Malware Analysis Report

2024-11-15 05:58

Sample ID 240404-tdd77ace59
Target https://file.io/fG4XRZNmgT6b
Tags
rhadamanthys stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://file.io/fG4XRZNmgT6b was found to be: Known bad.

Malicious Activity Summary

rhadamanthys stealer

Rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Executes dropped EXE

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Modifies registry class

Opens file in notepad (likely ransom note)

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-04 15:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-04 15:56

Reported

2024-04-04 15:59

Platform

win10v2004-20240226-en

Max time kernel

211s

Max time network

212s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\md_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\md_auto_file C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\ݰ򾼀耀\ = "md_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\md_auto_file\shell\open C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\.md C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\md_auto_file\shell\edit\command C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\md_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\md_auto_file\shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\md_auto_file\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\.md\ = "md_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\ݰ򾼀耀 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\md_auto_file\shell\edit C:\Windows\system32\OpenWith.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe N/A
N/A N/A C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe N/A
N/A N/A C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe N/A
N/A N/A C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe N/A
N/A N/A C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe N/A
N/A N/A C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3496 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3496 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/fG4XRZNmgT6b

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa93e46f8,0x7fffa93e4708,0x7fffa93e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2f8 0x384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6780 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Redline_Stealer_2024\" -ad -an -ai#7zMap17113:102:7zEvent12543

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe

"C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe"

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11236 /prefetch:1

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe

"C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe"

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\" -ad -an -ai#7zMap26603:186:7zEvent25577

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe

"C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe"

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7032 /prefetch:2

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe

"C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe"

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11944 /prefetch:1

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\README.md

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\README.md

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11848 /prefetch:1

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe

"C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe"

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 file.io udp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 www.file.io udp
NL 18.239.94.44:443 www.file.io tcp
US 8.8.8.8:53 24.107.55.45.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 17.192.122.92.in-addr.arpa udp
US 8.8.8.8:53 44.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 hb.vntsm.com udp
US 151.101.3.42:443 hb.vntsm.com tcp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 151.101.3.42:443 hb.vntsm.com tcp
US 8.8.8.8:53 hb.vntsm.io udp
US 104.22.46.142:443 hb.vntsm.io tcp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 ad-delivery.net udp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 142.251.173.157:443 stats.g.doubleclick.net tcp
GB 172.217.169.3:443 www.google.co.uk tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 42.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.46.22.104.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.exelator.com udp
US 8.8.8.8:53 cmp.quantcast.com udp
NL 18.65.39.103:443 cdn.exelator.com tcp
NL 18.239.83.25:443 cmp.quantcast.com tcp
NL 18.239.70.203:443 c.amazon-adsystem.com tcp
BE 142.251.173.157:443 stats.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cmp.inmobi.com udp
NL 18.239.36.14:443 cmp.inmobi.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
NL 18.238.243.82:443 config.aps.amazon-adsystem.com tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
NL 63.215.202.146:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 104.86.111.153:80 apps.identrust.com tcp
US 8.8.8.8:53 api.cmp.inmobi.com udp
US 8.8.8.8:53 157.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 103.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 25.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 203.70.239.18.in-addr.arpa udp
US 8.8.8.8:53 14.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 82.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 110.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 230.175.78.104.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
DE 18.159.154.206:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 a.ad.gt udp
US 104.22.4.69:443 a.ad.gt tcp
US 8.8.8.8:53 146.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 206.154.159.18.in-addr.arpa udp
US 8.8.8.8:53 153.111.86.104.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 p.ad.gt udp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 172.67.23.234:443 ids.ad.gt tcp
US 52.223.40.198:443 match.adsrvr.org tcp
DE 37.252.171.85:443 secure.adnxs.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
US 172.67.23.234:443 ids.ad.gt tcp
US 172.67.23.234:443 ids.ad.gt tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
GB 142.250.180.2:443 cm.g.doubleclick.net tcp
NL 213.19.162.80:443 token.rubiconproject.com tcp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 p.cpx.to udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 secure.quantserve.com udp
GB 142.250.180.2:443 cm.g.doubleclick.net udp
US 104.22.4.69:443 ids.ad.gt tcp
US 172.67.23.234:443 ids.ad.gt tcp
US 34.98.64.218:443 u.openx.net tcp
IE 52.30.187.129:443 p.cpx.to tcp
US 8.8.8.8:53 id5-sync.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
DE 91.228.74.244:443 secure.quantserve.com tcp
US 8.8.8.8:53 cadmus.script.ac udp
DE 162.19.138.119:443 id5-sync.com tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 pixels.ad.gt udp
US 104.22.4.69:443 pixels.ad.gt tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 104.22.4.69:443 pixels.ad.gt tcp
US 8.8.8.8:53 rules.quantcount.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 85.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 129.187.30.52.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 119.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.edkt.io udp
US 8.8.8.8:53 script.4dex.io udp
IE 52.51.84.81:443 track.venatusmedia.com tcp
NL 18.239.68.199:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 apex.go.sonobi.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 34.120.111.33:443 cdn.edkt.io tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 s.cpx.to udp
DE 54.93.61.164:443 btlr.sharethrough.com tcp
DE 54.93.61.164:443 btlr.sharethrough.com tcp
DE 54.93.61.164:443 btlr.sharethrough.com tcp
DE 54.93.61.164:443 btlr.sharethrough.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 81.17.55.161:443 prg.smartadserver.com tcp
NL 81.17.55.161:443 prg.smartadserver.com tcp
US 172.64.144.78:443 elb.the-ozone-project.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
IE 108.128.16.222:443 s.cpx.to tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
IE 67.220.226.238:443 aax-eu.amazon-adsystem.com tcp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 i.clean.gg udp
US 8.8.8.8:53 api.edkt.io udp
US 34.95.69.49:443 i.clean.gg tcp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 onsite-tag-logs.apps.nielsen.com udp
US 34.120.111.33:443 api.edkt.io tcp
US 34.193.107.217:443 onsite-tag-logs.apps.nielsen.com tcp
US 8.8.8.8:53 adde2049637631f989c82c404d61f240.safeframe.googlesyndication.com udp
US 8.8.8.8:53 tg1.aniview.com udp
US 34.120.111.33:443 api.edkt.io udp
GB 142.250.187.193:443 adde2049637631f989c82c404d61f240.safeframe.googlesyndication.com tcp
GB 2.23.161.247:443 tg1.aniview.com tcp
US 34.95.69.49:443 i.clean.gg udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 feed.avplayer.com udp
US 8.8.8.8:53 player.avplayer.com udp
US 8.8.8.8:53 track4.aniview.com udp
US 96.46.186.186:443 track4.aniview.com tcp
GB 104.86.110.33:443 player.avplayer.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 92.122.154.104:443 feed.avplayer.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 199.68.239.18.in-addr.arpa udp
US 8.8.8.8:53 81.84.51.52.in-addr.arpa udp
US 8.8.8.8:53 33.111.120.34.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 78.144.64.172.in-addr.arpa udp
US 8.8.8.8:53 164.61.93.54.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 222.16.128.108.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 238.226.220.67.in-addr.arpa udp
US 8.8.8.8:53 8.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 217.107.193.34.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 247.161.23.2.in-addr.arpa udp
NL 18.239.50.73:443 rules.quantcount.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.213.2:443 googleads.g.doubleclick.net tcp
GB 216.58.213.2:443 googleads.g.doubleclick.net tcp
GB 216.58.213.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 bid.g.doubleclick.net udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
BE 64.233.184.155:443 bid.g.doubleclick.net tcp
US 8.8.8.8:53 pixel.quantserve.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 st.pubmatic.com udp
NL 185.64.189.221:443 st.pubmatic.com tcp
NL 185.64.189.221:443 st.pubmatic.com tcp
GB 2.23.160.192:443 ads.pubmatic.com tcp
GB 216.58.213.2:443 googleads.g.doubleclick.net udp
GB 104.86.110.33:443 player.avplayer.com tcp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 play.aniview.com udp
GB 104.86.110.16:443 player.aniview.com tcp
US 8.8.8.8:53 simage4.pubmatic.com udp
NL 198.47.127.20:443 simage4.pubmatic.com tcp
US 8.8.8.8:53 content1.avplayer.com udp
GB 2.23.161.247:443 play.aniview.com tcp
US 8.8.8.8:53 33.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 104.154.122.92.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 186.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 73.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 155.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 221.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 192.160.23.2.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 16.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 go1.aniview.com udp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 20.127.47.198.in-addr.arpa udp
US 173.0.146.6:443 go1.aniview.com tcp
US 8.8.8.8:53 gum.criteo.com udp
US 173.0.146.6:443 go1.aniview.com tcp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 34.120.133.55:443 api.rlcdn.com tcp
US 50.31.142.31:443 b1sync.zemanta.com tcp
US 74.121.140.211:443 sync.mathtag.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
IE 52.30.158.183:443 pr-bh.ybp.yahoo.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 54.167.157.124:443 sync.srv.stackadapt.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 6.146.0.173.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
NL 147.75.84.158:443 sync.a-mo.net tcp
DE 52.28.202.33:443 match.sharethrough.com tcp
US 8.8.8.8:53 d.turn.com udp
US 8.8.8.8:53 dnacdn.net udp
DE 52.28.202.33:443 match.sharethrough.com tcp
NL 46.228.164.13:443 d.turn.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
NL 46.228.164.13:443 d.turn.com tcp
FR 5.135.209.101:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 ap.lijit.com udp
FR 154.54.250.151:443 ads.stickyadstv.com tcp
FR 154.54.250.151:443 ads.stickyadstv.com tcp
IE 54.220.219.135:443 ap.lijit.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 ssp.disqus.com udp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 cs.krushmedia.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 34.98.64.218:443 u.openx.net udp
GB 104.86.110.16:443 content1.avplayer.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 sync.aniview.com udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 3.223.82.67:443 ssp.disqus.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 96.46.186.182:443 sync.aniview.com tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
FR 178.32.197.57:443 rtb-csync.smartadserver.com tcp
NL 35.214.154.81:443 csync.loopme.me tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
US 8.8.8.8:53 s2s.aniview.com udp
DE 51.89.9.253:443 onetag-sys.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
NL 35.214.154.81:443 csync.loopme.me tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
FR 178.32.197.57:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 optimized-by.rubiconproject.com udp
GB 104.86.110.16:443 content1.avplayer.com tcp
GB 104.86.110.16:443 content1.avplayer.com tcp
US 96.46.186.176:443 s2s.aniview.com tcp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 183.158.30.52.in-addr.arpa udp
US 8.8.8.8:53 211.140.121.74.in-addr.arpa udp
US 8.8.8.8:53 124.157.167.54.in-addr.arpa udp
US 8.8.8.8:53 31.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 33.202.28.52.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 67.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 101.209.135.5.in-addr.arpa udp
US 8.8.8.8:53 151.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 135.219.220.54.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
DE 3.77.105.153:443 optimized-by.rubiconproject.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 assets.a-mo.net udp
US 104.19.158.19:443 assets.a-mo.net tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
GB 92.123.242.2:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 targeting.unrulymedia.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 public.servenobid.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
NL 18.65.39.39:443 public.servenobid.com tcp
US 67.202.105.21:443 ssc-cms.33across.com tcp
DE 51.89.9.253:443 onetag-sys.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
DE 3.122.34.216:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 67.82.223.3.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 81.154.214.35.in-addr.arpa udp
US 8.8.8.8:53 93.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 57.197.32.178.in-addr.arpa udp
US 8.8.8.8:53 253.9.89.51.in-addr.arpa udp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 8.8.8.8:53 134.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 153.105.77.3.in-addr.arpa udp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 176.186.46.96.in-addr.arpa udp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 2.242.123.92.in-addr.arpa udp
US 8.8.8.8:53 115.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 39.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 imasdk.googleapis.com udp
GB 216.58.204.74:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 80.77.87.166:443 cs.admanmedia.com tcp
NL 35.214.154.81:443 csync.loopme.me tcp
US 50.31.142.31:443 b1sync.zemanta.com tcp
GB 92.123.242.2:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 18.239.50.45:443 api-2-0.spot.im tcp
IE 34.247.172.184:443 match.prod.bidr.io tcp
US 8.8.8.8:53 bttrack.com udp
US 35.173.144.25:443 cs-server-s2s.yellowblue.io tcp
IE 52.30.71.64:443 jadserve.postrelease.com tcp
US 192.132.33.68:443 bttrack.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 50.31.142.31:443 b1sync.zemanta.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 ow.pubmatic.com udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
US 50.31.142.31:443 b1sync.zemanta.com tcp
GB 185.64.190.84:443 ow.pubmatic.com tcp
DE 79.127.216.47:443 id.a-mx.com tcp
DE 79.127.216.47:443 id.a-mx.com tcp
NL 213.19.162.71:443 prebid-server.rubiconproject.com tcp
GB 216.58.204.74:443 imasdk.googleapis.com udp
DE 79.127.216.47:443 id.a-mx.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
GB 216.58.201.102:443 s0.2mdn.net tcp
US 8.8.8.8:53 track1.avplayer.com udp
US 8.8.8.8:53 216.34.122.3.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 45.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 184.172.247.34.in-addr.arpa udp
US 8.8.8.8:53 64.71.30.52.in-addr.arpa udp
US 8.8.8.8:53 25.144.173.35.in-addr.arpa udp
US 8.8.8.8:53 166.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 84.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 71.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 96.46.186.15:443 track1.avplayer.com tcp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
GB 142.250.187.226:443 pubads.g.doubleclick.net tcp
GB 142.250.187.226:443 pubads.g.doubleclick.net tcp
GB 142.250.187.226:443 pubads.g.doubleclick.net tcp
GB 142.250.187.226:443 pubads.g.doubleclick.net tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 52.46.151.131:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 rtb.openx.net udp
US 35.227.252.103:443 rtb.openx.net tcp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 15.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 131.151.46.52.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 c3.a-mo.net udp
US 35.227.252.103:443 rtb.openx.net udp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 tr.blismedia.com udp
DE 79.127.216.47:443 c3.a-mo.net tcp
US 104.18.24.173:443 a.tribalfusion.com tcp
US 34.96.105.8:443 tr.blismedia.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 g2.gumgum.com udp
OM 142.250.201.131:443 csi.gstatic.com tcp
OM 142.250.201.131:443 csi.gstatic.com tcp
IE 52.48.157.114:443 g2.gumgum.com tcp
OM 142.250.201.131:443 csi.gstatic.com tcp
OM 142.250.201.131:443 csi.gstatic.com tcp
GB 142.250.187.226:443 pubads.g.doubleclick.net udp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 8.8.8.8:53 ssp-sync.criteo.com udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 8.8.8.8:53 173.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 8.105.96.34.in-addr.arpa udp
US 8.8.8.8:53 114.157.48.52.in-addr.arpa udp
US 8.8.8.8:53 131.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 7.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 s.tribalfusion.com udp
US 8.8.8.8:53 cs-rtb.minutemedia-prebid.com udp
NL 18.239.18.44:443 cs-rtb.minutemedia-prebid.com tcp
OM 142.250.201.131:443 csi.gstatic.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 sync.adkernel.com udp
US 8.8.8.8:53 44.18.239.18.in-addr.arpa udp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 8.8.8.8:53 cdn.dxkulture.com udp
US 172.64.145.29:443 cdn.dxkulture.com tcp
US 8.8.8.8:53 ce.lijit.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 hbx.media.net udp
US 8.8.8.8:53 ads.servenobid.com udp
IE 54.77.214.103:443 ce.lijit.com tcp
IE 54.228.145.228:443 ads.servenobid.com tcp
GB 2.23.160.20:443 hbx.media.net tcp
IE 54.228.145.228:443 ads.servenobid.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
IE 54.228.145.228:443 ads.servenobid.com tcp
IE 54.228.145.228:443 ads.servenobid.com tcp
BE 64.233.184.155:443 bid.g.doubleclick.net udp
US 8.8.8.8:53 72.57.245.77.in-addr.arpa udp
US 8.8.8.8:53 29.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 20.160.23.2.in-addr.arpa udp
US 8.8.8.8:53 103.214.77.54.in-addr.arpa udp
US 8.8.8.8:53 228.145.228.54.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 pixel-us-east.rubiconproject.com udp
US 8.43.72.97:443 pixel-us-east.rubiconproject.com tcp
US 8.8.8.8:53 cm.adform.net udp
DK 37.157.6.232:443 cm.adform.net tcp
US 8.8.8.8:53 id.rtb.mx udp
DE 79.127.216.47:443 id.rtb.mx tcp
US 8.8.8.8:53 a.audrte.com udp
US 8.8.8.8:53 sync.adotmob.com udp
FR 45.137.176.88:443 sync.adotmob.com tcp
IE 18.200.218.222:443 a.audrte.com tcp
US 8.8.8.8:53 ads.dxkulture.com udp
US 8.8.8.8:53 wt.rqtrk.eu udp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
DE 57.129.18.121:443 wt.rqtrk.eu tcp
US 8.8.8.8:53 um4.eqads.com udp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 c1.adform.net udp
US 54.235.94.252:443 um4.eqads.com tcp
DK 37.157.3.20:443 c1.adform.net tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 8.8.8.8:53 tg.socdm.com udp
JP 124.146.153.160:443 tg.socdm.com tcp
US 8.8.8.8:53 97.72.43.8.in-addr.arpa udp
US 8.8.8.8:53 232.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 222.218.200.18.in-addr.arpa udp
US 8.8.8.8:53 88.176.137.45.in-addr.arpa udp
US 8.8.8.8:53 121.18.129.57.in-addr.arpa udp
US 8.8.8.8:53 71.126.55.45.in-addr.arpa udp
US 8.8.8.8:53 252.94.235.54.in-addr.arpa udp
US 8.8.8.8:53 20.3.157.37.in-addr.arpa udp
JP 124.146.153.160:443 tg.socdm.com tcp
US 54.167.157.124:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 match.deepintent.com udp
US 8.8.8.8:53 sync.ipredictive.com udp
US 8.8.8.8:53 ads.us.e-planning.net udp
US 54.159.250.203:443 sync.ipredictive.com tcp
US 169.197.150.8:443 match.deepintent.com tcp
NL 193.3.178.4:443 ads.us.e-planning.net tcp
US 8.8.8.8:53 rtb.gumgum.com udp
US 8.8.8.8:53 usersync.gumgum.com udp
NL 77.245.57.72:443 sync.adkernel.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 8.8.8.8:53 160.153.146.124.in-addr.arpa udp
US 8.8.8.8:53 4.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 203.250.159.54.in-addr.arpa udp
US 8.8.8.8:53 8.150.197.169.in-addr.arpa udp
US 8.8.8.8:53 198.233.247.34.in-addr.arpa udp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 rubicon-match.dotomi.com udp
NL 63.215.202.137:443 rubicon-match.dotomi.com tcp
US 8.8.8.8:53 137.202.215.63.in-addr.arpa udp
FR 178.32.197.57:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 www.file.io udp
US 52.111.229.19:443 tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
DE 37.252.171.149:443 ib.adnxs.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 8.8.8.8:53 149.171.252.37.in-addr.arpa udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 154.141.79.40.in-addr.arpa udp
US 8.8.8.8:53 targeting.unrulymedia.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 tlx.3lift.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 ib.adnxs.com udp
NL 147.75.84.158:443 prebid.a-mo.net tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
NL 185.89.210.90:443 ib.adnxs.com tcp
FR 149.202.238.97:443 prg.smartadserver.com tcp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 90.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 8.8.8.8:53 97.238.202.149.in-addr.arpa udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 216.58.213.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 st.pubmatic.com udp
US 8.8.8.8:53 bid.g.doubleclick.net udp
BE 64.233.184.156:443 bid.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ibb.co udp
US 8.8.8.8:53 156.184.233.64.in-addr.arpa udp
FR 162.19.58.160:443 i.ibb.co tcp
FR 162.19.58.160:443 i.ibb.co tcp
US 8.8.8.8:53 track.venatusmedia.com udp
IE 52.18.58.124:443 track.venatusmedia.com tcp
US 8.8.8.8:53 simgbb.com udp
US 104.21.4.104:443 simgbb.com tcp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 160.58.19.162.in-addr.arpa udp
US 8.8.8.8:53 104.4.21.104.in-addr.arpa udp
US 8.8.8.8:53 124.58.18.52.in-addr.arpa udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
DE 18.159.169.71:443 btlr.sharethrough.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 71.169.159.18.in-addr.arpa udp
US 8.8.8.8:53 ib.3lift.com udp
NL 18.238.243.80:443 ib.3lift.com tcp
US 8.8.8.8:53 ads.eu.criteo.com udp
US 8.8.8.8:53 80.243.238.18.in-addr.arpa udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 widget.nl3.eu.criteo.com udp
US 8.8.8.8:53 csm.eu.criteo.net udp
US 8.8.8.8:53 cat.nl3.eu.criteo.com udp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.9:443 widget.nl3.eu.criteo.com tcp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 17.1.250.178.in-addr.arpa udp
GB 216.58.201.102:443 s0.2mdn.net udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 6.1.250.178.in-addr.arpa udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 www.file.io udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 279e783b0129b64a8529800a88fbf1ee
SHA1 204c62ec8cef8467e5729cad52adae293178744f
SHA256 3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932
SHA512 32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

\??\pipe\LOCAL\crashpad_3496_PWVHWZUJHWZKMNWC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 cbec32729772aa6c576e97df4fef48f5
SHA1 6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba
SHA256 d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e
SHA512 425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\be2864e1-1e7d-4a3d-a338-242c8367a430.tmp

MD5 9ff789d14d64b50bd0de69f7109706ce
SHA1 72aef9d1abbc7b29a9dee88a9119a4c817fe71ab
SHA256 2958ab916e2826a258506dde98cde5a514d66d69feead919f987cb66a2dbedd1
SHA512 2f4d94ca67c6cf080d13c540f88d2e041b95388a072be4923d43c5054b030fac81a59cd421228b491d93436cc056e405358e1e9ec9b18a3c99106c16de65836c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 021a1bca80f1419ccc165dc9c66fb9d7
SHA1 824e135d7d62412f1711bd054b9de1d14000eeff
SHA256 ad7a74600ce83af0ce07cc333a8c4ddd6938ca1e6be3705dd59957d8bff5b14b
SHA512 2e53fc9dd45dba0600373261d3b2851d1072f34a532bfd1ab6011d3a77fe33569159fe26d29ef11a79774f18ca41cc1f4548c19a649ae11e477e0a676ebfa443

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fd9d3012-4f57-48e2-8cd7-678b19a74f5a.tmp

MD5 e2bb5de8bf5af65b9bb5ba080ad4ed3d
SHA1 fa6372930e897cbd301ab49a7e3ded3657af96e7
SHA256 4d5ed83fd44659c17c938539a5605a13d307682cfaa0c9d17b1a2304aaf41b97
SHA512 8bfa77c3c5edb4a257c3d9e2845aadd9fb46132e5cc2287c31f25aef3aeb2654b20943b85f525aba701590bd945caba58ffaea8ac94266a7998fd784341d5e70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1f3a9570adc6bd9a312e2d92567c4219
SHA1 6bb2e508e498933aeeee294fa84e2eb3b97dc3ec
SHA256 69485b96905d5177dafb938880b5f6650c0f36003fc60b9371a670f7fd37abb1
SHA512 747103d18a9e0ea652d36fc2a5baf323c5f10907b2a40f56db15ca0e5cf426422c080d843e6b5e0c25fe17f091ac7012cdf5fefb59bac0802fd649b1e589b592

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_sync.a-mo.net_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 f956edde726a7fcfeb3719374e05ae21
SHA1 2621a5d035cdf56c2e762cdddcd7ba4147afb46e
SHA256 189fe4b4e8fe5d24df4abded9d160251dec0dc80046ea08edec3d716c0f094e0
SHA512 4dbb6f109f4b5aaca90fd9d898ebea16124065822c7e451ee47ab0f62f18427427817fca5ecc5feb394c3697d3b21ad66dbc4765d69cda227d9f233fbcb8ad14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa7b0e0f206f7c05911f236e52f1864d
SHA1 0cbd40ed36495b6fec8a0ef22e59b68a38ba8058
SHA256 72fe595688cc49ec14e3ac289e4dba2adf93c7d6ee729d0bb013da1e8388bc84
SHA512 c5b51d98f71bf245f5968b7888be0cbe93e98106b2c664a1e8852bb10ea18c282f03a2b9fd5e12fc702d4ad4890da8a95ab0a9bde69dc72de02e063bdc505114

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 95930f5ff6c44ba301a5b16ba6281957
SHA1 81d2f21a0db9f3ef72f79a00f5e6255f4722e76a
SHA256 ac47bb6fe4d5ddc64e71e361f865235aeaaa9b4e7c98ed4436993b973f29d080
SHA512 de275b8a5afe9dad0696909dc91d5a7298d168eeaa8ecb900e210aa562970ea7fa3e6ecbb6829a36ed1e7a4776efc496e84291a4bde31036b6b6aea96bac6307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe577b98.TMP

MD5 53ad9c7610664857d0c2bc1ac31fa633
SHA1 15bc1b5f4f53f7fcda03389617d4e6a7c3d6a406
SHA256 655c925612c5425272f7e59b6da43a4fb926f3b7bf3c6d2c9d1b7b8a97d0ef1d
SHA512 b4113a7ad52635b6ef6e2005d49b86a762a7a5b551f937d4556142823c6518795deb0cdf493385b2b3f011750af13ac78feffdfaad5dec1d140e5fc2677ce77c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f99ae499d1e1a96b76f365f8155aa9bf
SHA1 be73b3386c3c188d410effd866db315745fa33eb
SHA256 268718489ebfb6d83b2bafc0d0fec957757381e6393a13aeafb6571dd9ae1013
SHA512 1725544e5b31fca62014b87b93332bf7e7ee6c47d67793a5ac615929d7798ca245d25e2d26618a43da6c77a4bcfb3ffac1c96f48102f49b18d20a842b87a1e70

C:\Users\Admin\Downloads\Unconfirmed 875193.crdownload

MD5 374113d902b966da0bf173de3888ed94
SHA1 a0bb16983023daf8994f6994810c84369c8c0ede
SHA256 5a4d17bb2af1f1dd256931363684da48ad796aec595066996041b99a82af8aad
SHA512 0fcdeeaedf415a03114073ed4f69980d9633f3273b50f40fbc2c2dea1f03b2ef0221ba52078ee06dc513e0802a074c9b33fa875ca37733386ee0d09875112500

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d3dafe66cd809631b3bb42f5864b0de8
SHA1 0a3436d95bc3d62e0ed04d9a301fbae6dea9baa1
SHA256 27fee71ad1fded77a4e040c3935ade4f8096c0ae3c49f7c1693e068172e42d0f
SHA512 1f61346c4a669df24484a897888b5fdbad52974e5dfdaf0866c9bf70facaa696709d06b0af14d6fd9589d099b673dbf80c70ab3d63aaac2d6d2d4660d601d872

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 68908455481312a3e11c1c124beae026
SHA1 c218321ee0add170cc0ea4047104258922a6484e
SHA256 ca367b4c8357ae11d415de3773b556d8f28f3c949539c6147360debab073d47d
SHA512 13fa46c7f31299f0b17e3cb36f08ca061ad8f98e9fab990718236d738ea94d38189a0f739b75dd36f2eb44ef9471be265f5aa7db39fc8ebd4c46874a7777ee51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5e42077b85df235_0

MD5 51a81fac6bd5a2e3a91e62b6969f6e76
SHA1 09ab4a8d192be268f6ccbe56ef64adeb4aa34e5e
SHA256 85c92ce5f430907b465a5b25d7288f39f69b9215d4b823939a828b65f5adce30
SHA512 9f3cb8ab74fffb78f979379befef68f3bf148552b3932ac245c8be0c2c6b7bd397aaf5be6aecd1dfb0b7f893a0bab150030ddc0c2a0762c3e3d271af77fb6e4c

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe

MD5 bb84cc2853596d21a318576c4995fcce
SHA1 477a224d5b4e398b34a978ac19def1cbafb211d3
SHA256 6135bdbcfd9f824b3da0bef2ba73018a998967e20c5d0274c6a1c0433649b017
SHA512 aa32be3d91bf6e2c8fed0d0e0407723466b477ab0d27c5d3cd705ac73365ab4c56de4f16d4786ee586e750d6835eba09775dbf5a93b0da0eaea4326f2fc2bd5c

memory/7000-489-0x0000000000740000-0x00000000007AD000-memory.dmp

memory/7000-491-0x0000000003AE0000-0x0000000003EE0000-memory.dmp

memory/7000-492-0x0000000003AE0000-0x0000000003EE0000-memory.dmp

memory/7000-493-0x0000000003AE0000-0x0000000003EE0000-memory.dmp

memory/7000-494-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

memory/7000-495-0x0000000003AE0000-0x0000000003EE0000-memory.dmp

memory/7000-497-0x00000000762A0000-0x00000000764B5000-memory.dmp

memory/5204-498-0x00000000009E0000-0x00000000009E9000-memory.dmp

memory/7000-499-0x0000000000740000-0x00000000007AD000-memory.dmp

memory/5204-502-0x0000000002820000-0x0000000002C20000-memory.dmp

memory/5204-501-0x0000000002820000-0x0000000002C20000-memory.dmp

memory/5204-503-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

memory/5204-505-0x0000000002820000-0x0000000002C20000-memory.dmp

memory/5204-506-0x00000000762A0000-0x00000000764B5000-memory.dmp

memory/5204-516-0x0000000002820000-0x0000000002C20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b641f1ff6fbfa8c5f4d6b0281c240729
SHA1 c138bf4feaca31fff0070a0d2f02e793552c6985
SHA256 29421fe501c4ae5db41290b2c7f73196ffb6cf5918fa59e7aac6051736128ca5
SHA512 e35521c815ab5a7a8959ede55eb0494e8334081643718de7a8f516548b7a0808624903714eab0f1ef392ab7e767c9c13f45d7d1c79ae352399c8a80686d68277

memory/8104-560-0x0000000000740000-0x00000000007AD000-memory.dmp

memory/8104-562-0x00000000037D0000-0x0000000003BD0000-memory.dmp

memory/8104-563-0x00000000037D0000-0x0000000003BD0000-memory.dmp

memory/8104-564-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

memory/8104-566-0x00000000037D0000-0x0000000003BD0000-memory.dmp

memory/8104-567-0x00000000762A0000-0x00000000764B5000-memory.dmp

memory/8072-570-0x0000000002DD0000-0x00000000031D0000-memory.dmp

memory/8072-571-0x0000000002DD0000-0x00000000031D0000-memory.dmp

memory/8072-573-0x0000000002DD0000-0x00000000031D0000-memory.dmp

memory/8072-572-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

memory/8072-575-0x00000000762A0000-0x00000000764B5000-memory.dmp

memory/8072-576-0x0000000002DD0000-0x00000000031D0000-memory.dmp

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024.rar

MD5 62965351557e481381b2874e4140ac00
SHA1 8d7d377718cefd5e6796136ce538be95d2c45213
SHA256 4683a889198c3d4dcf0aa42d88726fb30f5b45664f5533ba2601aeaac4280d76
SHA512 fb1c7b30a0771fb6e3c03be91bfc9125d717d85f1d874690fcaa780f5c3922038a7ba8c6da1bec4d7f2a5757fe24c1c55b095bb100a1a80eefe3014db385e61f

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\Ellipse 1.svg

MD5 c182441c2c012643033f88cc3ffe59b1
SHA1 61e88c80171f35de39b622f0ead21cea34a9443e
SHA256 d2c99dcbf2f2eb53e0ea0b79a8e3db468c6e4e6ca8ded7648273f681405a7773
SHA512 77b1169c1d1687eebb51946174cdc09acf35dc6ac8530cc3e2195376c831cdcea4a86d4cb3fcab2b3ee2a9481a1f166f74c23778d49badeacf9f26589913c130

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\+.svg

MD5 334944216f18531e42e093ca38ad9b13
SHA1 a5f54675a109e5ffbbc31fc1fdbfefef7fffa244
SHA256 a26bd6457a8594602ee825ef832c415e71fb95c0e0e661b8e9302f86a6053f9e
SHA512 6c2e5cdc4ba42160510193b88f392bb31e4f9da25835f4df3b3d0b2e7837b6c7699ff68be53a0b3cb1a9ad972450f27fc11aea85b5b7d80d5ef48eb555075161

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\$.svg

MD5 135df615d918ac90b94f054420bda173
SHA1 024bbcf9bd26ade55d17ca34adfdab4fea576b08
SHA256 e795421b518c7e34fd255d0f1f147b5a53a5f5e349d7bdd5fec72a97d9e2a2a9
SHA512 aea8bb9139974f572e020f7adb6a2023996787d702fde9ffa565695ddb22bcce960ffd554ab86a383b952e4567ccc97d3d45e6a69cc0e5fe6b5240aa7db739a7

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\index.html

MD5 7f2ecdbcb581b2ed6da4d8d3156b2558
SHA1 4dbe1386aea5d0f1644db64eff3f5f6b05e8ade7
SHA256 87635864b24fd38a1fce814301b4ebef9addc96caca2c0783f8a74412d8071ea
SHA512 a7a33a20693a05ac90d2400383926f567bb865ce9e61d765ef7ca0f6ffa99c9f5bde11282a86e5632058cda5c0d35d5ea899ac391b3e4dd0734df0fe26ed4ed0

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\ds.html

MD5 76f09673ac96b4cbdc1a4271f6d3c44d
SHA1 ff366b0029b3725e720c7dcfd0872c5cac2b9e68
SHA256 1def6bdec3073990955e917f1da2339f1c18095d31cc12452b40da0bd8afd431
SHA512 dcd2d5003645a1e1363083abf9f171947c762254b272d937bdaeae58cedb56e54fed8ee37454b6cc028b50c1d3b3873c08372613d0dad259c2b5d31223f791a0

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\commands.html

MD5 b471f17f6058643084420cf1beeda806
SHA1 540751cae241a1b2b25d4dd78f7d1f52967ca8d2
SHA256 e9cf3e7d2826fa488e7803d0d19240a23f93a7f007d66377beb1849c5d51c0af
SHA512 8630f6843d626426d1a00379d4da44d31998009699b9994c817401604a8752306d1e6002d51425e108f26c594ee43029806c85f6c5d2bed398f6f3407e6027a4

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\bot.html

MD5 f2ac5f00e667230fde09c37f8c462e2f
SHA1 04822b4470beaff59ddd9820b19c3581f77e6b0c
SHA256 8b1abbb51594b6f1d4e4681204ed97371bd3d60f093e38b80b8035058116ef1d
SHA512 2a80e943662830b4a66e75d86cbdda61e47e1c2a1fd9a0a42f4c79cd0e5e7c2bdf54d3569afed512bb40b506ec29bb2595c49c87102e820c615f339790c2b4a8

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\js\main.js

MD5 69f8e1d04cb2292ec4ed3c40a8a77ff8
SHA1 cfa03dada1e766aa41846d868c6467c41ad86254
SHA256 abb591fb5c5c3a2a38cbf68fe7db4cfbca01bf5bfcfbf5ae13c999ca1290f740
SHA512 3e467a7c06d15b317d00526c21d04c33fc0f94aba7796560a27e77b6295127ed5693f8d7efee02a6240ceef0fe138df667b8bfd2339b1dfa0f0159d492034df4

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\js\app.min.js

MD5 5ed5f8af5f246a29820fb875f563507f
SHA1 ac0523ff2dc729f5d8af346359f96dd9ed5255f2
SHA256 16691c1cebb95b2e0af0a8061cd8f0545dced6dc1191aa5b4b9c4619417cf3cc
SHA512 db8280aa102985897e3ef3c55b4378f79bb8b78d6f83d298820d9198974d73e8d92b5b288f1f29f34048773f7a71f7b14cf6fae43939bec65564943e592556ce

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\css\style.min.css

MD5 0da556c97b3f6123e9c38c903b008937
SHA1 f5fd89b13a821f26f3b8a425b059763f6bee5d18
SHA256 433eadf3ef0a5ad43286d61239823d888eaef8b3344128420ecc555582741b96
SHA512 9ea47fbaf0909107103e96185ac56e832f61aeca59f0dcbf87c721323f1f63386e87fe56c39dd36ab22938feba136414a87dfbc7d5be58211d31ebabbeeaea83

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\css\style.css

MD5 b9beffe41a5c1e12b6250de643bc650c
SHA1 da3c6cd9a23226721c02e5615c035b6fd2277d36
SHA256 5bc0353980c4e51bda07dbfe8c6c8ed7bc861a9440069c8641376ac12f64bb41
SHA512 e830b22bc7f198e5b392159db3fd77e903f3d74e970db5125e993fd2b12e47959a0f943530ff2520dfa2251d34356b8c4d912252bf1c4c23f6514d942e9ce85d

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\Vector (5).svg

MD5 67604cd1e62596eebdd8c928b647c3bc
SHA1 6b4656a9cf4bd72afefbdadb6bd94a7d2876289e
SHA256 c3bfe41c20a0313d18d0d970399795e8c251562c42c2077574d8ea0d2ffcc37c
SHA512 3d50064d17399199a40f8853e4290afe156b34329379f99a2dc5de41c8f5fcf9629965ae3314681ac82dd582d4dc9e8ebd2214d195a87bbdd06ac45d4293bef6

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\Rectangle275.png

MD5 a5101651691600b8e93e9e51db5aa965
SHA1 c67a17131b1db8a34fccc0e8bcdf3c285d6a926b
SHA256 74d178b90870be5a8f3be42ab91e518daf89b7ea1f0223587670f164ad8e4b48
SHA512 b9904a25a313963bee367c027418e8680ebde72e56e0f490c57d52374a1ac6ee3d26aff15d50a2689514d80cdc474600d28f95dbc65c5d61a5dd7a574b4c42cb

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\man.svg

MD5 ce734cc5bd315d37831043ec4a9fcafe
SHA1 181455ae69f9136af65f8cfce538eaaf21f37115
SHA256 7fbeb61fb27b0170b05fec45d6b678cc85b9e205b6530324078e1bd4cd20cd2e
SHA512 21d563622855b90120a87c3a43e4cbeea28382d2641a6f3ccbf532acfb8a79eee2a4933230b7017f4399f71f0fea11dd6b4f74a301ab1096ca1cecf52fbf0c0b

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\image 2.png

MD5 7b9226c81d8a8f293418c963476a70f6
SHA1 ee9cd44aa608dbed85043a3093115981edb8b15c
SHA256 da46b8fd282ced802fe959f3556c11a743f9dc5e0f97abfbc380d18c91f08025
SHA512 4a0168dae4db53256514259cc40970f807fed5e23fad98721e86d971aafb1552cc8ed752cb813a287e30052734c6ec7600aa76a8fec14b8aa1ac61b6b2522781

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\Group.svg

MD5 ab22847b1d23ecae23fbdb7b389a1eef
SHA1 9c1aa82f8f7d56a18ecdcbe27d4be6be8f1c4267
SHA256 494c090e8b31f507d6511e8d6f5ad20bae635c29fb2b669cb658ec8ba3e92173
SHA512 4598cef4c7b3fa235eab36a331d475b1e123b0a1641c7cc9812e1b4d890adf2670fd3b781d10ee9c8d2f8feb85dd97b188b3d765c00409ad65bd69b3b5405754

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\gear (1) 4.svg

MD5 d5b4c49f7772d358dc7bd8796cef2fb2
SHA1 a2d59d01fda76355c0abd58dabfc6aeceb634019
SHA256 df11ff4584c426cadf0e9eb8bc5a87898a2b4494cf836e372ddda8e42516a39c
SHA512 83c982b8990cdf3bb367d4b558ac73407ee35952635655c1e9626bf17edb53275562362de54211eac9cf8d8cbf30e612298dbed040db6e4fbd7f8bb78480ec9a

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\emoji-heart-eyes 2.svg

MD5 09cdf3768f6198d89aa7836154cacfcf
SHA1 e8f42cd6ce969abbfe636580af9ebda9e4c8b157
SHA256 65ea216efe36abcdc525de68990a4f4c2b64ff28707efc1e387285979988e290
SHA512 aa393d663f5f4b28428786fdc995fb4cfb9e58960083208ac9308a048c0b5d5f46d098634a5f6d69677f77dd91fe5438911c6c071d6db70d5fd82a27e7b23a88

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\emoji-heart-eyes 1.svg

MD5 b9d478ebac55470a3d04f93327413967
SHA1 2e89bba6baae46947068ee886d9a66996705987d
SHA256 1a9c2d52186c0c18e0d9c202381517b484a6b579296ad7630d817269611625be
SHA512 90c7ccfc2359f24529f542dd9cb8f90ce0c5aa1f1217390de97f3809e95cabc66d0e5fe4d49b2368681950694d6dffcda0b9c067456ec5ea040a611cca357b95

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\Ellipse2.svg

MD5 0ad775b72aa74cae0db732655b9ac041
SHA1 4e6b2bf9d7c46bb81934325f37fd2e2ba5bc226a
SHA256 061b3b0ada2cabedb8deaa5fb039dd8850321b8e7ed4a76587a6b3723aa5ea31
SHA512 b0886b68476a08d87adce71eabb254584c8f3119385235ec761d19b9a2ef7cbc2030cffa6e836dbaf00b4fb78e379b992cecec4d974698b43716c858556c1e7e

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\#.svg

MD5 1e04efb419f370f1f5f044488dfd18f0
SHA1 525dc1bc05a5d4ec6976eece428a1b16404d14cb
SHA256 3cc12b5f866301d5344a2d43eb88ffcb343b1636aada9e1ff46fc734286d4656
SHA512 e8e054ce6ffcdc99bbab58f938d3d5c5b23751f1fac91cd2cf04a312fb4c58069d904a332a8ecd66819bcfec0a0f05bf631c85ddd1d4de96e49c8fbc804c8b59

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\statistic.html

MD5 72208f63646db492311708c3d1561516
SHA1 d9997465b824b261cfe5a70ce1aa857e383f0991
SHA256 f1ba92ae32fcaeea8148298f4869aef9bcd4e85781586b69c83a830b213d3d3c
SHA512 67b0186c8c770a66d983f1b8795f7821773e9defb9bb632c2f68af4c7d1b6bf09497026ec244f4f95bfa6be312ce00edfaec904083afcec568891257beb6e298

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\settings.html

MD5 3b88dccfbe45812174b6ca51c3518cb5
SHA1 819c0c37389be53989ca25c3529c1473bebd0d64
SHA256 1b88624936d149ecdea6af9147ff8b2d8423125db511bdf1296401033c08b532
SHA512 ebcd9bf0fff3959299be89ca79d7e73968204e367fb827fd4f71f2818aab8fdb6d23d517ee2a53e5dc775e9d8d579753742c9e784bda2f581542bb1ad1169cf6

C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\rergister.html

MD5 1b11a8aadc72b2b6849c173edd89cab9
SHA1 4a81908f7c2b8a3c1d1f8295753952bd433d54c4
SHA256 d7829f17583b91fb1e8326e1c80c07fc29e0608f1ba836738d2c86df336ea771
SHA512 6c92e567be238b55e1c003f17ff26f0a7f2a623900a3926117c64cb2802473c5ce4c3bcb6e41c6ab7596015f6581c9d1868fd1d40b53423483ca8c4159e2b2b8

memory/3612-1263-0x0000000000A20000-0x0000000000A8D000-memory.dmp

memory/3612-1269-0x0000000003D70000-0x0000000004170000-memory.dmp

memory/3612-1270-0x0000000003D70000-0x0000000004170000-memory.dmp

memory/3612-1271-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

memory/3612-1273-0x0000000003D70000-0x0000000004170000-memory.dmp

memory/3612-1274-0x00000000762A0000-0x00000000764B5000-memory.dmp

memory/3612-1277-0x0000000000A20000-0x0000000000A8D000-memory.dmp

memory/1712-1279-0x0000000002A60000-0x0000000002E60000-memory.dmp

memory/1712-1280-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

memory/1712-1282-0x0000000002A60000-0x0000000002E60000-memory.dmp

memory/1712-1283-0x00000000762A0000-0x00000000764B5000-memory.dmp

memory/1712-1284-0x0000000002A60000-0x0000000002E60000-memory.dmp

memory/7552-1302-0x0000000003900000-0x0000000003D00000-memory.dmp

memory/7552-1303-0x0000000003900000-0x0000000003D00000-memory.dmp

memory/7552-1306-0x0000000003900000-0x0000000003D00000-memory.dmp

memory/7552-1304-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

memory/7552-1307-0x00000000762A0000-0x00000000764B5000-memory.dmp

memory/7232-1311-0x0000000002850000-0x0000000002C50000-memory.dmp

memory/7232-1310-0x0000000002850000-0x0000000002C50000-memory.dmp

memory/7232-1312-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

memory/7232-1313-0x0000000002850000-0x0000000002C50000-memory.dmp

memory/7232-1315-0x00000000762A0000-0x00000000764B5000-memory.dmp

memory/7232-1325-0x0000000002850000-0x0000000002C50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b272dc8163ea1e1978ebec0c1ae8fa7b
SHA1 0785de7aaab1a7377c8553d8d338ee8586bbf97b
SHA256 82be3afc2d582a014aafcc5aaeb6a88943d0378d647987d57b1c2eaffb8c2cad
SHA512 6b9fafadadbbe5e04f5838985e86d879dee3d3bb0528b59a977ca6a825958d829829cc866731dc5a84402f4d4d85d58dd697c4ccd982c94dc7e588d84b48444d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0898b6df65764f78f7dc8e4396c75b83
SHA1 a1fea15664219aac29db7ba979fd2848d9cfca27
SHA256 edb9d021cc1e477f44c8de4c862686d8da2da639a1503d05e4dc1f07fe6b09bd
SHA512 7ee4f18e2811ac80ec9a9b98085b70eff97025278a1f020dd36adec3e2d07045927cff22780ea6815f0ebf1e6d7eb19d3f8dce85beffc819467e184fea609ef5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 79d78a931539fc37acf5a6685950e7c9
SHA1 6963476185d9fcbed194bca11fb1fcf2415e73e3
SHA256 a40da8f744f39e4853fbdf48c9726317f620d4519f450bb212c5e0f92ebb0d1d
SHA512 ffc30144c49d633c8abb646592ea12546a4a8fde0d2665963d6c6806ed0e4c6070b2c32b62d0700164a06100803287a48ce6a9aaaea9c2a7bde6052a1e9f314e

memory/2496-1489-0x0000000000A20000-0x0000000000A8D000-memory.dmp

memory/2496-1491-0x0000000004200000-0x0000000004600000-memory.dmp

memory/2496-1492-0x0000000004200000-0x0000000004600000-memory.dmp

memory/2496-1493-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

memory/2496-1495-0x0000000004200000-0x0000000004600000-memory.dmp

memory/2496-1496-0x00000000762A0000-0x00000000764B5000-memory.dmp

memory/3624-1499-0x0000000002370000-0x0000000002770000-memory.dmp

memory/3624-1500-0x0000000002370000-0x0000000002770000-memory.dmp

memory/3624-1501-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

memory/3624-1503-0x0000000002370000-0x0000000002770000-memory.dmp

memory/3624-1504-0x00000000762A0000-0x00000000764B5000-memory.dmp

memory/3624-1505-0x0000000002370000-0x0000000002770000-memory.dmp