Malware Analysis Report

2025-01-22 09:02

Sample ID 240521-yje4wsgf2w
Target https://www.mediafire.com/folder/0yxj41i2ju2lm/Aquantia_Executor
Tags
redline discovery infostealer spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.mediafire.com/folder/0yxj41i2ju2lm/Aquantia_Executor was found to be: Known bad.

Malicious Activity Summary

redline discovery infostealer spyware stealer

RedLine

RedLine payload

Reads user/profile data of web browsers

Executes dropped EXE

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-21 19:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-21 19:48

Reported

2024-05-21 19:51

Platform

win11-20240426-en

Max time kernel

193s

Max time network

194s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/0yxj41i2ju2lm/Aquantia_Executor

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 8c003100000000009a58ed7e110050524f4752417e310000740009000400efbec5525961b558669e2e0000003f0000000000010000000000000000004a00000000004c154e00500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 50003100000000009a58d67a1000372d5a6970003c0009000400efbe9a58d67a9a58d67a2e000000439f0200000008000000000000000000000000000000c6bab20037002d005a0069007000000014000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "3" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\NodeSlot = "4" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\system32\OpenWith.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Aquantia.rar:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 780 wrote to memory of 2716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 2716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 2652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 2652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/0yxj41i2ju2lm/Aquantia_Executor

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff223a3cb8,0x7fff223a3cc8,0x7fff223a3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9888 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6396 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,14275052515493588410,15121459824434496574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Aquantia.rar"

C:\Windows\System32\DataExchangeHost.exe

C:\Windows\System32\DataExchangeHost.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\7zO882E18E9\Aquantia_Setup 2.21.exe

"C:\Users\Admin\AppData\Local\Temp\7zO882E18E9\Aquantia_Setup 2.21.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\7zO8823870A\Aquantia_Setup 2.21.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8823870A\Aquantia_Setup 2.21.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 static.mediafire.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
FR 18.161.111.118:443 cdn.amplitude.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 142.250.187.238:443 translate.google.com tcp
US 54.69.199.187:443 api.amplitude.com tcp
US 8.8.8.8:53 118.111.161.18.in-addr.arpa udp
US 8.8.8.8:53 38.97.161.18.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
GB 172.217.169.10:443 translate-pa.googleapis.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 74.125.133.157:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 163.70.151.35:443 www.facebook.com tcp
BE 74.125.133.157:443 stats.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
N/A 224.0.0.251:5353 udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 172.217.169.10:443 translate-pa.googleapis.com udp
US 104.21.42.32:443 privacy.gatekeeperconsent.com tcp
US 172.67.170.144:443 www.ezojs.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.16.52.110:443 otnolatrnup.com tcp
FR 35.181.89.222:443 g.ezoic.net tcp
US 188.114.96.2:443 go.ezodn.com tcp
US 188.114.96.2:443 go.ezodn.com tcp
US 188.114.96.2:443 go.ezodn.com tcp
US 104.26.3.173:443 www.mediafiredls.com tcp
US 188.114.96.2:443 go.ezodn.com tcp
US 188.114.96.2:443 go.ezodn.com tcp
US 188.114.96.2:443 go.ezodn.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
US 172.67.142.121:443 bshr.ezodn.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
IE 52.17.55.191:443 ad.crwdcntrl.net tcp
IE 52.17.40.72:443 ad.crwdcntrl.net tcp
FR 54.230.112.53:443 tags.crwdcntrl.net tcp
US 104.21.87.79:443 bshr.ezodn.com tcp
FR 35.181.89.222:443 g.ezoic.net tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 172.67.75.241:443 script.4dex.io tcp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 172.64.151.101:443 htlb.casalemedia.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
FR 3.160.188.9:443 hb.yellowblue.io tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
IE 52.19.97.129:443 ap.lijit.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
US 104.22.30.209:443 static.smilewanted.com tcp
US 104.22.30.209:443 static.smilewanted.com tcp
US 104.22.30.209:443 static.smilewanted.com tcp
US 104.22.30.209:443 static.smilewanted.com tcp
US 104.22.30.209:443 static.smilewanted.com tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
FR 52.84.39.108:443 cdn.prod.uidapi.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 185.239.172.170:443 ghb1.adtelligent.com tcp
US 172.67.75.241:443 script.4dex.io tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 34.120.135.53:443 oajs.openx.net tcp
GB 142.250.187.196:443 www.google.com udp
DE 51.38.120.206:443 onetag-sys.com udp
US 104.18.23.145:443 cadmus.script.ac tcp
DE 142.132.249.188:443 ghb1.adtelligent.com tcp
GB 172.217.169.10:443 translate-pa.googleapis.com udp
DE 162.19.138.116:443 id5-sync.com tcp
US 34.120.135.53:443 oajs.openx.net udp
GB 172.217.169.65:443 3bc0b5196d3a4d745c2e5bd23131a6a5.safeframe.googlesyndication.com tcp
US 35.244.159.8:443 u.openx.net tcp
US 8.8.8.8:53 9.188.160.3.in-addr.arpa udp
US 8.8.8.8:53 129.97.19.52.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 170.172.239.185.in-addr.arpa udp
US 8.8.8.8:53 108.39.84.52.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 188.249.132.142.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 205.196.123.219:443 download1531.mediafire.com tcp
US 205.196.123.219:443 download1531.mediafire.com tcp
FR 54.230.112.18:443 sys.ctrackapp.com tcp
FR 54.230.112.18:443 sys.ctrackapp.com tcp
FR 18.161.97.57:443 track.donecperficiam.com tcp
FR 18.161.97.57:443 track.donecperficiam.com tcp
DE 184.25.158.219:443 go.etoro.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
DE 23.56.205.5:443 etoro-cdn.etorostatic.com tcp
NL 79.127.227.46:443 id.a-mx.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 67.202.105.21:443 ssc-cms.33across.com tcp
SE 104.73.92.198:443 ads.pubmatic.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
US 67.202.105.21:443 ssc-cms.33across.com tcp
SE 104.73.92.198:443 ads.pubmatic.com tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
IE 52.48.217.227:443 id.crwdcntrl.net tcp
US 172.67.14.119:443 static.smilewanted.com tcp
DK 37.157.5.132:443 cm.adform.net tcp
NL 178.250.1.11:443 dnacdn.net tcp
IE 52.19.204.214:443 ce.lijit.com tcp
IE 52.19.204.214:443 ce.lijit.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
US 204.79.197.237:443 bat.bing.com tcp
GB 199.232.56.157:443 static.ads-twitter.com tcp
IE 63.33.0.173:443 c0.adalyser.com tcp
US 151.101.1.44:443 trc.taboola.com tcp
SE 104.73.93.80:443 wave.outbrain.com tcp
FR 18.161.111.91:443 static.hotjar.com tcp
GB 216.58.204.70:443 9944765.fls.doubleclick.net tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 104.19.158.19:443 assets.a-mo.net tcp
US 104.244.42.133:443 t.co tcp
US 104.244.42.195:443 analytics.twitter.com tcp
FR 216.137.52.72:443 script.hotjar.com tcp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 50.31.142.63:443 tr.outbrain.com tcp
US 50.31.142.63:443 tr.outbrain.com tcp
GB 216.58.204.70:443 9944765.fls.doubleclick.net udp
SE 104.73.93.80:443 wave.outbrain.com tcp
SE 104.73.93.80:443 wave.outbrain.com tcp
SE 104.73.93.80:443 wave.outbrain.com tcp
SE 104.73.93.80:443 wave.outbrain.com tcp
SE 104.73.93.80:443 wave.outbrain.com tcp
SE 104.73.93.80:443 wave.outbrain.com tcp
NL 89.149.192.201:443 sync.smartadserver.com tcp
FR 185.235.86.173:443 ag.gbc.criteo.com tcp
NL 185.235.87.225:443 gem.gbc.criteo.com tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
DE 3.69.205.38:443 rtb.mfadsrvr.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
NL 185.89.210.82:443 secure.adnxs.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
NL 81.17.55.108:443 ssbsync-global.smartadserver.com tcp
US 216.200.232.253:443 sync.mathtag.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 52.46.151.131:443 s.amazon-adsystem.com tcp
GB 216.58.204.66:443 cm.g.doubleclick.net tcp
US 104.22.51.98:443 spl.zeotap.com tcp
NL 141.226.228.48:443 trc-events.taboola.com tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
IE 54.171.20.81:443 ice.360yield.com tcp
US 34.98.64.218:443 u.openx.net udp
GB 216.58.204.66:443 cm.g.doubleclick.net udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.2.110.33:443 us.shb-sync.com tcp
FR 216.137.52.87:443 s.ad.smaato.net tcp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.151.46.52.in-addr.arpa udp
US 8.8.8.8:53 98.51.22.104.in-addr.arpa udp
US 8.8.8.8:53 253.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 48.228.226.141.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 81.20.171.54.in-addr.arpa udp
US 130.211.5.208:443 cdn.mxpnl.com tcp
NL 20.50.88.245:443 dc.services.visualstudio.com tcp
NL 20.54.209.212:443 etorologsapi.etoro.com tcp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
RU 147.45.47.64:11837 tcp
RU 147.45.47.64:11837 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7915c5c12c884cc2fa03af40f3d2e49d
SHA1 d48085f85761cde9c287b0b70a918c7ce8008629
SHA256 e79d4b86d8cabd981d719da7f55e0540831df7fa0f8df5b19c0671137406c3da
SHA512 4c71eb6836546d4cfdb39cd84b6c44687b2c2dee31e2e658d12f809225cbd495f20ce69030bff1d80468605a3523d23b6dea166975cedae25b02a75479c3f217

\??\pipe\LOCAL\crashpad_780_GDWKFMLJRVPOOFCB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9faad3e004614b187287bed750e56acc
SHA1 eeea3627a208df5a8cf627b0d39561167d272ac5
SHA256 64a60300c46447926ce44b48ce179d01eff3dba906b83b17e48db0c738ca38a9
SHA512 a7470fe359229c2932aa39417e1cd0dc47f351963cbb39f4026f3a2954e05e3238f3605e13c870c9fe24ae56a0d07e1a6943df0e891bdcd46fd9ae4b7a48ab90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c6d9149ae830f88f2f44d392e6f7dbba
SHA1 0d826a62232d3b737f9ad059a8bbd83fa71ab6c2
SHA256 7d1759f9868a0b8861c674f8224bf8ede9b4a18b927c0b405b95101dc8bc6f95
SHA512 e07fb426f11b7982b2fbc9c139e65e7bc087bf3f8264ad6f632f227d4ea39a4bfaf59c1acb887cbfce0d2d401cf006552484bf490e3ed91b5ce9d49865188058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 36f165f33d265bf8b3cba925a4741ceb
SHA1 46e94add1c02c283e2f25d3a8c3b3519d58aaa15
SHA256 35d589d1427580575e74bb1084d9bf50b6abef70559abebf9a792d3cfb7de4c4
SHA512 7238c01ab802c05c6799763c447bc3ff449fd38af40def59024ccb19f60cd556f05b213221a7d77159e4a49fb2fac13f9c3f317b2975f6b66c494953ac815b0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cad3721a4115f3315cae4f293c96b266
SHA1 a384853d31feca1ba3efc9cf7ec04ee2976eb2ea
SHA256 d49bcdab0db3cc28707f63c75d3790adfffacd5fa136caa4e0615ad149f9a17c
SHA512 700a31facdc058c8f7a55d3d41d28893899d9c7eb8951c36b5d8f684daed06415f2e2d2340ed18f7d52fce2ab59252844b4bde0c265e193009315287de846c08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 48ddb06bc520450694134da1042362ed
SHA1 18700e7908a46047ce9fe8f0507dba1821880c0e
SHA256 9ba3b951a31a8a15c694cb77363ad5ccce0faa6d76f1affa5f8947564d151c39
SHA512 01811e6de7d7639abfce8d134f0af03b354d7995d1c3f88742a2a69cccb7a99480f7eac72e9b241110069893e8fd6c009ffa3fb08a3be34cc8027731e2539300

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 03cf5f73704811fcf871a8a13eee85f1
SHA1 5d2264f4e021adb10f58684d8ead14e6752174fb
SHA256 ce97b9d4ce3f629b89c18c4323ed48c95c87347a312d806ef20605d48c444a6f
SHA512 916525e4d5abe70116cf3193589553466fa9ef16762c3a253515f7999bd3b889d6439871dc5c580e7fcc63b33d4559c501ef78ca05cb66dbb7b7c0c607df1091

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5789d1.TMP

MD5 dd20ee3538ef23b62cc74207f62cccbd
SHA1 b8ab0be52b87acf5fa47befb29d08c508f105297
SHA256 d5ad9f41dcf7cd55823d608282655f7f0cdb9efd308614a96f810e5e11a16611
SHA512 ca35327b1a68c29639704d53727807f01421619ef1b8b979ee8b432f8c10b536084c4a81bda36d13f73f066e83fda9f3c46da7c7408c0b318d7bf4bc9cb9f901

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 f998b8f6765b4c57936ada0bb2eb4a5a
SHA1 13fb29dc0968838653b8414a125c124023c001df
SHA256 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef
SHA512 d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 194d339e1bdcf6a52a3952e94bc1fe9b
SHA1 964d055c617063e8b6a62e964a76c0f2f2c69f55
SHA256 c4c5cc69b25e48d390146e47ca2faa92cff89974de8e31a3874696646d9e6a4c
SHA512 d690da210b10219ac764c83854dd25ecc4ddc68b4df0e32ce86a5ea730ca7936422813701ed79c3929705d33088b73386b1c6dbc3ef0dba9f6a67984fcf53da1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a6384937b3e67125825d7376c61ea5fe
SHA1 1a997c907d6402ae184c1ffc4bf20704ad10e6ff
SHA256 c5cd8979e0fcac592edbf046e6177ffc43234b3c57b130555807024595fb7973
SHA512 27f074de61124fedbf5e51278218aa5dc476af46944cdbc8cc0d28eb2bcbfb4326eba208b7ad3a7d849014589d7d0f15143232c1c6a308c988f6ee269ef30a69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e1d274ca26c105b36c987fec5215920e
SHA1 331733617400b92d5ed9e80ef0e278dd0f1da855
SHA256 65b24d069645105720ba79dc9d8f64d479e355dda5c3adbae7ff98ea2c74f829
SHA512 9164638d622329129bac08b61753306ad33e80f23c2d71833b7324b02dcd4d8b4df35c0957a96fe289d775865a71ad88f698a7bdcf9a6c7f1ae76a1f6b2d1df1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c37bfafa5837f6f838fc811deb8e1bbd
SHA1 a6cd11eebca6b170c1836654faf12ae44f3495fa
SHA256 19d15db0c8852866baeb964d8688738d232484af52c24764653380cdf5c8ab6c
SHA512 24cb749540e60deb6d8ebeedaaf12523857ba5d48143a8057a2e11762c70e31071368d159a26b37eba2408872e45076646d00bc0f8ce509cf2ef63fb6b32214d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4e72f8f24e49a72d451d13248ddd678b
SHA1 2c313e44d1186a0b6c0cec8daf9973b6d9b0c530
SHA256 afd8eb2cb2df892d863d0222cc1b377324437e6616e1be3bc9f2a9cd9b858277
SHA512 2e65c123cd525b71c8399834daadf2cf5523e9f6488714338b71fd6d5c7c597e39ace437ab1daec2d95ada3fd10ca86630cdaeb3de6f4cea5756a599c94caec3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 317503ea7aa27b67596ee44defe98a3d
SHA1 78f27a73a0f6cec01d53493bbb2e75ed077e2b15
SHA256 400aed75a0b5fc0e1f1cda2bf8b511705879c7f20a0e8541f99b3417b0a8d482
SHA512 361d938cb801d509a9a45ffd547d0a9b1933463f35d731049d3966c5d6e9e3493341ad10253b9bf93364e9e8f168d1bd9439b37ac7cd0fa2d1de322330f4daf3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0b129d389a79230aecd3369c10f710f4
SHA1 530f07188892101bfed640b7cd6e8e12f032f3b2
SHA256 da4821029e828a2ffa02a5b4839ee264685e4ebd17af86d436b728e2d5750724
SHA512 fa08c09977da94f9d7feca2baf17b539f3960c11bee1ba77f67084783dfc66ac03edae6dbbbdf7aedb76fb59e1e3a44bc745bfe8f45a6bcc4259ad6c818e4b5e

C:\Users\Admin\Downloads\Aquantia.rar:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 39e63a016de50919762e1c1b42624e67
SHA1 f425521ee8422facf73ed3566b4cb241bf17b052
SHA256 046fc8bd16bea1ae2cc5f382ed150e54d371e93a33611521fa236ad63e8ffed0
SHA512 213b9bf9500035ec58de147ecd81268f7da0df2c85c8ee069d6d591a9561af3c87b67907a7da1709313073c2f6a348dd8e21b45c7f634f14f82682a75030f588

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5d09f07f8481029365ed54b3db4f62e9
SHA1 cf61a01a16ba493228448a56ca48074bbc286d18
SHA256 f17fa868f9c2ee9b815bcfe393927ebfb4ad76ab6dbbd06f562f102daf89343d
SHA512 121c5e1ffb395471b8deb24c5fb4bf21990d08e83ff27dce598c6895b93482e82cc3d4f2ca48ae7a2946c12f2e991fecaa99c3170ab3f42c5951519202a00171

C:\Users\Admin\AppData\Local\Temp\7zO882E18E9\Aquantia_Setup 2.21.exe

MD5 ad1708f917673ba3277c7d716bb81069
SHA1 96796024e1e09ae12631a4bd6547c2cb1ee95a0a
SHA256 1bfb5bf80575431126e0d76adaf099bc065b2527b0faeffe5fc8009fdfcf6792
SHA512 d1472026b3d1d659e846330ff11498a0d9abb3096ea4887f6520afe8d5ef06eb012aa93405c9285a74a16230c029673a74dc5368089c81dcbabee304f0dbab34

memory/4996-557-0x0000000001310000-0x0000000001311000-memory.dmp

memory/4996-559-0x0000000001310000-0x0000000001311000-memory.dmp

memory/3392-558-0x0000000000400000-0x000000000044A000-memory.dmp

memory/3392-560-0x00000000058B0000-0x0000000005E56000-memory.dmp

memory/3392-561-0x0000000005300000-0x0000000005392000-memory.dmp

memory/3392-562-0x00000000053A0000-0x00000000053AA000-memory.dmp

memory/3392-563-0x0000000006940000-0x0000000006F58000-memory.dmp

memory/3392-564-0x0000000006480000-0x000000000658A000-memory.dmp

memory/3392-565-0x00000000063B0000-0x00000000063C2000-memory.dmp

memory/3392-566-0x0000000006410000-0x000000000644C000-memory.dmp

memory/3392-567-0x0000000006590000-0x00000000065DC000-memory.dmp

memory/3392-568-0x0000000006710000-0x0000000006776000-memory.dmp

memory/3392-569-0x0000000007060000-0x00000000070D6000-memory.dmp

memory/3392-570-0x00000000068E0000-0x00000000068FE000-memory.dmp

memory/3392-571-0x0000000007D30000-0x0000000007EF2000-memory.dmp

memory/3392-572-0x0000000008430000-0x000000000895C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 bef3680ec3b9e178a8fd8677baac3ba8
SHA1 0a7006ff73c57499d70d2c63d6d088f197a97f25
SHA256 915ebae6d3d91e32009123c057c109aa80ff15149526923097c0617e7e25f302
SHA512 b9f5764e8bed9e4b657ad9c05253ac814e4e51f5d4ff21255083eb3156d0be16c8b3d7e116807ac659d938a493a0c63491c61465664fe08be9c848a88f27d940

C:\Users\Admin\AppData\Local\Temp\tmp66D.tmp

MD5 14ccc9293153deacbb9a20ee8f6ff1b7
SHA1 46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3
SHA256 3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511
SHA512 916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765

C:\Users\Admin\AppData\Local\Temp\tmp69F.tmp

MD5 87210e9e528a4ddb09c6b671937c79c6
SHA1 3c75314714619f5b55e25769e0985d497f0062f2
SHA256 eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1
SHA512 f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0

memory/3300-625-0x0000000000620000-0x0000000000621000-memory.dmp