Malware Analysis Report

2025-01-22 09:08

Sample ID 240521-rqwlwshb3v
Target https://www.mediafire.com/folder/t9cxprairpycv/Documents
Tags
redline @skayoker38 discovery infostealer spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.mediafire.com/folder/t9cxprairpycv/Documents was found to be: Known bad.

Malicious Activity Summary

redline @skayoker38 discovery infostealer spyware stealer

RedLine

RedLine payload

Reads user/profile data of web browsers

Loads dropped DLL

Executes dropped EXE

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

Suspicious behavior: LoadsDriver

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-21 14:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-21 14:24

Reported

2024-05-21 14:30

Platform

win10v2004-20240508-en

Max time kernel

329s

Max time network

330s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/t9cxprairpycv/Documents

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Setup\InstallerV2.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup\InstallerV2.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2412 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/t9cxprairpycv/Documents

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4dd946f8,0x7ffd4dd94708,0x7ffd4dd94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=10884 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10140 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Setup\" -spe -an -ai#7zMap19389:72:7zEvent11862

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1

C:\Users\Admin\Downloads\Setup\Setup.exe

"C:\Users\Admin\Downloads\Setup\Setup.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Downloads\Setup\InstallerV2.exe

"C:\Users\Admin\Downloads\Setup\InstallerV2.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\Downloads\Setup\Setup.exe

"C:\Users\Admin\Downloads\Setup\Setup.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Downloads\Setup\InstallerV2.exe

"C:\Users\Admin\Downloads\Setup\InstallerV2.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.202:443 ajax.googleapis.com tcp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 74.113.16.104.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
DK 18.173.5.61:443 cdn.amplitude.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 translate.google.com udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 142.250.187.238:443 translate.google.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 52.11.250.54:443 api.amplitude.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
GB 172.217.169.42:443 translate.googleapis.com tcp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 61.5.173.18.in-addr.arpa udp
US 8.8.8.8:53 104.5.173.18.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 54.250.11.52.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
BE 74.125.133.157:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
BE 74.125.133.157:443 stats.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 172.217.169.42:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 104.21.63.106:443 www.ezojs.com tcp
GB 142.250.187.238:443 translate.google.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 106.63.21.104.in-addr.arpa udp
US 104.21.42.32:443 privacy.gatekeeperconsent.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 g.ezoic.net udp
FR 13.39.145.251:443 g.ezoic.net tcp
US 8.8.8.8:53 go.ezodn.com udp
US 188.114.96.2:443 go.ezodn.com tcp
US 188.114.96.2:443 go.ezodn.com tcp
US 188.114.96.2:443 go.ezodn.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 188.114.96.2:443 go.ezodn.com tcp
US 188.114.96.2:443 go.ezodn.com tcp
US 188.114.96.2:443 go.ezodn.com tcp
NL 23.63.101.171:80 apps.identrust.com tcp
US 8.8.8.8:53 g.ezodn.com udp
US 104.16.53.110:443 cdn.otnolatrnup.com tcp
US 172.67.142.121:443 g.ezodn.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.mediafiredls.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 104.26.2.173:443 www.mediafiredls.com tcp
GB 142.250.180.10:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 bshr.ezodn.com udp
US 172.67.142.121:443 bshr.ezodn.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 251.145.39.13.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 110.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 171.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 173.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
DK 143.204.237.111:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
IE 52.49.45.15:443 bcp.crwdcntrl.net tcp
IE 54.220.158.112:443 bcp.crwdcntrl.net tcp
GB 172.217.169.42:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 111.237.204.143.in-addr.arpa udp
US 8.8.8.8:53 112.158.220.54.in-addr.arpa udp
FR 13.39.145.251:443 g.ezoic.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 script.4dex.io udp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 ghb.adtelligent.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 104.18.36.155:443 htlb.casalemedia.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
DK 143.204.237.42:443 hb.yellowblue.io tcp
GB 185.83.69.58:443 ghb.adtelligent.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
IE 54.77.107.197:443 ap.lijit.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
DK 143.204.247.175:443 cdn.prod.uidapi.com tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 cadmus.script.ac udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 104.18.22.145:443 cadmus.script.ac tcp
DE 51.89.9.254:443 onetag-sys.com udp
US 8.8.8.8:53 oajs.openx.net udp
US 34.120.135.53:443 oajs.openx.net tcp
US 8.8.8.8:53 ghb1.adtelligent.com udp
US 23.227.151.194:443 ghb1.adtelligent.com tcp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.117:443 id5-sync.com tcp
US 8.8.8.8:53 330f2ed0908b3ca34aa389a1141d046d.safeframe.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.169.65:443 330f2ed0908b3ca34aa389a1141d046d.safeframe.googlesyndication.com tcp
US 34.120.135.53:443 oajs.openx.net udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 58.69.83.185.in-addr.arpa udp
US 8.8.8.8:53 209.30.22.104.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 254.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 197.107.77.54.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 42.237.204.143.in-addr.arpa udp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 175.247.204.143.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 194.151.227.23.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
FR 185.235.86.95:443 ag.gbc.criteo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
FR 185.235.86.70:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 download1326.mediafire.com udp
US 205.196.123.14:443 download1326.mediafire.com tcp
US 205.196.123.14:443 download1326.mediafire.com tcp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 95.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 70.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 14.123.196.205.in-addr.arpa udp
US 8.8.8.8:53 sys.ctrackapp.com udp
DK 143.204.237.69:443 sys.ctrackapp.com tcp
DK 143.204.237.69:443 sys.ctrackapp.com tcp
US 8.8.8.8:53 track.donecperficiam.com udp
DK 18.173.5.96:443 track.donecperficiam.com tcp
DK 18.173.5.96:443 track.donecperficiam.com tcp
US 8.8.8.8:53 go.etoro.com udp
DE 184.25.158.219:443 go.etoro.com tcp
DE 184.25.158.219:443 go.etoro.com tcp
US 8.8.8.8:53 69.237.204.143.in-addr.arpa udp
US 8.8.8.8:53 96.5.173.18.in-addr.arpa udp
US 8.8.8.8:53 marketing.etorostatic.com udp
US 8.8.8.8:53 etoro-cdn.etorostatic.com udp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
DE 79.127.216.47:443 id.a-mx.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 ads.us.e-planning.net udp
US 8.8.8.8:53 eb2.3lift.com udp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 s.console.adtarget.com.tr udp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 id.crwdcntrl.net udp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 ce.lijit.com udp
SE 104.73.92.198:443 ads.pubmatic.com tcp
DK 37.157.2.228:443 cm.adform.net tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
DE 142.132.249.184:443 s.console.adtarget.com.tr tcp
US 52.223.40.198:443 match.adsrvr.org tcp
IE 52.19.204.214:443 ce.lijit.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
IE 52.19.204.214:443 ce.lijit.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 219.158.25.184.in-addr.arpa udp
US 8.8.8.8:53 5.205.56.23.in-addr.arpa udp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 3.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 198.92.73.104.in-addr.arpa udp
US 8.8.8.8:53 228.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 184.249.132.142.in-addr.arpa udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 ads.stickyadstv.com udp
FR 154.54.250.80:443 ads.stickyadstv.com tcp
US 8.8.8.8:53 t.adx.opera.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 216.200.232.249:443 sync.mathtag.com tcp
DE 18.158.184.198:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 static.smilewanted.com udp
US 8.8.8.8:53 assets.a-mo.net udp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
FR 217.182.178.229:443 ssbsync-global.smartadserver.com tcp
DE 18.158.184.198:443 rtb.mfadsrvr.com tcp
US 216.200.232.249:443 sync.mathtag.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
FR 217.182.178.229:443 ssbsync-global.smartadserver.com tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
US 104.19.159.19:443 assets.a-mo.net tcp
US 104.19.159.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 spl.zeotap.com udp
US 104.22.50.98:443 spl.zeotap.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 214.204.19.52.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 80.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 215.173.252.37.in-addr.arpa udp
US 8.8.8.8:53 198.184.158.18.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 79.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 19.159.19.104.in-addr.arpa udp
US 8.8.8.8:53 229.178.182.217.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 98.50.22.104.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 104.155.46.52.in-addr.arpa udp
NL 81.17.55.97:443 sync.smartadserver.com tcp
US 8.8.8.8:53 ow.pubmatic.com udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
NL 185.64.189.116:443 ow.pubmatic.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 sync.a-mo.net udp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
US 8.8.8.8:53 cdn.indexww.com udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
NL 185.89.211.116:443 secure.adnxs.com tcp
US 8.8.8.8:53 ice.360yield.com udp
IE 52.210.157.137:443 ice.360yield.com tcp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 97.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 116.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 116.211.89.185.in-addr.arpa udp
US 34.98.64.218:443 u.openx.net udp
US 8.8.8.8:53 us.shb-sync.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.2.110.33:443 us.shb-sync.com tcp
DK 143.204.237.99:443 s.ad.smaato.net tcp
US 8.8.8.8:53 99.237.204.143.in-addr.arpa udp
US 8.8.8.8:53 137.157.210.52.in-addr.arpa udp
US 8.8.8.8:53 33.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 aa7f8a1ab70c6fd2c036dd972b175af1.safeframe.googlesyndication.com udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 download1580.mediafire.com udp
US 199.91.152.80:443 download1580.mediafire.com tcp
US 199.91.152.80:443 download1580.mediafire.com tcp
US 8.8.8.8:53 80.152.91.199.in-addr.arpa udp
US 104.16.52.110:80 otnolatrnup.com tcp
US 104.16.52.110:80 otnolatrnup.com tcp
DE 79.127.216.47:443 id.a-mx.com tcp
US 8.8.8.8:53 s.adtelligent.com udp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
DE 168.119.66.90:443 s.adtelligent.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 110.52.16.104.in-addr.arpa udp
US 8.8.8.8:53 90.66.119.168.in-addr.arpa udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 csync.loopme.me udp
NL 35.214.132.111:443 csync.loopme.me tcp
US 64.74.236.255:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 111.132.214.35.in-addr.arpa udp
US 8.8.8.8:53 255.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 113.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 56.94.73.104.in-addr.arpa udp
NL 109.107.157.17:15866 tcp
US 8.8.8.8:53 17.157.107.109.in-addr.arpa udp
RU 147.45.47.93:80 tcp
US 8.8.8.8:53 93.47.45.147.in-addr.arpa udp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 31.13.26.104.in-addr.arpa udp
NL 109.107.157.17:15866 tcp
RU 147.45.47.93:80 tcp
US 104.26.13.31:443 api.ip.sb tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_2412_ZOLVQYZYCXKJQDAU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 720a834a235ea527d75cdf21c0b1eeac
SHA1 12b5bf53eefa6a06cd2dac5e900f37fd347158e1
SHA256 bfe282e78fec1abb4c2c3cb2306b36a494df36cb6af2d97162867a50b0cc81de
SHA512 dd47b4419ccd11e75c03e85e42b64998248df91c3094f9ab991771d93dc6df2dd090ff367319b32a470958c3688b56cfd33ce2b204c707008eb4647eb91de67c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1ac581ef17b8111e88ecd49ac2d0ae71
SHA1 715cb1b07af7ce697a23a9e0501435f173db98ae
SHA256 ee9c8ef53fee156c46df1b4eb8eace77b00ca04e309784bb6e8206407f1a4670
SHA512 a9e456ddb277332c7d8e007e625d00e1e6f7dbcaae1c07df0653c39eb11279c1ad28853eb1f6c03581fe5c076177853aa9b86dbaa696111ddeeacda11cfe7684

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f3349d38975b7aee2891c0cc145639fd
SHA1 b42a78810b19f58c40b2fd155eacdbe67563abb6
SHA256 e6653a47d1a1011f51f5de81a401b6e5ee906b53e30bb1a9b1c8334c18dbf814
SHA512 94a7934f46dd88702f1ecbd10b2e3053ee25a3133d357da26e370ee5435669a9f9b29b764ea343052f6339f812e9e85a48965ed0fbbf7b1a1f066ca9e5c06cc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c310b633c62eb99473a27046ede849cb
SHA1 592344d76a05d2e73e0e50cebf959cef7c624c6b
SHA256 ec6587988f347617a72005ab511afa9fa7b70f843756a94f93c6424562665e35
SHA512 ec86e756750493735375fe791a96b3e989c2274d76c6133a897123c2d817928c925332bd8a0904b9607f19b9f0412cf5b3f97f6d32d03ddda2f1e3284386c61c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 41785febb3bce5997812ab812909e7db
SHA1 c2dae6cfbf5e28bb34562db75601fadd1f67eacb
SHA256 696a298fa617f26115168d70442c29f2d854f595497ea2034124a7e27b036483
SHA512 b82cfd843b13487c79dc5c7f07c84a236cf2065d69c9e0a79d36ac1afc78fa04fba30c31903f48d1d2d44f17fb951002e90fb4e92b9eae7677dbb6f023e68919

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ff1009bf73eb6b8e9e21287e68e8d7ff
SHA1 a7f34c312178653118633415e91288ba422dfa4b
SHA256 98a33b2e4e8694a1c66c003f69d662d043913a79c9baee670f8c1843e388f839
SHA512 df0173f6b1e3f3d10d5fcddd9ceea5a564b30bc3d08f4248d42e011a2119d65bebd451d6e85f1a0ba4ef8e947af40efcdc24fb51c78fd27a7f9fa28781324fae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b94d.TMP

MD5 fa5351854670e330bfca0dc8ea55751c
SHA1 dcae84d7a33dc672f7f7b00c2c74dc8a22606e6c
SHA256 361d4c17bd48818bcaac9339f5570930dbb69ca8f2c80a955ca88b256be30110
SHA512 15c6995620a77101538179d15bba118d026781d4317e29ac460bcd98c17c3c52db8d5486b8bb2185fdc462e9de3572b5b1007194ae1bcb7fd65fb4ad5f9a41b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 bdcfed56131a72bd10b85bbec015d50d
SHA1 f46d407d2494627617ebdb03ba5c1eaae17c1417
SHA256 92c701712d4fba194b11340cc9595021b31475d4e19bae5c97d2b551ab07afea
SHA512 55aa3591986b38a8f32b04660acd1b3245bfe45044dfdc980817258d8d417d37dbce13f98c1e1faf27fb27c5e7b4de26d2396bea161e06cf66a76c1b8cdb7332

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 178690f95ec44a74b63bf3bf26383884
SHA1 5ad65f8769fda6e5d97ce082a2ad5eda43854888
SHA256 bef581b046a176bf5a609abb9ecf16236991e7ee520e8945bc304aa2e508e04d
SHA512 6c807208d4fcadbfb5b217441cf3e4510f5832618fba5719f3d00b2ba0374cc6a2aae2d0d142d52982dea109b22f429dac4a5266b2f99b3bba4738f8507530ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b59085c078b51d90d448454592d41dd1
SHA1 813708f1a3bf7c316740bda09b01dbd16d4a47d0
SHA256 613a742b4c4727cb0363b6ce5c02f7d6fffb95951eb6d8a14ab18b330719166a
SHA512 b3b8cca7b9b3f5238a5c7a98edb9b8d5c5b00d5ffb098300feb23ac146c4ca800b48cea98a90072e63e5749838f91bf8ebdc5570f5f7d53cb58bbdfdc58fb222

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e3f6e31bfc036025340d7a32b588f82e
SHA1 1864cab884cb5c7aeae5d0412197c73e708953b5
SHA256 cea808026287e3415b560289b20e7cb92a0e7532facac81c746ccbbf8628e8f9
SHA512 726888138b9ee5b03eff4bedfcac2f3c2bba4e734d6b613476f2cf212e80d9982555315ee07444e304172dbd3d89ef7f0cfa5627c55232a1af02e8b35505c5fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 326a43e433e992cd15a958e99ebe850b
SHA1 acbacdb7f8eb63727186076b522229061bcbccc7
SHA256 9aa577b48c68c1aa0fb35e6968c7d05f82b6005fe831bb7e3c54b30562e31a3a
SHA512 5cfd5211294496e187b0f04939005e0c79ecb6668ecdb9c13816a1838ac39ec1ce890c6a88d1783a4fcb167ec96203f1607b995a62fb46312d7684b689a1ef95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4a62aa86761dc139889071921a6007b2
SHA1 4618cde3f9f28802d6f57720537ec1879ef85b8e
SHA256 402dd98934c0ead8af6f5b636adcedbb0ac8f981971edea711648f897213dcf8
SHA512 f068c0e667e08954637bd472c51c5aabd412cb0bc572259567c48694f055fc5b3a5364422deca09e17986e441c663f20720f513cdd91b7a3d67bce6e0a2c8589

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2a8998a6e97ac33e905cd5c45f378e51
SHA1 ea69771d86978b07230c1da2e0bc2642ca0904eb
SHA256 3b22f036a07af7a5ff35eeb3209391413da8f5b4e4e92ff4b5672c6dcb4a02af
SHA512 1712ca233f4d4d2f1d82a6858020354ec24e71b23ed3f720f0a2f666721ba568ece3248ca6273ef2357ba18510aeaab8dd5218523b77194868427901149a6fc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4345dfc076a3564169369d5b0326077d
SHA1 8986cd1d47041df2dc5bfdb3e071f7e2eecdb3b6
SHA256 cbe44b12288886da79e62843503643a2f601cda1a0f0ffa7bdabbc9d616eb729
SHA512 ef8047301b5edaa460aa21426fa93fe29a5cf25d170e74fa4a535657fc8da00ef735fa5a1f3026e380ad7d0cc2753538473910ab86cd4dfc149a752abcbdb40b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8c61f36a2d0188186f5164a06e5abdc0
SHA1 b3c63dace1bc4b40fd8f6a18c8c4fd15e6c7e72e
SHA256 f45c2ce24f15badb46898151d9c282fda97db8d096cc3201b93525f1e99b3636
SHA512 caee6a7674ba69b15be625e8afe70ff870e346d2b3480e15b6582c7c7ac35a8f768f6d095ae1a3208909930af7efec0793dc8f5ce31fccd5d5d862ec97f3c613

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 57ccb7d2d7a2855d1a5fedd078f868de
SHA1 d1b3da6fcfac5bf94685a69d6e131c9451032759
SHA256 f9838cf40dc8e7bb79b4861e9ba87fe2a108143ddc98dbf65fb56cbf14c95a1b
SHA512 8bccbf276a15a1cc4e9309c8f30d7a3e09b0b5d15ef9cb1ea9d061459e7ffe86ea7b79d2e31b15ffa0621b70171654c81cb2ff73368e71d6e75250a394bbcbe9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1a14bb7e7891742bfedf1d623496d14a
SHA1 2c9c572f79cd3b97b1fb0585340df8282746ef74
SHA256 8cb607c72376dc40d345f651d1460913eb002f07da8a8bb4795c84aafa3b91ba
SHA512 9c4881e9b0efb8504519f61d033c08d127b80beeb4cca8f1d075a48dab2d940cf85a6a7efe6dc002bdeb8dd398e1e5dda23b648163b0aa7da5b95dcdb6b26f42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9ff34de0aec390dd01aede9dd2b77e08
SHA1 46ee051a634612dd5110fd1d2e32c5df1c2c9d69
SHA256 8279e028b8959d093a9b0e5f3407261813651b8cc9fcd4d55bac6897854ca0b6
SHA512 f62a558a4b3f3d35948f758d54c8216be30f5f0149c5300adca909a39a04167a57a41615f3ee83cf278b6faed00e9ca98df3b5ed774b9805c1ecbacb9ceae072

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 882e9b19125e05e8616344f48258d827
SHA1 6169483c5536a226e349aa7a0da0f5c8f564d78f
SHA256 997e1617b2845502fb3c5c8eb832a15ed0770eb0e5d776b33543fbf12e72ec54
SHA512 3d6cc5524d3213fcc988633d34f9e91085e9c89674320fe4dc075209ed8ad9ba27fc3fdba2d22a7ba284170fae64b7b22b59f94a04decbd3890541c9e0f0d437

C:\Users\Admin\Downloads\Setup\packages\Data\cef.pak

MD5 4290bf19c70db819b4ca7a80ebabca3c
SHA1 2aaefa1183234d661f9e82ba40bd3c58e106d42b
SHA256 fb346203c063d5e48ea230b2c4947e5b9e8e600a0b5940e42b325426637c441a
SHA512 c2a9afce86f768e4406c4d51dd659bcd0428ddffea5b3032ca2783dae646f7274480cc74ca5dc0151c69d734ffb6c1e9188e41c62cf8bd2ea46fe890fec09944

C:\Users\Admin\Downloads\Setup\packages\Data\cef_100_percent.pak

MD5 20c53b63527023e3bc2300fe83e62941
SHA1 0dccc5c4fa3e79cb258406050eeda2c224b6ce31
SHA256 65eb3dcbadc41708c3b6347f13ef1d6b0fdc48fe72dac91c41ff38d390231af7
SHA512 ef54e4a0c47b0621845b1f677b0136933a571c857f46ef7b556f509a5d36c771708505e3216248b540ffbcada08dc289167d91c4ceba7d678de70f499900cd22

C:\Users\Admin\Downloads\Setup\packages\Data\data_0

MD5 ccdad492bf2837b5c39af24e1edeba19
SHA1 559849e557ea273c8b093520f25f71999bb842dd
SHA256 48b6feeab56e590821508aca66a4d4347276719248a39caf4019c41884b51c65
SHA512 638b4a53e3c8210cd60b16b69b8ac96745451f9b28abca9106e56bc740f98461cf06d8be0b355f429db358bcdcdc232c6d6e10eb51948d5f43783901658807a6

C:\Users\Admin\Downloads\Setup\packages\Data\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\Downloads\Setup\packages\Data\data_1

MD5 abac4265c823916c5e7eff156e9efa0c
SHA1 afe2336ff1030e766bdc0f23bb489518fecf9245
SHA256 c1fee2558ca5efb77691635b1ff92ba3661b8217653f2ffe6150699d44137e6b
SHA512 ee27854a771076d397b0135e7c4cf415d59031479be5739b99b51ec54ca1bee6d0f411ffe7ffee1f2df2a5aa88360ddb94621f6c5ac8ec30c120d7b86c9ef95b

C:\Users\Admin\Downloads\Setup\packages\Data\index

MD5 2b19239fdfc1ce97f23509562dae213c
SHA1 89874206b901d33a4033cde558f515000d436183
SHA256 2947e7b436276b77907ca9cc9a6a9a0521701086f3bc373e285ddd7bd9551b6c
SHA512 8c92dc7046b25a4537ef88cbc83016894f2b41e04b14bcbae2e947342c15d563998868b27fd119d8b067e9c12914d3e1a37e3be019333f407e3d4551ce511dd4

C:\Users\Admin\Downloads\Setup\packages\Data\data_3

MD5 9cee917599959084a52bab23760d377a
SHA1 f656fd8a9ba69ab6ab6b4197a5ea315391c987e4
SHA256 11b5e06939869ecee30f05494b91b4707ac8ecd0cdd376e88e0fb0d4ac925900
SHA512 54576a2d1f9062cf58022b1e3c84129ad427f5e47e301cc4819d34aa168a958600d47827f16ee44f350b39ae703dd6106352470adb75068fbf6d5b8ad319bea2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6762d9efbeffd2bfdd6845b06119d55c
SHA1 75703d0407d9cb0f76f239995a0871bb4ad798f4
SHA256 5173bef2f0d11571cb735ab8dbc99c69be6be246f2f48ecb2fd3af2cdeb80ea6
SHA512 a99fa5adb21678e97f91f0ef7ca490ddcfff330a17b5ae229a47db55196df3dc198ec2bfd188b7a792567072d6335dd01e44ed48a32707bc394ae5864afcfce8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5a6a3c20afc5210b7cdab3c23215fce9
SHA1 ee2bb23e4fc0035f340adcc6b6e796164eddc84b
SHA256 1986372ccfe961b4e7d4e92585adfde4b057324c694aca1560fbd26148c3067d
SHA512 0b14a93c27e6931db06fd8aebdc2fa60a658573ff55d1727de2297aa6c1eeaabaa24d85a35760dc75f810fdcdbe4891c4665cf38b63a53a66a12f5e3a5427e5d

C:\Users\Admin\Downloads\Setup\Setup.exe

MD5 ba34e142fb69b389272bec35858a66a7
SHA1 5122e24c062e338db3b69faa6c2a22b5c9063241
SHA256 b33bce2603af56f1e140f7e78f58bc9eb303bd2d91298a7bde2f405f6c038398
SHA512 11c5c7153257f16807867c7070e118c7e61f5f8b4f5dedecfea946537f7711d8dd37ea1fe8683d03abaf2dbfcde47cbaa97aaebec50eac5ff2f8f1e35f1b8981

memory/5616-909-0x00000000003D0000-0x00000000003D1000-memory.dmp

memory/6008-910-0x0000000000400000-0x000000000045A000-memory.dmp

memory/5616-911-0x00000000003D0000-0x00000000003D1000-memory.dmp

memory/6008-912-0x00000000057E0000-0x0000000005D84000-memory.dmp

memory/6008-913-0x00000000052D0000-0x0000000005362000-memory.dmp

memory/6008-914-0x00000000052B0000-0x00000000052BA000-memory.dmp

memory/6008-915-0x00000000089C0000-0x0000000008FD8000-memory.dmp

memory/6008-916-0x0000000008510000-0x000000000861A000-memory.dmp

memory/6008-917-0x0000000008450000-0x0000000008462000-memory.dmp

memory/6008-918-0x00000000084B0000-0x00000000084EC000-memory.dmp

memory/6008-919-0x0000000008620000-0x000000000866C000-memory.dmp

memory/6008-920-0x00000000087A0000-0x0000000008806000-memory.dmp

memory/6008-921-0x0000000009260000-0x00000000092D6000-memory.dmp

memory/6008-922-0x0000000009200000-0x000000000921E000-memory.dmp

memory/6008-923-0x000000000A0E0000-0x000000000A2A2000-memory.dmp

memory/6008-924-0x000000000A7E0000-0x000000000AD0C000-memory.dmp

memory/4768-926-0x0000000000A60000-0x0000000000AD4000-memory.dmp

memory/6200-932-0x0000000000400000-0x0000000000452000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TmpD185.tmp

MD5 1420d30f964eac2c85b2ccfe968eebce
SHA1 bdf9a6876578a3e38079c4f8cf5d6c79687ad750
SHA256 f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9
SHA512 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

memory/6200-952-0x0000000008EC0000-0x0000000008F0C000-memory.dmp

memory/6200-955-0x0000000009F90000-0x0000000009FE0000-memory.dmp

memory/7052-958-0x0000000000B30000-0x0000000000B31000-memory.dmp

C:\Users\Admin\AppData\Roaming\d3d9.dll

MD5 8a5b1a7f593e750f4fa492c7eaae3e58
SHA1 4d8e390d3d6467cd86de616d240580845f09b68f
SHA256 9a062a50ff2b5f57dfc0b64c9b4fbc6a1f738ea87468cf194503a304ebb89be8
SHA512 bf5f66a9d448f4e374f8ef4b16bd8f688b864411e8db601bc072d7edb1e25165a15796587bc9de883eb80db715ff00b812a42201203f50843dbf8e8d3122f2d7