Malware Analysis Report

2025-08-10 23:25

Sample ID 240402-errywagg73
Target https://www.mediafire.com/file/y0gyidy1hc9zkov/Password_-_rusthack7615.rar/file
Tags
lumma slack phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.mediafire.com/file/y0gyidy1hc9zkov/Password_-_rusthack7615.rar/file was found to be: Known bad.

Malicious Activity Summary

lumma slack phishing stealer

Lumma Stealer

Detect Lumma Stealer payload V4

Executes dropped EXE

Detected potential entity reuse from brand slack.

Modifies registry class

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-02 04:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-02 04:10

Reported

2024-04-02 04:13

Platform

win10v2004-20240226-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/y0gyidy1hc9zkov/Password_-_rusthack7615.rar/file

Signatures

Detect Lumma Stealer payload V4

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0C89A549\Cheat.exe N/A

Detected potential entity reuse from brand slack.

phishing slack

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2024 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/y0gyidy1hc9zkov/Password_-_rusthack7615.rar/file

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa09f346f8,0x7ffa09f34708,0x7ffa09f34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7244 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Password - rusthack7615.rar"

C:\Users\Admin\AppData\Local\Temp\7zO0C89A549\Cheat.exe

"C:\Users\Admin\AppData\Local\Temp\7zO0C89A549\Cheat.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 74.113.16.104.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
GB 142.250.187.206:443 translate.google.com tcp
US 172.64.128.8:443 www.ezojs.com tcp
US 18.239.190.222:443 cdn.amplitude.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 g.ezoic.net udp
FR 35.181.89.222:443 g.ezoic.net tcp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.128.64.172.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 222.190.239.18.in-addr.arpa udp
US 8.8.8.8:53 22.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 222.89.181.35.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 172.64.192.4:443 go.ezodn.com tcp
US 172.64.192.4:443 go.ezodn.com tcp
US 172.64.192.4:443 go.ezodn.com tcp
GB 142.250.180.10:443 translate.googleapis.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 api.amplitude.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 35.165.65.105:443 api.amplitude.com tcp
US 172.64.192.4:443 go.ezodn.com tcp
US 172.64.192.4:443 go.ezodn.com tcp
US 172.64.192.4:443 go.ezodn.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 95.101.143.19:80 apps.identrust.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 64.233.184.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
GB 104.115.32.236:443 ads.pubmatic.com tcp
US 35.165.65.105:443 api.amplitude.com tcp
GB 142.250.187.226:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 bshr.ezodn.com udp
US 172.64.193.4:443 bshr.ezodn.com tcp
GB 142.250.187.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 4.192.64.172.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 6.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 155.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 236.32.115.104.in-addr.arpa udp
US 8.8.8.8:53 105.65.165.35.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.193.64.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 ut.pubmatic.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 185.64.190.82:443 ut.pubmatic.com tcp
GB 142.250.187.206:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 82.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
FR 35.181.89.222:443 g.ezoic.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 rt.marphezis.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 178.128.135.204:443 rt.marphezis.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 18.239.209.27:443 cdn.prod.uidapi.com tcp
US 18.239.208.47:443 tags.crwdcntrl.net tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 104.26.8.169:443 script.4dex.io tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
DE 51.89.9.253:443 onetag-sys.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 18.239.208.19:443 hb.yellowblue.io tcp
US 8.8.8.8:53 id5-sync.com udp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 cadmus.script.ac udp
DE 162.19.138.82:443 id5-sync.com tcp
US 8.8.8.8:53 oajs.openx.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 172.217.16.228:443 www.google.com udp
US 104.18.22.145:443 cadmus.script.ac tcp
US 178.128.135.204:443 rt.marphezis.com tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 34.120.135.53:443 oajs.openx.net tcp
IE 54.155.211.205:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 5577f62f1ab8fc05fb81f8b4e07f2164.safeframe.googlesyndication.com udp
GB 142.250.180.1:443 5577f62f1ab8fc05fb81f8b4e07f2164.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 s0.2mdn.net udp
US 34.120.135.53:443 oajs.openx.net udp
GB 142.250.200.6:443 s0.2mdn.net tcp
GB 172.217.16.234:443 ajax.googleapis.com tcp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 180.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 27.209.239.18.in-addr.arpa udp
US 8.8.8.8:53 209.30.22.104.in-addr.arpa udp
US 8.8.8.8:53 47.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 19.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 253.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 204.135.128.178.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 205.211.155.54.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 172.217.16.225:443 cdn.ampproject.org tcp
US 8.8.8.8:53 google-bidout-d.openx.net udp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 172.217.16.225:443 cdn.ampproject.org udp
US 8.8.8.8:53 dnacdn.net udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
GB 142.250.187.226:443 securepubads.g.doubleclick.net udp
FR 185.235.86.26:443 ag.gbc.criteo.com tcp
NL 185.235.87.214:443 gem.gbc.criteo.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 26.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 214.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
DE 79.127.216.47:443 id.a-mx.com tcp
DE 51.89.9.253:443 onetag-sys.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 151.101.1.108:443 acdn.adnxs.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 119.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 download1530.mediafire.com udp
US 205.196.123.218:443 download1530.mediafire.com tcp
US 205.196.123.218:443 download1530.mediafire.com tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 216.200.232.249:443 sync.mathtag.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
NL 81.17.55.108:443 ssbsync-global.smartadserver.com tcp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
FR 154.54.250.151:443 ads.stickyadstv.com tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
US 8.8.8.8:53 static.smilewanted.com udp
DE 3.73.17.159:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 x.bidswitch.net udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 sync.smartadserver.com udp
FR 5.196.111.73:443 sync.smartadserver.com tcp
US 8.8.8.8:53 218.123.196.205.in-addr.arpa udp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 108.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 79.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 151.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 159.17.73.3.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 ice.360yield.com udp
IE 54.77.210.83:443 ice.360yield.com tcp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 cm.adform.net udp
DK 37.157.5.133:443 cm.adform.net tcp
IE 18.203.27.132:443 ap.lijit.com tcp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 52.46.151.131:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 us.shb-sync.com udp
US 8.2.110.33:443 us.shb-sync.com tcp
US 8.8.8.8:53 s.ad.smaato.net udp
US 18.239.208.71:443 s.ad.smaato.net tcp
US 8.8.8.8:53 83.210.77.54.in-addr.arpa udp
US 8.8.8.8:53 132.27.203.18.in-addr.arpa udp
US 8.8.8.8:53 133.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 73.111.196.5.in-addr.arpa udp
US 8.8.8.8:53 131.151.46.52.in-addr.arpa udp
US 8.8.8.8:53 33.110.2.8.in-addr.arpa udp
US 18.239.208.71:443 s.ad.smaato.net tcp
US 8.8.8.8:53 71.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 adclick.g.doubleclick.net udp
US 8.8.8.8:53 slack.com udp
GB 18.169.61.189:443 slack.com tcp
US 8.8.8.8:53 d34u8crftukxnk.cloudfront.net udp
US 8.8.8.8:53 a.slack-edge.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 reveal.clearbit.com udp
US 18.239.190.42:443 d34u8crftukxnk.cloudfront.net tcp
US 18.239.208.126:443 a.slack-edge.com tcp
US 18.239.208.126:443 a.slack-edge.com tcp
US 18.239.208.126:443 a.slack-edge.com tcp
US 18.239.208.126:443 a.slack-edge.com tcp
US 18.239.208.126:443 a.slack-edge.com tcp
US 18.239.208.126:443 a.slack-edge.com tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
GB 18.134.250.23:443 reveal.clearbit.com tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 189.61.169.18.in-addr.arpa udp
US 8.8.8.8:53 42.190.239.18.in-addr.arpa udp
US 8.8.8.8:53 52.178.19.104.in-addr.arpa udp
US 8.8.8.8:53 23.250.134.18.in-addr.arpa udp
US 8.8.8.8:53 126.208.239.18.in-addr.arpa udp
US 18.239.208.126:443 a.slack-edge.com tcp
US 8.8.8.8:53 a11179690159.cdn.optimizely.com udp
US 8.8.8.8:53 cdn3.optimizely.com udp
US 8.8.8.8:53 api.demandbase.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
GB 104.84.92.152:443 a11179690159.cdn.optimizely.com tcp
GB 23.64.33.30:443 cdn3.optimizely.com tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
NL 18.238.243.68:443 api.demandbase.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 152.92.84.104.in-addr.arpa udp
US 8.8.8.8:53 30.33.64.23.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 68.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 24.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 logx.optimizely.com udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 www.youtube-nocookie.com udp
GB 216.58.212.238:443 www.youtube-nocookie.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.238:443 www.youtube-nocookie.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 246.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 cdn.schemaapp.com udp
US 8.8.8.8:53 www.mczbf.com udp
NL 18.239.50.86:443 cdn.schemaapp.com tcp
US 18.239.208.90:443 www.mczbf.com tcp
US 34.111.140.246:443 logx.optimizely.com tcp
US 34.111.140.246:443 logx.optimizely.com tcp
US 8.8.8.8:53 data.schemaapp.com udp
US 18.239.208.90:443 www.mczbf.com tcp
US 18.239.208.7:443 data.schemaapp.com tcp
NL 18.239.50.86:443 cdn.schemaapp.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 6321597.fls.doubleclick.net udp
GB 216.58.204.70:443 6321597.fls.doubleclick.net tcp
US 8.8.8.8:53 86.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 246.140.111.34.in-addr.arpa udp
US 8.8.8.8:53 90.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 7.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 216.58.204.70:443 6321597.fls.doubleclick.net udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 8.8.8.8:53 ow.pubmatic.com udp
NL 185.64.189.116:443 ow.pubmatic.com tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
US 8.8.8.8:53 assets.a-mo.net udp
US 104.19.158.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 116.189.64.185.in-addr.arpa udp
DE 3.73.17.159:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 t.pubmatic.com udp
NL 81.17.55.108:443 ssbsync-global.smartadserver.com tcp
DE 79.127.216.47:443 id.a-mx.com tcp
NL 185.89.210.180:443 secure.adnxs.com tcp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
NL 213.19.162.71:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 sync.a-mo.net udp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
US 8.8.8.8:53 ads.us.e-planning.net udp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 71.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 hbx.media.net udp
GB 2.23.160.20:443 hbx.media.net tcp
US 8.8.8.8:53 lexicon.33across.com udp
US 35.244.193.51:443 lexicon.33across.com tcp
US 8.8.8.8:53 3.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 20.160.23.2.in-addr.arpa udp
GB 172.217.16.225:443 cdn.ampproject.org udp
GB 142.250.200.6:443 s0.2mdn.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
GB 142.250.178.2:443 googleads4.g.doubleclick.net tcp
GB 172.217.16.225:443 cdn.ampproject.org udp
GB 142.250.187.226:443 securepubads.g.doubleclick.net udp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.178.2:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 40.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 12632256.fls.doubleclick.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.238:443 play.google.com tcp
GB 142.250.187.238:443 play.google.com tcp
GB 216.58.204.70:443 12632256.fls.doubleclick.net udp
GB 142.250.187.238:443 play.google.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 8.8.8.8:53 onetag-sys.com udp
DE 51.89.9.254:443 onetag-sys.com tcp
GB 142.250.178.2:443 googleads4.g.doubleclick.net udp
GB 142.250.200.6:443 s0.2mdn.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 254.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 ib.adnxs.com udp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 8.8.8.8:53 20.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
GB 172.217.16.225:443 cdn.ampproject.org udp
GB 172.217.16.225:443 cdn.ampproject.org udp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.187.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 216.58.212.238:443 www.youtube-nocookie.com udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
US 172.64.155.119:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 bakedmatela.fun udp
US 8.8.8.8:53 killredls.pw udp
US 8.8.8.8:53 keewoolas.pw udp
US 8.8.8.8:53 moskhoods.pw udp
US 8.8.8.8:53 dayzilons.pw udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9f44d6f922f830d04d7463189045a5a3
SHA1 2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA256 0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA512 7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

\??\pipe\LOCAL\crashpad_2024_ASTJZSYKISWNUDPC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7740a919423ddc469647f8fdd981324d
SHA1 c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256 bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA512 7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f2211b41e449b5291a62a10ac1715d77
SHA1 b83db34f276994d985f068aed6770e7909bdcc05
SHA256 68da518149668b1b599cbf60f9e97848a8adf0378bacae5472f56daa08418598
SHA512 fe3ddc46644c9532f0f84aeb4dc8e776bfcadc5e4f8c75c21e9b4e4aa69ee9d0673699b2a1684d4b14729f8e9c275675de6d814dd04033763fdab72117111925

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 55bb2c6f3988f55ec2b85654a9abaa89
SHA1 40068b126d465b3db22e3df00498980bf2f7ba5f
SHA256 f4b4f4dd53efc7efd78213678c1ee97365052f3de6de818fe5bf704e1f49a244
SHA512 74fea3ac610d34b79a7b2cc8f04c069e677ef6ca25556b5107880494d883714f53f90bd37a71c7460def01fd2becf4033e3c2a137ea13796d3ec8fea49951ca6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f59f2d8256e29e7c0fcbb7f8368c84f7
SHA1 b45720b9e383078ac929959c1ecb1597209584e3
SHA256 bd5ff7801ae4bbe5a1f61020aec13768fc4d8d5b2b1f4777fd929a3d6252115c
SHA512 18bc9eb9e5443b512296cb08d0dba42f886ecf552e8be10e3f5bf5beab7695d6bdbed10fa1076cecd0cef9159a54a96caae20c142989c04e252179fcea05e264

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7003947925c15af921307c604e24d787
SHA1 55ac0401837b0004660f5cf9f193bf5739349ed4
SHA256 b9ec20ce4d318c97d46e84ee3449a1fe13585d26a0f475398aa1e4a1077f1fdb
SHA512 0df68a20d064994659d16f48067d9f6ad7c87ad805607229c4e8f5cde6b5294d9e1444b2f26a7ad3c8d4b4d40b16199f14f731358f290198f322d67f2e980cdb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4b7ffe2794a6ad2e8ab50e362b789180
SHA1 451170d9d9c754366849be16bf3821632e302907
SHA256 68ddf5bed36aab4d1ef6fa8b2fecc04940d1e61465e6b58e0863a4d74f76944f
SHA512 b8db48f93ff200c924d53183bb18e8880e8856118a0ccd8baca8d9ea89fe3770e7da139cba1026f41975bf7b3083c647ef09f248f376f55a3f4bc630565fe49f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b759.TMP

MD5 020d6183673cc6cdd6ecc9a68190f551
SHA1 3217b25c2365462493f9130ac0cc5b2805ae5fe7
SHA256 6a3f30a386a046b67217ee985328e3b2c678be417a81c77fb6775d2cb0cab650
SHA512 49f43ff4923cae099c01eedfdb1cbe6c201e93769ac33e0566724d91ec19480e248b2117653d2764686a3a55772a9d84931f286f00887b21e1edc9350935775f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe57e05d.TMP

MD5 a0bfeab40fe64267fd36c9e965ffab34
SHA1 cf18c4b5b536af0ee7131a4831946bf87699b925
SHA256 f6d44ae7879a6fb78e206f74c510b025ee6295a3ce4fd6fe98439f06b94ec613
SHA512 2a41c92abe8b794c38cb7b805abcac43b4ac07ca9ccef00f504105ed297a327afd9e8e853c77c18be4ab2099010828a1faec6a3b6d163bbea62a6823724c76fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

MD5 343859b4ad03856a60d076c8cd8f22c3
SHA1 7954a27de3329b4c5eefd4bdcb8450823881aad6
SHA256 8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f
SHA512 58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ed776adf2e5b599bea170ac09cd0dfdb
SHA1 5cb652bd33e33d3a1751232404a7b8243fe012c9
SHA256 314fb9160a887e9e32fb1b39d9125ea3715bc53ac05785b029325992c122c365
SHA512 02b62c77f5dcc36466d6bac088751e561cb7594233a67857c5a84b49def86fca4e15f7282d0144991612f3d0b46670bcf7cdbd6530d566088fa05d9ab7cebdac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1b49a4304b1e5d404928909f44746201
SHA1 e558266eb58d66d42a61ae9f7b22df4814ad964e
SHA256 589fce9636d9811b1634f98a595de3000127301de7e792367523d68078f6795a
SHA512 bdfc8e54efe58b880bfc0e9df09ada11a78d0957fa5e3ef4dbbec65ceb059bc87e8c571479af33e28b50a1413d8dc1e75fd66c90819e802b9074d3b971eb63b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_prebid.a-mo.net_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 c30d2da9fb20e32f49471c06ab0b4683
SHA1 0d1aa96700760ed1564756a24a0eaba66fa27430
SHA256 28c0929af10cee967c8c4b07c6e0cffd475fd6b02ee0fa430d6394c80b8fbe1e
SHA512 431314c00a7de250551d1015b256bcdb50859d43e86729a8ef72470d619a5ef146e6cd74183dba953e0b30e6393116c48aad1b54323905ccc795e831c1c08720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 74c240d81e71ae376913677111b6fc7e
SHA1 9002418d668b0b5c3541a86fd6195693384b9fe3
SHA256 e0c7d5f46ac580b10c72b512709965137f941d206ab0995d13a77a0e3f5055ea
SHA512 66abaa43ad96f7466d1affa8bf039c90d2bd6fb64898e506fe0889ddfb3554d89a1c3e9f652724cb791c5c104ca68879e8145064173a09fe2580e3fa4fb9b64c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 48f1bb392d4cf86123e80420497fd7f9
SHA1 d93e1b87852b3664d4863aba65691772e9b516a2
SHA256 67dffef53ad5c00c67b5ec3a9f4e603ff710cfe14588087c2703074eaa223369
SHA512 dc986587ed25b08b194e1232313e6499af0576857786ddb39bdf2a066c36ce654aaa5355d920319d2a46d28735318d471db91c32c316ee426601e9c3506b2d08

C:\Users\Admin\Downloads\Password - rusthack7615.rar

MD5 3855744fdda67fc8bc5da8b9855099e7
SHA1 248d4fc090c65d0231e53d4fae84e0ef895d5554
SHA256 c3eb1fbc5e4536fecf46121419c0aadf786c0e4db748f07800a8df0dbe767b56
SHA512 4fb996d00c9cde76d2cf2768c3f43867a8eb46919490e4c7ebd2d29a935aafd7c3b3208a8e67150411190ca2f1bfb24c9182b8e49c8dd6f0958b1fc642766f13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bbdf9f827502315755720f7641f818c6
SHA1 e7aab523f391f6a8f2e9f3e09a54e625618adc67
SHA256 ecdb0ec145d31e68dd70ba77543b5f222879ae72df954262a1deefc977c79af7
SHA512 9485cfc6a52fe85f64da02e79a5b085266917f17714312db72fc8f5ac9e6443dea7e8cff710091a55abc600f19cc183a30e424978a12cc4daaf844b649a3dff1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0b48c63d90ab85c561616e842c8e9c04
SHA1 17f3ec4dbf28b8958d7c6b15bdd3f638399ff344
SHA256 e696f4baaa7b95ad71512f582cc7bced63d67e25379541e3fbedb4f5c67b31ac
SHA512 12d782c8de2b0fe9cdec149dcf9fffcb533cd29d8861b7d170d5ac7f12becac74ad54008206e7662868f95979e7c13746c96407af1fabe5fea6bed9cf6f8dc73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 972ca55662bcc8ae1d9927478c63f186
SHA1 2cad6c9e649b272e34a47c197d7a38fb131a3bef
SHA256 e9d04cfe80661578ee2e3db52e1f6b27fa6ad82d5f191d40ca83f79f76163112
SHA512 3a68aca230624fdd6be28a100eb07cd96ed29f8bc5a495efcbc7d592805083ce297724bbabf6b79f950830bba4622d1f5f5c90426be8a70db130dedbc8ecaec2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f45a2984cf6aac9c5534087343adf61b
SHA1 6d3f3accb555d304b3b91283a0dd8c6aab4d7e2e
SHA256 2bf5733522dce97ff61bb660372a1290352cff372bf7e623c7d068fe7ad4030a
SHA512 1f159e295b165f494eb826e35c7d0efc497debb683b083b0b0affb78369d5d89b78d496ebb1506e1850f4f3a67605d08bc3f0060f2c446252d94605732922792

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a39f44ddb1dd0de94225519c141c0629
SHA1 ad94c2216b7afd6906f175053fe842ce0f37aa74
SHA256 59ad3a1d55e0127411f510dc4fc4fec278a1e22dc0394bb1e4eb30e2b86d22e0
SHA512 aa99cd1cefa9ae39a41a448b3b07a654c1bf7896546b9126c8911863f75d7d39104551a3e15dbeaec06aba3bfd1057690d2c9b5c98b68b624bc93be3990cc2ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 31d9e0dc5ab6f0bac3458d14f5b9d5e4
SHA1 83b2e3d6ee0ca369ac16803e8515ce38bdfe13bd
SHA256 07ff393ee331d32e37234b8874cb10e587c7acb1d6119f0cc4c8be4c31b77419
SHA512 1e5ba64839fd8bf1351dd8ed21193e09ff7078c6ee4d9fb37e11347f8c9168a5db44ad064ca335e3265c6e0a5caa5ffbd6f030c6ee9f10a6502236e0ea65ae44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 391a04be092e9cb85bb4ddaa12f62798
SHA1 110ebb68a6b6abe4e3a6a0186fd0f42cce83bbd8
SHA256 346d1e7fb75c1a07cfac26282fb433d3cb9ea548d21b6dde7957f5a787fd780d
SHA512 6539383f4ca95be503facfe2b774b8d0647c4cdf1860176b7ae3700d6f8a977586eeb80a4861c49a16f47209b9049c0eaf4ed497b23df75e745213a7f79ed473

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a4b3551bab612104ddace80fb33f4f84
SHA1 28bfb9a7628b21ddea7f7a3a270930a5bd135410
SHA256 20031a6ef6a9bb72b653ee8e2b94bd55363f8bcea527550ad0fe5932921336dd
SHA512 0b603d1ac36ad1a512f751b4ca937fcfa487abaa846175dbbde5ca50bd8f8b023f5a180760abbc89d06eaa62a32787598c4b53b1ac7cf33125f296083006034b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ed4b24f920ba8c2c2a3a7f796ee18d89
SHA1 a520bf9899186e048c702315d685b23c2e7f15c0
SHA256 054ad15e8a38d0bc1853d6efd49399359e0ed40725116e45c43b090560a62daf
SHA512 d1327277542f652efea1ba2690d078212c42d9fe3be9caf33e4d018c4f0cfc6e9d215f9bf5a08aa8480da60f04e8440f4bf995d9c72edb2426fcfae1678b0b9b

C:\Users\Admin\AppData\Local\Temp\7zO0C89A549\Cheat.exe

MD5 57f87e9b995f252db533eef34964e6dd
SHA1 1ca4adcbeb8f0cec08fffa6381f252780d818af4
SHA256 42b01349cc6daf4d06658de2995317737ac4ea73c4594473939e5716e4e03165
SHA512 e81ae0707d81020387968f64b70e8f3ba35644f593a43744fa842b823457d39e8b291ebae425c493a12565993bf1afafdad65021d903c2b9d56441e8d6364587

memory/2948-772-0x0000000000400000-0x000000000049D000-memory.dmp

memory/2948-773-0x0000000000570000-0x00000000005F8000-memory.dmp

memory/2948-778-0x0000000000570000-0x00000000005F8000-memory.dmp

memory/2948-779-0x0000000000400000-0x000000000049D000-memory.dmp