Malware Analysis Report

2024-11-30 05:07

Sample ID 240228-1jnr5sef44
Target file
SHA256 0b4181bf7240b6e37d69122d546c0942a8c28c8019faee75ecbd1bab76942033
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0b4181bf7240b6e37d69122d546c0942a8c28c8019faee75ecbd1bab76942033

Threat Level: Known bad

The file file was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Loads dropped DLL

Executes dropped EXE

Suspicious use of SetThreadContext

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-28 21:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-28 21:40

Reported

2024-02-28 21:50

Platform

win10v2004-20240226-en

Max time kernel

537s

Max time network

510s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\file.html

Signatures

Lumma Stealer

stealer lumma

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{4A294679-FF3D-49CF-B8C2-025AA074730B} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Users\Admin\Desktop\Setup_files\Set-up.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4100 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\file.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4972 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5740 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4496 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3960 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5424 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=3880 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6180 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6372 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6484 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=4884 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5844 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5500 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6228 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=6592 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=6668 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=6644 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=7076 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=7928 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=7724 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=7228 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=7420 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=7404 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=7272 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=8196 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=8488 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=8436 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --mojo-platform-channel-handle=8752 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=9104 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=9120 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --mojo-platform-channel-handle=9304 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --mojo-platform-channel-handle=6816 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --mojo-platform-channel-handle=9648 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --mojo-platform-channel-handle=9856 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --mojo-platform-channel-handle=9960 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --mojo-platform-channel-handle=4940 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=8340 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=9860 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --mojo-platform-channel-handle=9764 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Install_x64x86+manual.v3.zip\Setup_filess.rar"

C:\Users\Admin\AppData\Local\Temp\7zO46FDE899\Set-up.exe

"C:\Users\Admin\AppData\Local\Temp\7zO46FDE899\Set-up.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ffc9b282e98,0x7ffc9b282ea4,0x7ffc9b282eb0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2300 --field-trial-handle=2248,i,15888825595805581231,2352798064389485993,262144 --variations-seed-version /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3076 --field-trial-handle=2248,i,15888825595805581231,2352798064389485993,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2196 --field-trial-handle=2248,i,15888825595805581231,2352798064389485993,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4360 --field-trial-handle=2248,i,15888825595805581231,2352798064389485993,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4360 --field-trial-handle=2248,i,15888825595805581231,2352798064389485993,262144 --variations-seed-version /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Install_x64x86+manual.v3.zip\Setup_filess.rar"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4164 --field-trial-handle=2248,i,15888825595805581231,2352798064389485993,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4848 --field-trial-handle=2248,i,15888825595805581231,2352798064389485993,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4824 --field-trial-handle=2248,i,15888825595805581231,2352798064389485993,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5384 --field-trial-handle=2248,i,15888825595805581231,2352798064389485993,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5152 --field-trial-handle=2248,i,15888825595805581231,2352798064389485993,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5228 --field-trial-handle=2248,i,15888825595805581231,2352798064389485993,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4576 --field-trial-handle=2248,i,15888825595805581231,2352798064389485993,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5292 --field-trial-handle=2248,i,15888825595805581231,2352798064389485993,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4636 --field-trial-handle=2248,i,15888825595805581231,2352798064389485993,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\Desktop\Setup_files\Set-up.exe

"C:\Users\Admin\Desktop\Setup_files\Set-up.exe"

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Users\Admin\Desktop\Setup_files\Set-up.exe

"C:\Users\Admin\Desktop\Setup_files\Set-up.exe"

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Users\Admin\Desktop\Setup_files\Set-up.exe

"C:\Users\Admin\Desktop\Setup_files\Set-up.exe"

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4588 --field-trial-handle=2248,i,15888825595805581231,2352798064389485993,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Users\Admin\Desktop\Setup_files\Set-up.exe

"C:\Users\Admin\Desktop\Setup_files\Set-up.exe"

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Desktop\UnprotectSuspend.pptx" /ou ""

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1436 --field-trial-handle=2248,i,15888825595805581231,2352798064389485993,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\Desktop\Setup_files\Set-up.exe

"C:\Users\Admin\Desktop\Setup_files\Set-up.exe"

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Users\Admin\Desktop\Setup_files\Set-up.exe

"C:\Users\Admin\Desktop\Setup_files\Set-up.exe"

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Users\Admin\Desktop\Setup_files\Set-up.exe

"C:\Users\Admin\Desktop\Setup_files\Set-up.exe"

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Users\Admin\Desktop\Setup_files\Set-up.exe

"C:\Users\Admin\Desktop\Setup_files\Set-up.exe"

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Users\Admin\Desktop\Setup_files\Set-up.exe

"C:\Users\Admin\Desktop\Setup_files\Set-up.exe"

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\Desktop\Setup_files\Set-up.exe

"C:\Users\Admin\Desktop\Setup_files\Set-up.exe"

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Users\Admin\Desktop\Setup_files\Set-up.exe

"C:\Users\Admin\Desktop\Setup_files\Set-up.exe"

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

Network

Country Destination Domain Proto
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.ezojs.com udp
US 172.64.134.21:443 the.gatekeeperconsent.com udp
US 172.64.134.21:443 the.gatekeeperconsent.com tcp
US 172.64.96.6:445 www.ezojs.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 92.123.241.137:443 www.microsoft.com tcp
GB 104.77.160.9:443 bzib.nelreports.net tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 172.64.135.21:443 privacy.gatekeeperconsent.com udp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
DE 52.222.190.45:443 cdn.amplitude.com tcp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 21.134.64.172.in-addr.arpa udp
US 8.8.8.8:53 97.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 9.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 21.135.64.172.in-addr.arpa udp
US 8.8.8.8:53 101.57.16.104.in-addr.arpa udp
US 8.8.8.8:53 45.190.222.52.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 172.64.135.21:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.19.214.37:443 cdn.otnolatrnup.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 172.64.97.6:445 www.ezojs.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 172.64.134.21:443 privacy.gatekeeperconsent.com udp
US 52.27.240.229:443 api.amplitude.com tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 37.214.19.104.in-addr.arpa udp
US 8.8.8.8:53 148.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 138.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 202.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 229.240.27.52.in-addr.arpa udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
DE 52.85.92.52:443 tags.crwdcntrl.net tcp
IE 54.77.245.72:443 bcp.crwdcntrl.net tcp
IE 54.72.69.210:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 72.245.77.54.in-addr.arpa udp
US 8.8.8.8:53 210.69.72.54.in-addr.arpa udp
US 8.8.8.8:53 52.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.20:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
IE 74.125.193.113:445 translate.google.com tcp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 g.ezoic.net udp
FR 13.39.145.251:443 g.ezoic.net tcp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 251.145.39.13.in-addr.arpa udp
IE 74.125.193.138:445 translate.google.com tcp
IE 74.125.193.101:445 translate.google.com tcp
IE 74.125.193.139:445 translate.google.com tcp
IE 74.125.193.100:445 translate.google.com tcp
IE 74.125.193.102:445 translate.google.com tcp
IE 74.125.193.138:139 translate.google.com tcp
US 8.8.8.8:53 download2268.mediafire.com udp
US 8.8.8.8:53 download2268.mediafire.com udp
US 199.91.155.9:443 download2268.mediafire.com tcp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 download2268.mediafire.com udp
US 104.19.214.37:443 otnolatrnup.com udp
US 199.91.155.9:443 download2268.mediafire.com tcp
US 8.8.8.8:53 9.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 104.19.214.37:80 otnolatrnup.com tcp
US 104.19.214.37:80 otnolatrnup.com tcp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 woreppercomming.com udp
US 8.8.8.8:53 woreppercomming.com udp
US 8.8.8.8:53 woreppercomming.com udp
IE 74.125.193.147:443 www.google.com udp
IE 209.85.203.95:443 ajax.googleapis.com tcp
DE 54.230.206.56:443 woreppercomming.com tcp
US 8.8.8.8:53 147.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 95.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 95.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 56.206.230.54.in-addr.arpa udp
US 8.8.8.8:53 www.ovardu.com udp
US 8.8.8.8:53 www.ovardu.com udp
US 8.8.8.8:53 www.ovardu.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 172.67.174.4:443 www.ovardu.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 www.opera.com udp
US 8.8.8.8:53 www.opera.com udp
US 8.8.8.8:53 www.opera.com udp
DE 3.123.145.11:443 www.opera.com tcp
US 8.8.8.8:53 94.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 4.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 94.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
IE 209.85.202.113:443 www.googleoptimize.com tcp
US 8.8.8.8:53 www-static.operacdn.com udp
US 8.8.8.8:53 www-static.operacdn.com udp
US 8.8.8.8:53 www-static.operacdn.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 translate.google.com udp
DE 52.222.190.163:443 cdn.amplitude.com tcp
US 8.8.8.8:53 11.145.123.3.in-addr.arpa udp
US 8.8.8.8:53 113.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 174.85.84.104.in-addr.arpa udp
GB 92.123.128.175:443 www.bing.com tcp
US 8.8.8.8:53 100.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 102.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 163.190.222.52.in-addr.arpa udp
US 8.8.8.8:53 175.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 52.27.240.229:443 api.amplitude.com tcp
IE 209.85.203.155:443 stats.g.doubleclick.net tcp
IE 209.85.203.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
IE 74.125.193.147:443 www.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 155.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
IE 172.253.116.94:443 www.google.co.uk udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 28.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 94.116.253.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
IE 209.85.203.95:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 172.64.134.21:443 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 btloader.com udp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 172.64.97.6:443 www.ezojs.com udp
US 172.64.134.21:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.19.215.37:443 cdn.otnolatrnup.com udp
US 8.8.8.8:53 6.97.64.172.in-addr.arpa udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 172.64.134.21:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 g.ezoic.net udp
FR 15.188.219.54:443 g.ezoic.net tcp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 go.ezodn.com udp
US 130.211.23.194:443 api.btloader.com udp
US 172.64.192.4:443 go.ezodn.com udp
US 172.64.134.21:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 37.215.19.104.in-addr.arpa udp
US 8.8.8.8:53 4.192.64.172.in-addr.arpa udp
US 8.8.8.8:53 54.219.188.15.in-addr.arpa udp
GB 96.16.109.9:443 ads.pubmatic.com tcp
IE 209.85.202.156:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 bshr.ezodn.com udp
US 8.8.8.8:53 bshr.ezodn.com udp
US 172.64.193.4:443 bshr.ezodn.com udp
IE 209.85.202.156:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
DE 52.85.92.52:443 tags.crwdcntrl.net tcp
IE 209.85.202.154:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.mediafire.com udp
IE 74.125.193.157:443 googleads.g.doubleclick.net udp
IE 74.125.193.157:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 156.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 9.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 157.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 4.193.64.172.in-addr.arpa udp
US 8.8.8.8:53 154.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 ut.pubmatic.com udp
US 8.8.8.8:53 ut.pubmatic.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
NL 185.64.189.226:443 ut.pubmatic.com tcp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 www.mediafire.com udp
IE 54.72.69.210:443 bcp.crwdcntrl.net tcp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 104.16.114.74:445 static.mediafire.com tcp
FR 15.188.219.54:443 g.ezoic.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.mediafire.com udp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 script.4dex.io udp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 68732db950fda59b23aaab3a2728678d.safeframe.googlesyndication.com udp
US 8.8.8.8:53 68732db950fda59b23aaab3a2728678d.safeframe.googlesyndication.com udp
US 8.8.8.8:53 68732db950fda59b23aaab3a2728678d.safeframe.googlesyndication.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 prebid.a-mo.net udp
IE 172.253.116.132:443 68732db950fda59b23aaab3a2728678d.safeframe.googlesyndication.com tcp
DE 51.89.9.252:443 onetag-sys.com tcp
IE 52.50.112.109:443 hb.yellowblue.io tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
IE 172.253.116.132:443 68732db950fda59b23aaab3a2728678d.safeframe.googlesyndication.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 169.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 109.112.50.52.in-addr.arpa udp
US 8.8.8.8:53 132.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 104.22.69.131:443 prebid.smilewanted.com tcp
US 104.22.69.131:443 prebid.smilewanted.com tcp
US 104.22.69.131:443 prebid.smilewanted.com tcp
US 104.22.69.131:443 prebid.smilewanted.com tcp
US 104.22.69.131:443 prebid.smilewanted.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 145.40.97.67:443 prebid.a-mo.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
IE 52.17.192.45:443 ads.yieldmo.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
IE 209.85.202.132:443 tpc.googlesyndication.com tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
DE 54.192.210.17:443 cdn.prod.uidapi.com tcp
IE 54.77.245.72:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 104.26.9.169:443 script.4dex.io tcp
US 104.16.113.74:445 www.mediafire.com tcp
US 8.8.8.8:53 static.mediafire.com udp
IE 209.85.202.132:443 tpc.googlesyndication.com tcp
IE 209.85.202.132:443 tpc.googlesyndication.com tcp
IE 209.85.202.132:443 tpc.googlesyndication.com tcp
IE 209.85.202.132:443 tpc.googlesyndication.com tcp
IE 209.85.202.132:443 tpc.googlesyndication.com tcp
US 104.16.114.74:139 static.mediafire.com tcp
IE 209.85.202.132:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 172.64.192.4:443 bshr.ezodn.com udp
US 8.8.8.8:53 131.69.22.104.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 132.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 17.210.192.54.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 cdn.ampproject.org udp
IE 74.125.193.147:443 www.google.com udp
IE 74.125.193.147:443 www.google.com udp
IE 209.85.202.132:443 tpc.googlesyndication.com udp
IE 74.125.193.147:443 www.google.com tcp
IE 209.85.203.132:443 cdn.ampproject.org tcp
IE 209.85.203.132:443 cdn.ampproject.org tcp
IE 209.85.203.132:443 cdn.ampproject.org tcp
IE 209.85.203.132:443 cdn.ampproject.org tcp
IE 209.85.203.132:443 cdn.ampproject.org tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.google.com udp
IE 209.85.202.132:443 tpc.googlesyndication.com udp
IE 209.85.202.156:443 googleads.g.doubleclick.net udp
IE 209.85.202.132:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 132.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 oajs.openx.net udp
IE 74.125.193.147:443 www.google.com tcp
US 34.120.107.143:443 oajs.openx.net tcp
US 8.8.8.8:53 156.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id5-sync.com udp
IE 209.85.203.95:443 translate-pa.googleapis.com udp
DE 162.19.138.117:443 id5-sync.com tcp
IE 209.85.203.95:443 translate-pa.googleapis.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.19.214.37:443 otnolatrnup.com udp
US 8.8.8.8:53 download2268.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 199.91.155.9:443 download2268.mediafire.com tcp
US 8.8.8.8:53 143.107.120.34.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 154.116.253.172.in-addr.arpa udp
US 104.19.214.37:443 otnolatrnup.com tcp
US 199.91.155.9:443 download2268.mediafire.com tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 www.mediafire.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 34.120.107.143:443 oajs.openx.net udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 www.mediafire.com udp
IE 74.125.193.147:443 www.google.com udp
US 104.22.68.131:443 csync.smilewanted.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 gum.criteo.com udp
DE 51.38.120.206:443 onetag-sys.com tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
IE 52.17.192.45:443 ads.yieldmo.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 id.a-mx.com udp
IE 52.17.192.45:443 ads.yieldmo.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 131.68.22.104.in-addr.arpa udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 66.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 match.adsrvr.org udp
US 172.64.192.4:443 bshr.ezodn.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 172.64.192.4:443 bshr.ezodn.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
IE 74.125.193.157:443 googleads.g.doubleclick.net udp
IE 209.85.202.154:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 sploit-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 sploit-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 8.8.8.8:53 www.mediafire.com udp
GB 20.162.145.158:443 sploit-edge.smartscreen.microsoft.com tcp
IE 209.85.202.132:443 tpc.googlesyndication.com udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
GB 13.87.96.169:443 dl-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 65.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 158.145.162.20.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
IE 74.125.193.157:443 googleads.g.doubleclick.net udp
IE 209.85.202.156:443 googleads.g.doubleclick.net udp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 dnacdn.net udp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
FR 185.235.86.56:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 match.adsrvr.org udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 56.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 104.18.36.155:443 ssum-sec.casalemedia.com tcp
US 104.18.36.155:443 ssum-sec.casalemedia.com tcp
US 8.8.8.8:53 assets.a-mo.net udp
US 8.8.8.8:53 assets.a-mo.net udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 104.19.158.19:443 assets.a-mo.net tcp
NL 185.235.87.187:443 gem.gbc.criteo.com tcp
US 104.18.36.155:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
GB 185.64.190.79:443 image8.pubmatic.com tcp
IE 74.125.193.157:443 cm.g.doubleclick.net tcp
IE 74.125.193.157:443 cm.g.doubleclick.net tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 187.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 static.smilewanted.com udp
US 8.8.8.8:53 static.smilewanted.com udp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 cdn.indexww.com udp
DE 52.58.248.46:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 sync.mathtag.com udp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 216.200.232.249:443 sync.mathtag.com tcp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 t.adx.opera.com udp
DE 37.252.171.149:443 ib.adnxs.com tcp
DE 51.38.120.206:443 onetag-sys.com udp
US 80.77.87.163:443 cs.admanmedia.com tcp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
NL 82.145.213.8:443 t.adx.opera.com tcp
FR 154.54.250.151:443 ads.stickyadstv.com tcp
NL 81.17.55.123:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 x.bidswitch.net udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 79.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 90.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 46.248.58.52.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 149.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 151.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 123.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 208.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 147.128.46.52.in-addr.arpa udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 ow.pubmatic.com udp
US 8.8.8.8:53 ow.pubmatic.com udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
NL 131.153.158.209:443 id.a-mx.com tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
US 8.8.8.8:53 sync.a-mo.net udp
NL 213.19.162.71:443 prebid-server.rubiconproject.com tcp
NL 145.40.97.67:443 prebid.a-mo.net tcp
NL 145.40.97.67:443 prebid.a-mo.net tcp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
NL 81.17.55.97:443 sync.smartadserver.com tcp
NL 81.17.55.97:443 sync.smartadserver.com tcp
US 8.8.8.8:53 209.158.153.131.in-addr.arpa udp
US 8.8.8.8:53 116.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 71.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
NL 185.89.211.12:443 secure.adnxs.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
NL 185.89.211.12:443 secure.adnxs.com tcp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 ice.360yield.com udp
US 8.8.8.8:53 ice.360yield.com udp
US 8.8.8.8:53 ice.360yield.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
IE 63.32.195.109:443 ice.360yield.com tcp
IE 63.32.195.109:443 ice.360yield.com tcp
US 8.8.8.8:53 97.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 12.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 35.244.159.8:443 u.openx.net tcp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
IE 54.194.215.148:443 ap.lijit.com tcp
IE 54.194.215.148:443 ap.lijit.com tcp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 csync.smilewanted.com udp
DK 37.157.3.20:443 cm.adform.net tcp
DK 37.157.3.20:443 cm.adform.net tcp
US 8.8.8.8:53 109.195.32.63.in-addr.arpa udp
US 8.8.8.8:53 148.215.194.54.in-addr.arpa udp
US 8.8.8.8:53 us.shb-sync.com udp
US 8.8.8.8:53 us.shb-sync.com udp
US 8.8.8.8:53 us.shb-sync.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.2.110.33:443 us.shb-sync.com tcp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 csync.smilewanted.com udp
DE 18.155.145.11:443 s.ad.smaato.net tcp
US 8.8.8.8:53 20.3.157.37.in-addr.arpa udp
US 8.8.8.8:53 33.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 11.145.155.18.in-addr.arpa udp
NL 178.250.1.8:443 bidder.criteo.com tcp
DE 51.89.9.252:443 onetag-sys.com tcp
US 8.8.8.8:53 ow.pubmatic.com udp
US 8.8.8.8:53 ow.pubmatic.com udp
NL 185.64.189.116:443 ow.pubmatic.com tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
NL 81.17.55.109:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 www.mediafire.com udp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 109.55.17.81.in-addr.arpa udp
US 104.18.36.155:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 t.pubmatic.com udp
US 8.8.8.8:53 t.pubmatic.com udp
NL 185.64.189.226:443 t.pubmatic.com tcp
DE 52.58.248.46:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 ads.us.e-planning.net udp
US 8.8.8.8:53 ads.us.e-planning.net udp
US 8.8.8.8:53 ads.us.e-planning.net udp
US 8.8.8.8:53 www.mediafire.com udp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 lexicon.33across.com udp
US 35.244.193.51:443 lexicon.33across.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 3.178.3.193.in-addr.arpa udp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 hbx.media.net udp
US 8.8.8.8:53 hbx.media.net udp
GB 23.44.232.24:443 hbx.media.net tcp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 24.232.44.23.in-addr.arpa udp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
DE 51.89.9.252:443 onetag-sys.com udp
IE 209.85.202.132:443 tpc.googlesyndication.com udp
IE 74.125.193.157:443 cm.g.doubleclick.net udp
IE 209.85.202.156:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 g.ezoic.net udp
US 172.64.134.21:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 hb.yellowblue.io udp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
IE 172.253.116.94:443 www.google.co.uk udp
IE 209.85.202.132:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
IE 209.85.202.132:443 tpc.googlesyndication.com udp
IE 209.85.202.154:443 securepubads.g.doubleclick.net udp
IE 74.125.193.157:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 13.107.246.64:443 edge-mobile-static.azureedge.net tcp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.253.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 drilmoralwandreowpops.shop udp
US 172.67.207.102:443 drilmoralwandreowpops.shop tcp
US 8.8.8.8:53 technologyenterdo.shop udp
US 172.67.180.132:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 detectordiscusser.shop udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 8.8.8.8:53 102.207.67.172.in-addr.arpa udp
US 8.8.8.8:53 132.180.67.172.in-addr.arpa udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 associationokeo.shop udp
US 104.21.10.242:443 associationokeo.shop tcp
US 8.8.8.8:53 191.202.67.172.in-addr.arpa udp
US 8.8.8.8:53 242.10.21.104.in-addr.arpa udp
US 172.67.207.102:443 drilmoralwandreowpops.shop tcp
US 172.67.180.132:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 104.21.10.242:443 associationokeo.shop tcp
US 172.67.207.102:443 drilmoralwandreowpops.shop tcp
US 172.67.180.132:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 104.21.10.242:443 associationokeo.shop tcp
US 172.67.207.102:443 drilmoralwandreowpops.shop tcp
US 8.8.8.8:53 97.32.109.52.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 172.67.180.132:443 technologyenterdo.shop tcp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 104.21.10.242:443 associationokeo.shop tcp
US 8.8.8.8:53 63.141.182.52.in-addr.arpa udp
US 172.67.207.102:443 drilmoralwandreowpops.shop tcp
US 172.67.180.132:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 104.21.10.242:443 associationokeo.shop tcp
US 172.67.207.102:443 drilmoralwandreowpops.shop tcp
US 172.67.180.132:443 technologyenterdo.shop tcp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 104.21.10.242:443 associationokeo.shop tcp
US 172.67.207.102:443 drilmoralwandreowpops.shop tcp
US 172.67.180.132:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 104.21.10.242:443 associationokeo.shop tcp
US 172.67.207.102:443 drilmoralwandreowpops.shop tcp
US 172.67.180.132:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 104.21.10.242:443 associationokeo.shop tcp

Files

C:\Users\Admin\AppData\Local\Temp\7zO46FDE899\Set-up.exe

MD5 37668418edb0f30c6f38d08c5ef319b7
SHA1 72d173273dfc9a5cf0661ece8e6d90c602679ba2
SHA256 4a7930a7130fe7c3c9822d90517e873e3e477c9a6978d096f740dc5b03770365
SHA512 9c5c0c3a095824c51c349487c2366e4dcd1f3602082627296ac06569b72e28ef1d976f8b3ef8df30a81d4483c3220cbb6ee429f7ad4633d8692b9bf3f4104fd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 044b025576e143b0589ddb81bee674f5
SHA1 98d4b036e99ddf4000ef7387efcf5412d9fcfc2e
SHA256 08cac7507cc2271f081a39fa97d36bbd7e25d2d0685b722a2ef3fe838e6d67ea
SHA512 0bd5fee4d38ca627c945ee460274ccfcf1cdf890a553f48c3f5a50825f8272e055d1c263ab077af9c365484b07ab8120d21bf039ffad0bf6743c15eb0cbdd40a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9472e8c9ab2b685e36225d241284ec51
SHA1 caea054aee406868f22ba650df9a7aabeee9fe0e
SHA256 8c50fd149e898a48567beb1f92034111f427f388e5b0adc18acd82722f3f8f78
SHA512 9467893fffe535a315c85a455195a91bcf6a4b0df062af896e760eea47f18ecd3ce2084923e6ba546b9ce17a3650510c9b411fc9c9d94f57c9c66a90c0453fda

\??\pipe\crashpad_4100_VKQBHJQBBSMXIXFA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 376e951336d7dfcc63fb374f799e3964
SHA1 5f38ddb6efd22d2e04112f085e2cf5ed25b60f38
SHA256 42c434f0b8eff29b9739026d3a0e3cde31b47a0126b7489c640f1d2defa16936
SHA512 8ca2953d00faf14178b2b6eb24f4ce4d7070d5cda59ec256c0cfd71e5520064b912bbdb8af0878e90bf8c3324d9bec1a209471ee86a991880d5a443ce881af72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b618111f-4703-434f-b27a-5f971d882ce3.tmp

MD5 9ed833dcf1b0e05b7fa3a7e84cef6823
SHA1 d4c8f3fbfa3dba9b59b1976c60b8307cf6d9a455
SHA256 e27385ff0079e62f3cc0bfd5eca70b8b1489eceb23d5ebdc14d6ddcc99f9bbb8
SHA512 420f9c45ac4ebee2fd5b63af58bb23c54a1c92599514af3456b7b2dc51d32478e335d6777d9aa36078191bc2104e4411a741fca3d856cb8fea87adfa7da14673

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c5487fd344a3894142ab6370e705fb6f
SHA1 32451c85a03c9371d655b1f9876d7ca773aafd8b
SHA256 79e23777d0258d0291168b39d8779a5c003e2fdbba9c190bee22a416a4a8b977
SHA512 2d2d36ae89e6648b3f46ba3ceb979e922c80a1c9fd73a34bb4f68b68b323c735ef3d2e2815c8f5d2cc0c06c01c2344d286a3967e64c8b92e299b8f15aecd6a72

C:\Users\Admin\Desktop\Setup_files\x86\Acrobat\AGM.dll

MD5 8d573b19c397d68c416c45025b2ccea4
SHA1 0bdb0704d22ff7ef9e7ae61d512e198ca162e475
SHA256 f42713fdf517e56d7148ce47ea6e5ca953086ffd024258736e1dff78ebcc5e47
SHA512 196d2732b1c428f2993884d66780cc05329be33b2fbf0be01152c0e652f4f0b9c8786409cc171c3a4ebe89f9b6e9f9db1dc2f586f7e49e0687764769481f11d4

C:\Users\Admin\Desktop\Setup_files\x86\Acrobat\AdobeXMP.dll

MD5 7c3033588c1a187918cf3fd246069a3f
SHA1 2b637a9d37de604ae8e98fcbc73746ccc0402b31
SHA256 e958f4ed8272a96e599ff9f0a79331e7b5109104a9d20d3f760c7eb162daf7e0
SHA512 80d513d25477081c84af87e8127a02bb332204ad7399ac653a27ca726e446fd25518d36189bf90b10cbf34119d35501e006a2e06dbca5a96dc2348aff6b6fe91

C:\Users\Admin\Desktop\Setup_files\x86\Acrobat\AIDE.dll

MD5 ad388ce4c2cc3aaff605994da782d57e
SHA1 f43c3f588c77a34e8b81b63247ac1d7657016050
SHA256 d3ba1adbfeef8f19e4aa570299c06d39a87dfc5fe3d85946270b722e44dacda7
SHA512 f8e8f0fc5d8e01f8afe1aac55d3a301fa0019c6e80099616abf5a41c09aeabd0294e4391ddac170c2cd5bcff0b9e9cb4b559a2eca50a273e398083542065e27b

C:\Users\Admin\Desktop\Setup_files\x86\ACE.dll

MD5 d0ae82cdf9911bec3eddda128602af04
SHA1 58e167521f2b028d03aeb6c926d34c2c969fa9c6
SHA256 f9675304d13efaee32e6b4a3317b64231a59b684532a898d12b4e7ed88518afd
SHA512 c1520462a8e02ab09e2a101207e88cf6861b48c32b7c2523047251496479740a84987fb19aba4dc8610abe2c81e5f7dbc80c51b8667f4953e17dda583d27557d

C:\Users\Admin\Desktop\Setup_files\VCRUNTIME140.dll

MD5 49c96cecda5c6c660a107d378fdfc3d4
SHA1 00149b7a66723e3f0310f139489fe172f818ca8e
SHA256 69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc
SHA512 e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

C:\Users\Admin\Desktop\Setup_files\baronet.psd

MD5 0269a57b6e0f2335d1854467fdb77fe5
SHA1 5cf7735bda9004fc7f273d8d2107083327f60dab
SHA256 59578736a427cdf58ddb75d261833c07f88bf30fce418c3169361e71bda83e51
SHA512 1093b825c8df5cf8acc84710625af542872eac3b0d5a81eee7fc29059be7e3c1e163712a1455306ca66bfae287d64e392edfe7d5cc47c30a90a7e2c8d11bb914

C:\Users\Admin\Desktop\Setup_files\vcruntime140_1.dll

MD5 cf0a1c4776ffe23ada5e570fc36e39fe
SHA1 2050fadecc11550ad9bde0b542bcf87e19d37f1a
SHA256 6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47
SHA512 d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168

C:\Users\Admin\Desktop\Setup_files\msvcp140.dll

MD5 1ba6d1cf0508775096f9e121a24e5863
SHA1 df552810d779476610da3c8b956cc921ed6c91ae
SHA256 74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823
SHA512 9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

C:\Users\Admin\Desktop\Setup_files\mozglue.dll

MD5 f6bfad927df2d41d45b81b2aad66579b
SHA1 48a057a409bd5091f25acdfcd48d1b9dc34f89e1
SHA256 cc7df4b14c7f0429036417e7eab4457989a116d54017082aa877f4bdd001cac9
SHA512 3fe337193c656ca1fe7fa59975f0861eb3f6700c86e2edf814b4d1d109480f70f12e0d0bb470f34e449a630ed443746ac763e3b53f20f673779489c9da1ef39b

C:\Users\Admin\Desktop\Setup_files\alabamine.odp

MD5 eb5cfac8d73685f03badbe6f173e0a30
SHA1 33d3789b2edc20006dbdda37563d29897a1ac6d6
SHA256 8bdb171e0e2c2c1b7687d9bc815549b6985f094efbc3566205c5b279f2537a48
SHA512 791222dc7d27be70bf1d011e6b136f8f54cc5ef671a8d96a91ab3154736c2d2736438d08af0528940f778a84893f748d17084857b30360aee13f38cfb7c46649

memory/5028-529-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/5028-536-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/5028-537-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\afdfc74e

MD5 b8cd6b99f5206bacc29d26504031e303
SHA1 ae5a90d40dad9903c11e112c28c2ddd57fca57dc
SHA256 3297d18ce3084d09d8ed475b23a2df23bc989d8987a685252ca885e1349acf22
SHA512 670881b20947611f9c0d2bec054d63049929aaca505f1faf19b4e547a04c83aea26579274359c1d419610ed397443f5b66e2f10d77c7f5b03655d1d673cf83a1

memory/4720-540-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/2532-556-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/2532-569-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/2532-570-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\b7aaa03f

MD5 71b5b20eb7d3fc64620149738758e053
SHA1 29e861cc1189407c7c19e0e6db85bf2a1d6032ce
SHA256 ba7c535d153821889b8ddd23b7dd9818e85fe19177a2ea46eb4645824b076eb6
SHA512 31ee5ae42aafb29044e876eb5192c241b7ca3d973c230af3495eb82aef1a6094608f79d21836ec2aa9efd69648276418c305e31f0db9d6b74c621d1c7510a770

memory/4720-575-0x0000000075490000-0x000000007560B000-memory.dmp

memory/4720-576-0x0000000075490000-0x000000007560B000-memory.dmp

memory/5912-578-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4240-586-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

C:\Users\Admin\AppData\Roaming\pla\mozglue.dll

MD5 169238472c2546d616ca7d25d3cf910e
SHA1 a00a469bffe4c1222e597892f193ff9f083d8c8e
SHA256 ea5be1d855a356a3912e6c56285d02f5252bc3f2b7f4c62122944185866221e5
SHA512 8a07821ebf5c8c514ba115554e7e3ecaf956436c1ec5a654be42953fb37bb384d16e2f8e7950396966d520dce000d61b317a7b05d6d3af7e4d49547611859957

memory/4240-599-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/4720-601-0x0000000075490000-0x000000007560B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Kerwinn.pif

MD5 578b84dffcdde848e5726fb87f7795fc
SHA1 54e40becf54cbf4a1c30558140febc872e14ee6b
SHA256 3af13cc9a44cd8ac077ae3d1b8a00625e5e288c51d6d797231b2de4a1aba87fd
SHA512 0d73f2ef0664d273f096fd17a0d4a7c73adbaf1551a041cb7802a9bd6d69c04121c561e57b8dfdd7a415899568baf832cb44307d4024d053049b976cc870e5e3

memory/5724-603-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4240-604-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\bf2aff19

MD5 20f413800d477dbfd3a959ff99ec6df4
SHA1 786d1bd295ad2ab2e2437467348bbcb2ddfdfcde
SHA256 22880ba655b7b9862b7c25fe003079cf0222a7461ec87621a69a3aba941940a4
SHA512 d0757624be9aa0dba8da6b9e8830d7cb0dfd5532e373bafc2219b1b49682c55b823be66dc14336f5db826e5a0d74bfe4730c1d08148af99c32724de2a8a5825d

memory/5724-609-0x00000000005A0000-0x00000000005EA000-memory.dmp

memory/5200-610-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/644-613-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/5724-614-0x0000000000100000-0x0000000000154000-memory.dmp

memory/5724-615-0x0000000000C70000-0x0000000000C71000-memory.dmp

memory/5724-616-0x0000000000C70000-0x0000000000C71000-memory.dmp

memory/5724-618-0x0000000000C70000-0x0000000000C71000-memory.dmp

memory/5724-621-0x00000000005A0000-0x00000000005EA000-memory.dmp

memory/644-622-0x00000000005B0000-0x00000000005FA000-memory.dmp

memory/644-627-0x0000000000100000-0x0000000000154000-memory.dmp

memory/644-628-0x00000000010B0000-0x00000000010B1000-memory.dmp

memory/644-630-0x00000000005B0000-0x00000000005FA000-memory.dmp

memory/5708-632-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/5708-633-0x0000000000340000-0x000000000038A000-memory.dmp

memory/5708-636-0x0000000000100000-0x0000000000154000-memory.dmp

memory/5708-638-0x0000000000CB0000-0x0000000000CE2000-memory.dmp

memory/5708-637-0x0000000000CB0000-0x0000000000CE2000-memory.dmp

memory/5708-639-0x0000000000CB0000-0x0000000000CE2000-memory.dmp

memory/5708-640-0x0000000000CB0000-0x0000000000CE2000-memory.dmp

memory/5708-646-0x0000000000340000-0x000000000038A000-memory.dmp

memory/5716-648-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/5716-655-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/5716-656-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/4480-658-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4752-661-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4752-662-0x0000000000820000-0x000000000086A000-memory.dmp

memory/4396-663-0x00007FFC81410000-0x00007FFC81420000-memory.dmp

memory/4396-665-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-664-0x00007FFC81410000-0x00007FFC81420000-memory.dmp

memory/4396-666-0x00007FFC81410000-0x00007FFC81420000-memory.dmp

memory/4396-668-0x00007FFC81410000-0x00007FFC81420000-memory.dmp

memory/4396-667-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-670-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-669-0x00007FFC81410000-0x00007FFC81420000-memory.dmp

memory/4396-671-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-672-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-673-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-674-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-675-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-677-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-676-0x00007FFC7F3B0000-0x00007FFC7F3C0000-memory.dmp

memory/4396-678-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-679-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-680-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-681-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-682-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-684-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-683-0x00007FFC7F3B0000-0x00007FFC7F3C0000-memory.dmp

memory/4752-686-0x0000000000100000-0x0000000000154000-memory.dmp

memory/4752-687-0x0000000001660000-0x0000000001692000-memory.dmp

memory/4752-689-0x0000000001660000-0x0000000001692000-memory.dmp

memory/4752-690-0x0000000001660000-0x0000000001692000-memory.dmp

memory/4752-688-0x0000000001660000-0x0000000001692000-memory.dmp

memory/4752-702-0x0000000000820000-0x000000000086A000-memory.dmp

memory/4396-713-0x00007FFC81410000-0x00007FFC81420000-memory.dmp

memory/4396-714-0x00007FFC81410000-0x00007FFC81420000-memory.dmp

memory/4396-715-0x00007FFC81410000-0x00007FFC81420000-memory.dmp

memory/4396-716-0x00007FFC81410000-0x00007FFC81420000-memory.dmp

memory/4396-717-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-718-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4396-719-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/5372-720-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/5372-727-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/5372-728-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/5492-730-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/3848-731-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/3848-738-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/5492-741-0x0000000075530000-0x00000000756AB000-memory.dmp

memory/5492-742-0x0000000075530000-0x00000000756AB000-memory.dmp

memory/3848-743-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/3676-745-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/3676-752-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/5492-754-0x0000000075530000-0x00000000756AB000-memory.dmp

memory/3876-755-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/4880-756-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/3676-757-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/6072-759-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/6072-766-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/4880-767-0x0000000000BB0000-0x0000000000BFA000-memory.dmp

memory/3564-768-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmp

memory/6072-772-0x00007FFCA3920000-0x00007FFCA3A92000-memory.dmp

memory/4880-774-0x0000000000100000-0x0000000000154000-memory.dmp

memory/4880-775-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

memory/4880-777-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

memory/4880-776-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

memory/4880-778-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

memory/2604-787-0x0000000000100000-0x0000000000154000-memory.dmp

memory/2604-788-0x00000000011A0000-0x00000000011D2000-memory.dmp

memory/2604-789-0x00000000011A0000-0x00000000011D2000-memory.dmp

memory/2604-791-0x00000000011A0000-0x00000000011D2000-memory.dmp

memory/2604-790-0x00000000011A0000-0x00000000011D2000-memory.dmp

memory/2604-792-0x00000000011A0000-0x00000000011D2000-memory.dmp

memory/3700-799-0x0000000000100000-0x0000000000154000-memory.dmp

memory/3700-800-0x0000000000C60000-0x0000000000C92000-memory.dmp

memory/3700-801-0x0000000000C60000-0x0000000000C92000-memory.dmp

memory/3700-802-0x0000000000C60000-0x0000000000C92000-memory.dmp

memory/3700-803-0x0000000000C60000-0x0000000000C92000-memory.dmp