc2f37987 |
| SHA512 | cb80d2677fea09d28c218e3024e4fbd9b2e7ea7b0dcb7d2bba4b0ebf3d4545e8505532fdf58514800fd765dd86f196079ff7a6ef49c23f041db208ca26a004fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9501205598d9a506_0
| MD5 | 15c82a210cb57ed18e90bf93822f45d8 |
| SHA1 | 8abe20b30324b5eca2ca1886a7023219f25636c7 |
| SHA256 | a04b2eb3ec561f327d905c7481d6ffb55e76a00f1f91bb141ead423f036afebd |
| SHA512 | 4c34e094a0350e23cd6cf2a7dfe524c536345e52b3efe76c2acd5c088d92b2cfdec2336c96c14088703c9349ba79bc3774dd86d1b52ca220ff7620f418ed9592 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ee1ca9dd9ff6a95e_0
| MD5 | a73807272e4abb1fc3c9a3773480723d |
| SHA1 | 5b1b8b45a0acc974de27f88d356554cbcdba4181 |
| SHA256 | 2b27699fd9281bd71bd5ea9b1d8bd7312842604b20525e00304c5e6eedab0f76 |
| SHA512 | 0573d01c8b5986685da27aabc61d803a516a0dd3c895767e85dfd2bb6c88b4193af7b2d9da0b31dd7c573878506ccba8fabb4a3b02a0ecacaf2711d29bbfe572 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a77328c44022353_0
| MD5 | b726749a23ca330d867a29498d15dc23 |
| SHA1 | 47071cd6f58696c402b2ee2409b1ef7fddd48608 |
| SHA256 | e172043a9293965a70d456b442c331c70f1c6263b9d3244477c77887ce08af13 |
| SHA512 | ab483467edbf62ef749d869c54335357c0dbdc140e245bdd1f03b36282332d0f16e1f9a82c2d621ceea97e25d83bbcf99fdec7a53cf1776328341ed3db135f8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac29195a901ecf92_0
| MD5 | caf21b302722d08ccce647d14b528993 |
| SHA1 | 724563af5f55f71c3d4bbc993f8734d2d27c954b |
| SHA256 | 1658b47a8e9099cc9b9c70593a171bd866dbedf1d80894b2ddaac364fd471bbf |
| SHA512 | 2914a2143dba3e70d13f79e889ecbe0de2cc42594efccc6fd85abe13f360c863795553205843a1e7d95692e01173ea496b804813acf42dcb3915a11df9d81d23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 22a821e3cfc56b676fc5b557b483bd7d |
| SHA1 | a789658637ef4f96ee3e9078b13db8959f03b128 |
| SHA256 | 5d33cb1d972d36341d2ab371b59d9f67a733ef8b6e374d38c621e463c7e8dcf4 |
| SHA512 | 51584226c3d01522465ee468c18e54693c6bbef41b8ec993d1123cc5d72d561ceaf5f3180c2fd365118f2773ac856874ff5367bbec2d8c9995536be4ba9c6b1b |
memory/5552-664-0x0000000140000000-0x000000014013E000-memory.dmp
memory/5552-665-0x0000000140000000-0x000000014013E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2eb96dd0eb3e86d926753442c2d09303 |
| SHA1 | b1af60915c28632ffd9cda5995a5c5448e84c399 |
| SHA256 | d83d828f26cba3679013d7dc3422d4ab12ec768db02ae7889a73f5d6e6cdfadd |
| SHA512 | 60ec55cb123e19f3ec46f68091927b0ffecc43345ff16a8e15cc019449fe1efd8f6eadea6a157d753d322c0a4cfcc325f90aeea298bc94ee42919b26d644ba2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 9216fccbeae96addd7b1b8c15af46d96 |
| SHA1 | 24cb627e2662e7212b64d0daa11f462632464b31 |
| SHA256 | cf279e33640e6a19a880cd1652275e012f5aa63ecdadedecbc8fdcb2f36b71f0 |
| SHA512 | 9d44c3b0d243b6044069fddb288c0223d695b07a2cce7550ebdb2ddaae136a3097fd426b9fb1d1cd75e867b4a2981585d7c07d9ab86d464067889cde1d05894b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 24f384ee01c00f87fa2a42288df4a7c6 |
| SHA1 | 74e7af9ae7d37b02584edb679ed673bb1086f132 |
| SHA256 | 76373e0b8e1079e0b8f8237037da6fa9a67a341c76ff86817f5597568c07e32c |
| SHA512 | 99a13a7a57991565f0b8e8fade07d042dbededbbc24c0e229404870f66bf0a5d9c93d278eb41280af16563f43a0793779f9895a4d6bd5ec8b5c78d1629447b0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 1cb107e3e2a02978932507dcebb303ab |
| SHA1 | d229575b8bfc959c0ca4d4700f247b9ac4fad63f |
| SHA256 | eb1e885e77f4abb68f638f78e68bf2c15af1d8bf91a6de9414b147f9118cdc2c |
| SHA512 | ef65e4538e0149cdff7496b41e660a1c2843d0d575fcda0d8194924e57a8570b71acf6840a67119b2d5af6f74b8660b5b638d336ae3ddcfb978d211674206e23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 43dcbc5ce0b072ad0a09803591a02f94 |
| SHA1 | eb4d75ffa1dbe57c7e14b7e173e991c84fe4696e |
| SHA256 | eb474b31e0cf2fbff5d59e56dabfa20166b5d0bb603c26f7623f1f0ef1147e79 |
| SHA512 | a16e99403fc3d128e9eda63d14c2358f8a79ddf97bea27ac02b6335d1db642e6917a5f9aa9e811843cb2e1f447ee4a71f3773b1ede90f0f822b78af81be4c39d |
memory/5760-678-0x0000000140000000-0x000000014013E000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | fc18148e7552473bcf27ffddf6224eff |
| SHA1 | b00fde63f752fba6609fa8062a4ee9954b35f81f |
| SHA256 | e2052fb9795f491f1c0db173fb7deb7a0e857478ce34f541ee5b8dd06fa86d90 |
| SHA512 | eea7fb613676fc8444324b5c6f045f1940bac50bcb761f7c6a9afd59347a9ecf0bf039b5816bfc5c51fb2acb37b39efe5e9e5dcfb6a20b017853727a9b83b02f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | f810cbd7a6a3bd76505189595423c5ac |
| SHA1 | a2dddee28fb6b499a5bdc5e31bd66fd81cd602fd |
| SHA256 | bd9f3e083100cff76872aabc5a3852332170c37e96923881cc246e0d0e4a3416 |
| SHA512 | 92d0386b06c71d25c285c647039ecb5bf0507786bfa6e561f8698ce2f962817663c405915eda311827972ca41b6a7ae705aaeda6de1ce06ca888d23fc2d95793 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 67e486b2f148a3fca863728242b6273e |
| SHA1 | 452a84c183d7ea5b7c015b597e94af8eef66d44a |
| SHA256 | facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb |
| SHA512 | d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 4782f6d9df9713f317f184eac0ddc907 |
| SHA1 | 0938fcfe87eead9ac17868872636af66c30228d3 |
| SHA256 | 8f2518173641c2515d1098fd4b7fa6f59bfcdd6193fc20e12bf931a33d06bb45 |
| SHA512 | 359a376cee044e49f0d44d342d5bd1d39f20adefd6f72b6dd66995e8657964b10d6404fe5395996ef6a41a5ec55474301cba830d42d4448ffdb6e785947cfbfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 138e79ded4c7d0cf47f6284d71a8cc20 |
| SHA1 | dc7ff67a99d7a71f7e6f15799967aac60e70be0e |
| SHA256 | f7a7c3a7a95fcff6c43b1d5c845cde2b6a116ea4b9a018d06bbd498ada8e3c7a |
| SHA512 | 8370ce5acf5494c21516f97ab49ff82bd7252c8a93f4ce684e732eb4c85c0fc4a3b417542c9f2f1fd24e420ea419b59d3b2bfe87bca2ef64a4d0f29898fcd4a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d47e661791b1d5624b68d6de765e3200 |
| SHA1 | db25243f419296821ce0f593a913d04b44ca6332 |
| SHA256 | 0d84165c6528622a3f9307e0187b6f35f41a2462d4958347d1f178b9c3595190 |
| SHA512 | 7cd992978c38b53fbf49789b33c26e5ab58bf0c8d12f5c9981a4bcef8a032d53e2d7b5267109cad79d23563524844631dad2ae886ae3f3dcfc65d06b5a989bfe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ce9d8c57d631a0d661b3761faea32b79 |
| SHA1 | daceb8c35bfbf5cb36b08b148064c360adf3026e |
| SHA256 | 83e5a05a19d72d2b7c07b164d9cb72bc2ceebf36b80fe1940ac649ef6e5ca4e0 |
| SHA512 | 70616f6549d3f5443485d977836c561cd2dba110f99f11ce7bde96bb5fd5e52a22ec94b238f9ab0d51a1953cd7d90dcda6d15b070465975bd38430f6574b6faa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c309031a56ecca66eb7b99d3b909c4e5 |
| SHA1 | 93ad75552a914f7e9931155bbc02d27ff57d5c3a |
| SHA256 | d9f4d1efeb8ad80cca7a15c6bcb614710301e66531644303370cec5e88928263 |
| SHA512 | 45a11f2319f49b4fbc9abd3c45ead7e8d8876f54bff35925ac28532f043e63d7da15846c5eb9dc2bfe46436a738934b486a685e28887030a764a4aa078d490b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dab61c2630467edbb7e4239017e241a3 |
| SHA1 | 0342abd94145a8b32e567d9546a1e8f09d1ef972 |
| SHA256 | 38b66f7ce3b4608898d600b6367f911a4b9c6bdb02b4997cbf4088a939dc4710 |
| SHA512 | c2338c9ca6f6913d461948ad367ca1a3cbd18ea670a34b27b4fc3f95a8d0b36ebfeb15c478adce2aba43149205f6adbd06faea4696f36ac3271f2c526bae19b2 |
memory/1512-778-0x0000000140000000-0x000000014013E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 52fccf8f07c5031b53b8a2f0a1351ba5 |
| SHA1 | d794cdac43df0ff0eb54e70f561ec2b46f6a5310 |
| SHA256 | 9d6ab386da7c77a3decf275dffcba71df2b9f9b1798d92f50c6bcdbfa1de621d |
| SHA512 | a0bd565cdb558becec8aea9b8e901ddf2b050936df978f6b25398d08cf6fa269852a6d7a972bf1a6c8e2d597b55eea731eae98a142be4f2c12e6d7ad28915ede |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 78cc65632e74f69968f26bbcf60f56ea |
| SHA1 | 952258f43a1c0dacdb1e2704f0bda04b283a46e1 |
| SHA256 | b088ac9ed758ea9fc81f3dbcaa5a103acf0f52839b72782bb8f5f265bcc7aa08 |
| SHA512 | 2e2bfd85a4d2fe93b1545124312c7c0242c1aefa7359f22ab967495dd7353968f5b31d977308715e713db7c97eed895f7103d4309a3cc3868aff6c5770f87211 |
memory/524-791-0x0000016B1DB30000-0x0000016B1DB31000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bc74ce056acc7db7133ee57e8b5f7b43 |
| SHA1 | e2f174981bdfde7420df08362dee1a863b7a1431 |
| SHA256 | 9950083cb81adfe67ef394da0d15a2cdbe1b34ac1dff5ad013db0c2e1449a774 |
| SHA512 | ca02d1d9d0d9c16d502ba427ed5d6139e608f0635baecfd64dc838956b8e5acc176b07b895d7da9c883dc89549745d18ca32ea034cb48dd1d3359c3af2e2263a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3a4ccc08151cffb06ca2919b7450b427 |
| SHA1 | d9c647f61e03cf201fb9bca2d8e7ef24f0593259 |
| SHA256 | 0187fbf12d2dc3685cc0d42a829e64e43610a44649c7d1b2cfbb806a952319f5 |
| SHA512 | d4d7621781a4749a84dd63a30e5e8ea444b8c7143e3e30e8f5e3b70bf2dae3b89a134f927192b4675c09a27c45c554e2fc349da878418b481938d39ad34a3228 |
memory/1276-821-0x0000024BE4260000-0x0000024BE4261000-memory.dmp
memory/1288-823-0x0000000140000000-0x000000014013E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6bb55b28ca38035fc3a3d1190ec08a72 |
| SHA1 | e8705958f6c3b8a01a21cdcfdab4d552f0355756 |
| SHA256 | dff04a9630fd310ee9d66b4671b1b83c6cb40bdbc154760ebecb3d89fdeadae7 |
| SHA512 | 73e0d4b90c3a800147088604248c715d3cb7bf7f27add1cbab7a8c8559a5e12d2fe631d414d8f19948ec3a67d8c66279389829f3dd516b86d351d7f300b65c1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a4d63cb336632c0a3997a59af7226af6 |
| SHA1 | ca01c78b9c6cd5154b29beecc2ca271f139695ca |
| SHA256 | 62bb627493bdfd499a1b60c1c76fd9e90f26039956a36b8dab26d4747a70cb7e |
| SHA512 | 7167fcbbcd0b59021868b382ea653f001e250eba3fbdbcd8e01363579b835954ccb7cb866ef96894a0d238c68b0f717da9dcb51123c20e9fc14b6c91b31c08fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c6974bcf6eda558ed06e7b37af41f6e5 |
| SHA1 | 37ea8e0dcca3bc15a0205a82ae6538270ca9bb43 |
| SHA256 | a30728377962e289338b7d5cbaf68c6f0c18f4209a331b752de1cdaa15154900 |
| SHA512 | ab58a40e6e46169fb3e1b88522eb1be84d9ead9c5de188df20f8e1b140ea0ac2be568a30c76ada48ba13971d4e1b2e860a6b7c92e7e6eb40606f8659cde7da88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6615a71dbb62391b9bb22901f17e2138 |
| SHA1 | 719455ef7777df2a69921773487aeea98fd8d722 |
| SHA256 | bd2554b4028abd2bcc95c26da8c82442a96e55eed0559385d686c8bbafc143c8 |
| SHA512 | 6e172f9742fdafda567440ca574aa0e2d85d2ffa2a6652c36d9b220b40fb5039e3ee4308075a7a0ef73357d7ea63cd27f9726fc43277f6a8b453aeade4916408 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fb4df48d4c6f902a48234263720e948c |
| SHA1 | 5cd5bb085e2261db28e6586527f0320251e76627 |
| SHA256 | 0fddfd25168e54c85db05d5e77d3a457e3d25c86e14b1e53483bd9388c6314ab |
| SHA512 | 473be6d9964dc3f5c26cd63475c0ec52164f3788bc33b946fb2ffa46ea45dfc8956db4de1097d4c48d119faa89623085a73065bda72b683dc3fe04eab5afe235 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 637495d5a662f5c9a0bad222186c9ce2 |
| SHA1 | 05e627ee5657cee8f0d3f7cbcc1da2c37ff3e685 |
| SHA256 | 7ffe24788f3dbefec1447df58e49e171283a1c85aa87c37d4df06eff0d0ec71c |
| SHA512 | 54d9094a8c7e89483a744bc71ee7d5d9538478ff8e6f9c8f2c09106d35c0897bb89a765aafed3e032ea4cf6eaa654b3f0df5fb87fcf485168267d5b66e35f069 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7f09768a27ff18bd909a974400ac145a |
| SHA1 | cc5fe6e22ae6195ed8616c9b8b80c3700a99c286 |
| SHA256 | 413f74b02952a76f015beaff2776221a31ea03d34e73eb393f5109310d052dba |
| SHA512 | e8c0e2ded39e15f9c6f624b7fcd57ac0245cde5894765ac434d8279f923cece23357b197aed8dd3a2d9f4c6b437b374a8dd39494f001535818cd8a2ff5284be1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c5e5f75f77cf932f48bd6e253cdf3075 |
| SHA1 | ccdcb688389ee621527f53c767acd37f4c2008d0 |
| SHA256 | 1bfe6ceb13703cb7b5e07871cd0e52ccb9e14b2e4ce00fc63f24ff2601698dec |
| SHA512 | 506ec380ad060aa83aa36d18b33c2ab4fcf1a636cd94bd7ce1eec7ea4f7b1f0e3c5e39cb1bc126275d928205c1ef426ae82c77d67aebeeee24bac4eace206c81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 02ef47d67c198b8f6565c10d51954fe9 |
| SHA1 | 18b0cff4431b060dd419565378b41a1cdb08bfbb |
| SHA256 | 4ef097df39a49163f7d6d9cd7ee8f406d88bc8ed12d69979cb1ede02e7a36eac |
| SHA512 | 2387181d34c791897cb72a6fee5b1dfc5f1ac8f6fb572f4eee33b062df6ad5f92fe5a722e1b0fbed541c7f5032aeb1406f963c5ef9e75d00f24175c25d090a70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | da7590a6f8336d91e5c5587dfcad8079 |
| SHA1 | 14357808b18a1c7a0de58771e84549f343e49701 |
| SHA256 | 7598f6e12239ce26d67a7a62fa990dbcb0295d5d869b296e659206df9cde3067 |
| SHA512 | fa3267cc450193dded11524a81ddc792db7514f48b39b8667f731af873f4a3aa9723d731abce8ea48c5ff1c10562fc11cdb2df9022fd6bba14c5e1e0aa8c0f2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c93b2b16c0e20bbe400b884c90cbd891 |
| SHA1 | 33693650a7afe61761c3930ee29ed421113de5bc |
| SHA256 | 5b10eabaaba6636b79ec0bf5d5819d1fea4f4a662215901ca121f486e45a493e |
| SHA512 | 1dcd7b604bd77e353821ef99e014920bb4f94052aece47c412511ebd2841dac5ee78605bc78898973aa6850480d61460d449e237b8f6bde9be6fa56b3e13f1bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c6a8d97d6f62dad1adea1f18407c824 |
| SHA1 | 45d65f80597c44da851e6d1a782ec58229086fc3 |
| SHA256 | 66c8f9401aca6d74388534a00799bcbd3840fe8ecf008922b620a0c2a7a57dcd |
| SHA512 | 20b9a2a5e7788feabe6bd0f9e68604850e728cbb5647884cf108435fef922e0071db127bb97cba22497fdbd9a7f2ed8968f627d5a8367c8c20ab8b7ae2dee20f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 45115ee41e8a3a6d814f5586b929cc28 |
| SHA1 | 81ede6b8717b42acc44283c9c2fdf82d0a54cad0 |
| SHA256 | 709b55ea954d36850838f63af51619895a70d8c83e21e3cd6bc0e8afda39d9d5 |
| SHA512 | 351f350df552aba8d59b7ec0da909508dd5b23e81c3fd7ffe98b731469278a75bc8f68300938767be3eea5c48de59f2252853f7606291915e6612eeaa9e00512 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ffd8340510f83ba36c307fab9cb78fa5 |
| SHA1 | c278d458c67c512f865d480d96396b0b1974e4fc |
| SHA256 | cb8478e681c6749b56ce947428148d333a9d7b196cc62bf393585de486865f52 |
| SHA512 | 2efec0d6ef845ede757e042e8d53dc3ed874b25c929c064404e4634fab02c0459a918fa9b080d63d625928eee10daf00b7db1f180602dfc0f072a03952fe37ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c9e5a40666f02da127173fe7f793802c |
| SHA1 | f473459e09216bbdc4840346d544ba9b40e4be95 |
| SHA256 | 717a660475a36199f717dcc1cb6cdc69e3e9a52d867aa1c8b33752340e07615f |
| SHA512 | 2d7a6321de4fbc84761f52321d91adfad8c854458ca1c781d2513e86abda889513295c18d66f21ddd390c2eb0967a9ddf7b9348665c1b033eb2f2385c1c45f96 |
C:\Users\Admin\AppData\Local\Temp\NDF20C4.tmp
| MD5 | 33a8ab12d71313916bc59d0ad3f64301 |
| SHA1 | be919937916f703c67818369be560bdb0b33f886 |
| SHA256 | 9616b50d73d21ee9f4121de04bf379810d5533a0fcf98e8c8192cf0002558524 |
| SHA512 | 7acb3549e6fbf8a3f7b2402c2dbe788bbe856cf812411200de9113254a06b7c85e81c7e11c561cb186d83dd8f98b792b29bb29846eab85a8723dbb0383d172ea |
C:\Windows\Temp\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\en-US\DiagPackage.dll.mui
| MD5 | 44c4385447d4fa46b407fc47c8a467d0 |
| SHA1 | 41e4e0e83b74943f5c41648f263b832419c05256 |
| SHA256 | 8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4 |
| SHA512 | 191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005 |
C:\Windows\Temp\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\DiagPackage.dll
| MD5 | 580dc3658fa3fe42c41c99c52a9ce6b0 |
| SHA1 | 3c4be12c6e3679a6c2267f88363bbd0e6e00cac5 |
| SHA256 | 5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2 |
| SHA512 | 68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gxxlromp.x4q.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1020-1451-0x000002C0BD250000-0x000002C0BD272000-memory.dmp
C:\Windows\TEMP\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\NetworkDiagnosticsTroubleshoot.ps1
| MD5 | d0cfc204ca3968b891f7ce0dccfb2eda |
| SHA1 | 56dad1716554d8dc573d0ea391f808e7857b2206 |
| SHA256 | e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a |
| SHA512 | 4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c |
C:\Windows\TEMP\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\UtilityFunctions.ps1
| MD5 | c912faa190464ce7dec867464c35a8dc |
| SHA1 | d1c6482dad37720db6bdc594c4757914d1b1dd70 |
| SHA256 | 3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201 |
| SHA512 | 5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a |
C:\Windows\TEMP\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\UtilitySetConstants.ps1
| MD5 | 0c75ae5e75c3e181d13768909c8240ba |
| SHA1 | 288403fc4bedaacebccf4f74d3073f082ef70eb9 |
| SHA256 | de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f |
| SHA512 | 8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b |
C:\Windows\TEMP\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\en-US\LocalizationData.psd1
| MD5 | 380768979618b7097b0476179ec494ed |
| SHA1 | af2a03a17c546e4eeb896b230e4f2a52720545ab |
| SHA256 | 0637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2 |
| SHA512 | b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a46a27ef8735e309889338c120cb1613 |
| SHA1 | bb2ecd16deac028b65c55e8c36c87e5828e2f76d |
| SHA256 | ff26157f2ae1dc5fdca08acff0c55ed78a4b2ffdc980146699bb0a2bfb42e88e |
| SHA512 | 4d531a836270ba83863d95dbe48fc32e212a2ac6316e79b1dee1605c2497370578caa3227b5935cfa7c72fbc6b269b77a2672956969e6a8d42a2a9d719f30e1f |
C:\Windows\TEMP\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\StartDPSService.ps1
| MD5 | a660422059d953c6d681b53a6977100e |
| SHA1 | 0c95dd05514d062354c0eecc9ae8d437123305bb |
| SHA256 | d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813 |
| SHA512 | 26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523 |
memory/2316-1479-0x0000028778960000-0x0000028778970000-memory.dmp
memory/2316-1475-0x0000028778920000-0x0000028778930000-memory.dmp
memory/2316-1484-0x000002877E220000-0x000002877E221000-memory.dmp
C:\Windows\Temp\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\result\DE394C64-86E4-4C40-949B-9793F6844AD1.Diagnose.Admin.0.etl
| MD5 | 35ff8ed6ffd9574b9ac7eef816faf2e0 |
| SHA1 | 5a0566f6cc7bae58cdcea020814e1e5ed775fd22 |
| SHA256 | 60b1d07c2f81d67ec65d92351fae2d92abd7f2546ea064884f31c4684f797403 |
| SHA512 | a1bbd6e91b1d56802ce8c7c4330c27a2776c934a7ee2dbc8236df9f61a22d8a183e680c41cc7430ed4ffc89c1d63074b1ff11eed1867d35361a8ad7a8fa9c5c9 |
C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\NetworkConfiguration.ddf
| MD5 | 00848049d4218c485d9e9d7a54aa3b5f |
| SHA1 | d1d5f388221417985c365e8acaec127b971c40d0 |
| SHA256 | ffeafbb8e7163fd7ec9abc029076796c73cd7b4eddaeeda9ba394c547419769e |
| SHA512 | 3a4874a5289682e2b32108740feea586cb9ccdad9ca08bf30f67c9742370c081ad943ea714f08dbf722f9f98f3b0bb307619a8ba47f96b24301c68b0fd1086d9 |
C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\route.print.txt
| MD5 | daa4cdb2b111bf64f897c5d983e2ac05 |
| SHA1 | 14d4191523f2975efa56dfc271c92d4378239891 |
| SHA256 | 9e3e1150b275f118727ca2897d2a0f1934b4e786066b4e538f9abe9159792962 |
| SHA512 | 84b2ab9029ce0f0a36167f58eca33e260b3e25e8d0b19ca639bf9ed50949770337f283813782ca259768069abf3e29f438b7f99fca8650354d2f0d5685eb652b |
C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\ipconfig.all.txt
| MD5 | a6681610c87d6541f534d47cdb9b6edd |
| SHA1 | 8074179fb0242ed745910216b35e831740daaa3d |
| SHA256 | 50df0e3e08fb3a7da02f3b065c6e04522ef325ac7804b41db3350c0e19a9c5c1 |
| SHA512 | a93bfe335a7f59652586d7ed3bc8977cedd0ba9a082ba578772589eb214ecc4e95ae29a723fef03a5b0a5a13245d7df6509aaca66598a94f15c44bd31ba3b168 |
C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\NetworkConfiguration.cab
| MD5 | c05ff7565bcbb2baaa2b279d7bdd4b02 |
| SHA1 | 923d2630a48a63cb7b1d1b797c77734510683a1b |
| SHA256 | 861e4e47a9a4b36a72f04b3ec68d5aaf2b0ced0433ddac68a77b24916f16834e |
| SHA512 | 24daa9a525a5bc8a6b1d5b256e3b25026a1692e6b135ce01552f81c98cf8916929d5f21a3ad969686b736694a2cd71639db9c4ad9dcaefcd9548d2a8341154bd |
C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\setup.rpt
| MD5 | 2339a5277880f07857bee166fc7eac82 |
| SHA1 | db99549b8469c20a3f356de9856a078e6733d9ac |
| SHA256 | 7813cc2b7b37819e7ef3a8843efb46bec01971421cb8116bce3b6a880609b621 |
| SHA512 | 26a00714eab412b6ab651a9cbdff71697c604baef9f48d071fbe1b914ef9ab98f6b58621bedf1b52fcd02bdd1c1cef19efbc21bcecc88f46381370bf0b0f6986 |
C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\setup.inf
| MD5 | 9b3b0b30e967521d6aa2166c8970088b |
| SHA1 | 6f638d39fe3bc0582671d32ae1d5b6d916db3187 |
| SHA256 | 96b7e19795ae2a4f6a5c2a7b01b78eed31bb320dd611814ea01443b53f55eaf4 |
| SHA512 | 6a85dca5581601667888fa03d4395c867036f169aa3b19b675c662fd4fc8462c062f527201aa02e0401ad2ed1525be44a203ee8377f2f88de0fd8ec72906ee51 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024110911.000\ResultReport.xml
| MD5 | 67701bd58a35dc45cd5e2eb2addd6ceb |
| SHA1 | def42419a2cd0d658fe9317c6744080e51b52f68 |
| SHA256 | 23466a356a4b1fbf28779bd5e5117ebf4d1c63d23b344e37dda826d4821622bc |
| SHA512 | b86d104561fc8c61ceac1d79fdcc3284c72f0f443b878684e21e01fa859f90596040013155e7e6f3166fb63d0429a52de27343d9b00b10abddca825f1d8c2c5d |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024110911.000\NetworkDiagnostics.debugreport.xml
| MD5 | b67dac332ed34a0f896b50dcb1f4f3b3 |
| SHA1 | bb760ddd31372e24fffd7f3e1db14d3d948f7db1 |
| SHA256 | 3ca40f012eab5ee22845f1a47075ba4fc757fea3ef2af33dd74858a8284e3bdb |
| SHA512 | 01ba495277269daa7a655afca62bf18cd59d338ff87619fd9bfa126d5556f33e8cbc2796ec73bc234c7033f882bb59f801fb4edcd37d48dbaebc6157f9afeca7 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024110911.000\results.xsl
| MD5 | 310e1da2344ba6ca96666fb639840ea9 |
| SHA1 | e8694edf9ee68782aa1de05470b884cc1a0e1ded |
| SHA256 | 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c |
| SHA512 | 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b34fe0d36f6a7aa549547fb6a6168ffa |
| SHA1 | 39260253b7c4463a13ed68f36a627be1de97110e |
| SHA256 | 3891ba111ce05d9308be9aed4f7e77634ffbb546b49ad66e9ca8691eee8b440a |
| SHA512 | 45bf5867aec8f8a2ff7a6b92faf1a6682afa12eb68db11859ae31df15826552ac17cf85c51ca571b4927fb82488f603b86347561d9f52d18d511894cf6758eca |
memory/2316-1609-0x000002877E340000-0x000002877E341000-memory.dmp
memory/2316-1610-0x000002877E330000-0x000002877E331000-memory.dmp
memory/2316-1612-0x000002877E230000-0x000002877E231000-memory.dmp
memory/2316-1613-0x000002877E220000-0x000002877E221000-memory.dmp
memory/2316-1615-0x000002877E220000-0x000002877E221000-memory.dmp
memory/2316-1618-0x0000028778D70000-0x0000028778D71000-memory.dmp