Malware Analysis Report

2024-10-10 07:25

Sample ID 240611-x1zdesybnq
Target https://www.bing.com/ck/a?!&&p=5e7d392c24e7c45aJmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5Ng&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+two+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1
Tags
evasion
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

Threat Level: Likely benign

The file https://www.bing.com/ck/a?!&&p=5e7d392c24e7c45aJmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5Ng&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+two+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1 was found to be: Likely benign.

Malicious Activity Summary

evasion

Resource Forking

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 19:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 19:19

Reported

2024-06-11 19:25

Platform

win10v2004-20240426-en

Max time kernel

300s

Max time network

302s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/ck/a?!&&p=5e7d392c24e7c45aJmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5Ng&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+two+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4916 wrote to memory of 932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/ck/a?!&&p=5e7d392c24e7c45aJmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5Ng&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+two+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe344246f8,0x7ffe34424708,0x7ffe34424718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7652 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x38c 0x490

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,1853640270879344952,18372017299582516176,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6316 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
BE 2.17.107.130:443 www.bing.com tcp
US 8.8.8.8:53 it-takes-two.en.softonic.com udp
US 151.101.1.91:443 it-takes-two.en.softonic.com tcp
US 151.101.1.91:443 it-takes-two.en.softonic.com tcp
US 8.8.8.8:53 130.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 bat.bing.com udp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 199.232.209.91:443 softonic.com tcp
US 199.232.209.91:443 softonic.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
US 204.79.197.237:443 bat.bing.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 3.161.82.117:443 sdk.privacy-center.org tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net udp
DE 13.224.186.120:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 91.209.232.199.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 93.82.68.104.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 117.82.161.3.in-addr.arpa udp
US 8.8.8.8:53 120.186.224.13.in-addr.arpa udp
US 8.8.8.8:53 59.82.161.3.in-addr.arpa udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 13.33.218.24:443 www.datadoghq-browser-agent.com tcp
DE 13.224.186.120:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
US 172.67.41.60:443 btloader.com tcp
GB 142.250.178.2:443 partner.googleadservices.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 172.217.169.59:443 storage.googleapis.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 api.btloader.com udp
DE 18.245.31.65:443 config.aps.amazon-adsystem.com tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 23.14.90.91:80 apps.identrust.com tcp
US 8.8.8.8:53 24.218.33.13.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 59.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 65.31.245.18.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 notix.io udp
NL 139.45.197.227:443 notix.io tcp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 227.197.45.139.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 id.crwdcntrl.net udp
IE 54.72.245.162:443 id.crwdcntrl.net tcp
US 8.8.8.8:53 162.245.72.54.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 8acd2e12feb118285372c275081353f2.safeframe.googlesyndication.com udp
US 8.8.8.8:53 api.privacy-center.org udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ad.360yield-basic.com udp
GB 172.217.169.65:443 8acd2e12feb118285372c275081353f2.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 ib.adnxs-simple.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
DE 18.245.86.11:443 api.privacy-center.org tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
IE 63.33.236.25:443 ap.lijit.com tcp
US 8.8.8.8:53 static.criteo.net udp
US 34.120.63.153:443 prebid.media.net tcp
US 8.8.8.8:53 id5-sync.com udp
DE 178.63.241.79:443 shb.richaudience.com tcp
DE 178.63.241.79:443 shb.richaudience.com tcp
DE 178.63.241.79:443 shb.richaudience.com tcp
NL 185.89.210.90:443 ib.adnxs-simple.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
IE 18.202.142.39:443 ad.360yield-basic.com tcp
US 151.101.1.91:443 sc.sftcdn.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
DE 108.138.8.164:443 aax.amazon-adsystem.com tcp
DE 141.95.98.64:443 id5-sync.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 178.250.1.3:443 static.criteo.net tcp
DE 141.95.98.64:443 id5-sync.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 11.86.245.18.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 25.236.33.63.in-addr.arpa udp
US 8.8.8.8:53 79.241.63.178.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 90.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 39.142.202.18.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 164.8.138.108.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 204.135.128.178.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 ampcid.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
GB 216.58.212.206:443 ampcid.google.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
BE 74.125.71.157:443 stats.g.doubleclick.net udp
FR 185.235.86.187:443 gem.gbc.criteo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
NL 185.235.87.65:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 187.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 65.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 172.64.149.180:443 js-sec.indexww.com tcp
DE 162.55.236.224:443 sync.richaudience.com tcp
US 23.53.112.234:443 ads.pubmatic.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 ce.lijit.com udp
IE 52.18.223.218:443 ce.lijit.com tcp
DE 162.55.236.224:443 sync.richaudience.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 218.223.18.52.in-addr.arpa udp
US 8.8.8.8:53 234.112.53.23.in-addr.arpa udp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 cacerts.rapidssl.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 224.236.55.162.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 0b4ab6a525956fe27fdecad3a3c1f78c.safeframe.googlesyndication.com udp
DE 141.95.98.64:443 id5-sync.com tcp
US 130.211.23.194:443 api.btloader.com udp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 www.facebook.com udp
IE 54.228.201.209:443 ad.360yield.com tcp
NL 185.89.210.82:443 ib.adnxs.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
DE 141.95.98.64:443 id5-sync.com tcp
IE 52.95.125.22:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 209.201.228.54.in-addr.arpa udp
US 8.8.8.8:53 82.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 22.125.95.52.in-addr.arpa udp
NL 139.45.197.227:443 notix.io tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 it-takes-two.en.softonic.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 acdn.adnxs.com udp
DE 162.55.236.224:443 sync.richaudience.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 23.200.188.27:443 contextual.media.net tcp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 player.aniview.com udp
DE 51.75.86.98:443 onetag-sys.com tcp
US 2.20.12.106:443 player.aniview.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
DE 37.252.173.215:443 secure.adnxs.com tcp
FR 5.196.111.68:443 ssbsync.smartadserver.com tcp
DE 37.252.173.215:443 secure.adnxs.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
DE 18.245.31.19:443 api-2-0.spot.im tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 52.71.51.230:443 sync.srv.stackadapt.com tcp
IE 52.212.235.85:443 match.prod.bidr.io tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 107.22.175.139:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 sync.aniview.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
DE 51.75.86.98:443 onetag-sys.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 id.rlcdn.com udp
IE 34.255.106.93:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 74.121.140.211:443 sync.mathtag.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
DE 18.197.7.178:443 rtb.mfadsrvr.com tcp
US 64.38.119.42:443 bttrack.com tcp
NL 89.149.193.85:443 ssbsync-global.smartadserver.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 104.22.51.98:443 spl.zeotap.com tcp
GB 172.217.16.226:443 cm.g.doubleclick.net tcp
DK 37.157.6.233:443 c1.adform.net tcp
FR 164.132.25.185:443 rtb-csync.smartadserver.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 27.188.200.23.in-addr.arpa udp
US 8.8.8.8:53 98.86.75.51.in-addr.arpa udp
US 8.8.8.8:53 106.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 68.111.196.5.in-addr.arpa udp
US 8.8.8.8:53 215.173.252.37.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 19.31.245.18.in-addr.arpa udp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 85.235.212.52.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 230.51.71.52.in-addr.arpa udp
US 8.8.8.8:53 93.106.255.34.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 139.175.22.107.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 116.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 178.7.197.18.in-addr.arpa udp
US 8.8.8.8:53 85.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 98.51.22.104.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 185.25.132.164.in-addr.arpa udp
GB 172.217.16.226:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 match.sharethrough.com udp
DE 18.194.142.248:443 match.sharethrough.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 52.46.151.131:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 sync.search.spotxchange.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
BE 104.68.78.171:443 secure-assets.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 23.200.189.62:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 233.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 211.140.121.74.in-addr.arpa udp
US 8.8.8.8:53 42.119.38.64.in-addr.arpa udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 248.142.194.18.in-addr.arpa udp
US 8.8.8.8:53 131.151.46.52.in-addr.arpa udp
US 8.8.8.8:53 171.78.68.104.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 62.189.200.23.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 23.200.189.125:443 store.steampowered.com tcp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 images.sftcdn.net udp
US 151.101.1.91:443 sc.sftcdn.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 sdk.privacy-center.org udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
DE 13.224.186.120:443 c.amazon-adsystem.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 211dc9ada1f01d550d3347964d0fa52f.safeframe.googlesyndication.com udp
DE 141.95.98.64:443 id5-sync.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 wct.softonic.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 104.26.2.63:443 wct.softonic.com tcp
US 8.8.8.8:53 125.189.200.23.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
BE 2.17.107.232:443 store.akamai.steamstatic.com tcp
BE 2.17.107.232:443 store.akamai.steamstatic.com tcp
BE 2.17.107.232:443 store.akamai.steamstatic.com tcp
BE 2.17.107.232:443 store.akamai.steamstatic.com tcp
BE 2.17.107.232:443 store.akamai.steamstatic.com tcp
BE 2.17.107.232:443 store.akamai.steamstatic.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
NL 185.235.87.65:443 ag.gbc.criteo.com tcp
FR 185.235.86.187:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 js.adscale.de udp
NL 185.89.210.82:443 ib.adnxs.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 18.173.205.48:443 js.adscale.de tcp
US 104.26.2.63:443 wct.softonic.com tcp
DE 141.95.98.64:443 id5-sync.com tcp
US 8.8.8.8:53 ih.adscale.de udp
DE 18.193.251.59:443 ih.adscale.de tcp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
BE 2.17.107.232:443 store.akamai.steamstatic.com tcp
BE 2.17.107.232:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
BE 2.17.107.136:443 cdn.akamai.steamstatic.com tcp
BE 2.17.107.136:443 cdn.akamai.steamstatic.com tcp
BE 2.17.107.136:443 cdn.akamai.steamstatic.com tcp
BE 2.17.107.248:443 shared.akamai.steamstatic.com tcp
BE 2.17.107.248:443 shared.akamai.steamstatic.com tcp
BE 2.17.107.248:443 shared.akamai.steamstatic.com tcp
BE 2.17.107.248:443 shared.akamai.steamstatic.com tcp
BE 2.17.107.248:443 shared.akamai.steamstatic.com tcp
BE 2.17.107.248:443 shared.akamai.steamstatic.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
NL 139.45.197.227:443 notix.io tcp
BE 2.17.107.136:443 cdn.akamai.steamstatic.com tcp
BE 2.17.107.136:443 cdn.akamai.steamstatic.com tcp
BE 2.17.107.136:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 63.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 232.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.205.173.18.in-addr.arpa udp
US 8.8.8.8:53 59.251.193.18.in-addr.arpa udp
US 8.8.8.8:53 136.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 248.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 clan.akamai.steamstatic.com udp
BE 2.17.107.232:443 store.akamai.steamstatic.com tcp
BE 2.17.107.232:443 store.akamai.steamstatic.com tcp
BE 2.17.107.210:443 clan.akamai.steamstatic.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 210.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
PL 104.81.96.166:443 api.steampowered.com tcp
US 8.8.8.8:53 cd.connatix.com udp
PL 104.81.96.166:443 api.steampowered.com tcp
US 172.64.146.152:443 cd.connatix.com tcp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 152.146.64.172.in-addr.arpa udp
N/A 127.0.0.1:27060 tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 cds.connatix.com udp
US 8.8.8.8:53 prs.sftcdn.net udp
US 8.8.8.8:53 166.96.81.104.in-addr.arpa udp
DE 162.55.236.224:443 sync.richaudience.com tcp
DE 162.55.236.224:443 sync.richaudience.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 articles-img.sftcdn.net udp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
FR 5.196.111.68:443 ssbsync.smartadserver.com tcp
DE 37.252.173.215:443 secure.adnxs.com tcp
US 8.8.8.8:53 147.61.62.23.in-addr.arpa udp
DE 18.197.7.178:443 rtb.mfadsrvr.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 capi.connatix.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 bh.contextweb.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
GB 142.250.187.196:443 www.google.com udp
FR 164.132.25.185:443 rtb-csync.smartadserver.com tcp
FR 164.132.25.185:443 rtb-csync.smartadserver.com tcp
GB 172.217.16.226:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 ins.connatix.com udp
US 8.8.8.8:53 vid.connatix.com udp
US 8.8.8.8:53 pl.connatix.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
IE 52.212.235.85:443 match.prod.bidr.io tcp
US 8.8.8.8:53 push-sdk.com udp
DE 13.32.27.23:443 s.ad.smaato.net tcp
DE 178.63.248.57:443 push-sdk.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 img.connatix.com udp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 23.27.32.13.in-addr.arpa udp
US 8.8.8.8:53 57.248.63.178.in-addr.arpa udp
US 52.71.51.230:443 sync.srv.stackadapt.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 uidsync.net udp
GB 216.58.204.70:443 s0.2mdn.net tcp
DE 157.90.33.121:443 uidsync.net tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 121.33.90.157.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 35.244.174.68:443 id.rlcdn.com udp
DE 157.90.33.121:443 uidsync.net tcp
US 64.38.119.42:443 bttrack.com tcp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
US 8.8.8.8:53 csi.gstatic.com udp
IN 142.250.193.227:443 csi.gstatic.com tcp
IN 142.250.193.227:443 csi.gstatic.com tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
IN 142.250.193.227:443 csi.gstatic.com tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
IN 142.250.193.227:443 csi.gstatic.com tcp
IN 142.250.193.227:443 csi.gstatic.com tcp
US 8.8.8.8:53 227.193.250.142.in-addr.arpa udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp
NL 185.89.210.82:443 ib.adnxs.com tcp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 34.120.63.153:443 prebid.media.net udp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
IE 34.246.138.179:443 ad.360yield.com tcp
US 8.8.8.8:53 179.138.246.34.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
GB 172.217.169.59:443 storage.googleapis.com udp
US 8.8.8.8:53 8proof.com udp
US 52.116.53.150:443 8proof.com tcp
US 8.8.8.8:53 150.53.116.52.in-addr.arpa udp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
BE 2.17.107.248:443 shared.akamai.steamstatic.com tcp
BE 2.17.107.248:443 shared.akamai.steamstatic.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b167567021ccb1a9fdf073fa9112ef0
SHA1 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA256 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

\??\pipe\LOCAL\crashpad_4916_QQZTEBYHDONIAYKW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 537815e7cc5c694912ac0308147852e4
SHA1 2ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256 b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA512 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a21dcbca8451824790ec7a1331882419
SHA1 5c6e65002688481c3b3e7a412a17fdc28bd1b428
SHA256 cddd5e7bdd1799994eda10c840aee866ca45cb0cc38a8f60049def4a123f9c59
SHA512 13c6e668b9940bb4a299f2503255801e9cc281fcfe138cad0bcadf1c290993f9f868f83bfffdb5ab8e4de9dff944d099d6a05127a6f8219a38d9c020c640d672

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8b2ea51b285aa7002f56360435de9fe3
SHA1 c5f046c36ce797c509b58c4c0f3bc6de990a444b
SHA256 f79ba8d6a4457cb6220505290b16f839695091fa7dcbc5bf176e58683b90e0a6
SHA512 d51272d3681d28c8eb91c695221caf7b62bd6d44177e9b5bd47297c564dd612f0ba7a3a4ed0376195f6503fa711a3d9c57ab4e0bd4af0237a9a52fe0ef4d86b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5d47662f2a72c9d6888fec33536ff437
SHA1 1de493bae725eaeeb13e3bd9cc0840b4b3378455
SHA256 801f834555ae49ef8338f712d157ac262a3df7400580c2fed581a67852a70e27
SHA512 a2d291b8dd3df1dfa62244a2e853834a63703ec370221ff33bc77cd7664e358f0d4deb7910cd54d7c7c7e1bf82d9f62d11bf36139f6307f2ed1c223e672649f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 155ee90eb16602b2ea09ff7da1b188e1
SHA1 e78de285b19e3d0153f833e7a31c7c57be0f032d
SHA256 0f9f56613c367c0f50dfc998949e5fc3d48e5edfaef8424b21ef460c1608e68d
SHA512 ff1938dce01815f774cd48a7b2c63e3e374ed3dfc8d2abd95800db244080dfccb2a79bd8b7516ad913bf48439f0baf58e7af438a17cbd5728fe9a68ab1fe0efb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 08c9c2594f535607602cd427ca3ec69c
SHA1 a2c046ef14e5c6a9bebec218d9b0616b19a0a467
SHA256 85343093a7a7595b20270c1f40a7335b0508f43f8d0e8d39cde714851a6925c2
SHA512 e5ffc92923a3d3b1cfd828f3125d418bda2cdc888a54cd91b1a9f4936f3fdff3892acadad6b29c767fa841445d7519fe18868051dcd26f55c468be868e24e5f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 953baba0b8b312b0d8d6f9a8045a58ab
SHA1 343583661a2b9a6b24c7482251fe59a99ceb70b6
SHA256 bbb47040f2f04af8fee71f80f16a2a1656ee507271f5566f295bbaa65aceb497
SHA512 f95c08f939326980419f380c6bab435f78edc4f330efca8bfd08973711659be6ab4264d0ac93f96416f3975f3e2f8ecf01e8fa69612960fb7bf757a11486c43e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57deb7.TMP

MD5 50706b6b26e2705aa0e133e292f49c13
SHA1 04a173bb137bdaa2f965c08e5fdc75df5feeffcc
SHA256 3dcc3c48b0bb959818e0276fbc0c788077046d884b950122ebef6ac55ce6fc96
SHA512 98eb3e9d52dc6ecd6810c7e4c1b1e6002c89e485322d664fd2f461da3e0180cca41150c3e44ad364e69cfa36e90a01120a61f4c04e958253a14914b8f93e0f2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d1b3cf2ae835c5e088a624598cc1a472
SHA1 cde08de7b53229b911339883845a87534ca5f1df
SHA256 701c7eaf3db1a3005e6d3c73768459b4948383d60b9472a04a75c1b07cfed3f5
SHA512 84baae2ec61f76cc04554b345ae77bd2750bdc68415f51b3a3d49854e564abe2d40930cad2c55e615909861159f77f904b0c752d54c429a3283cc878b762a72a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 96b8310eb5f44d241b664bab4536d536
SHA1 a7091f6f9c8df8adc3f0ba00e44f07032728a5f9
SHA256 7f9f26ffc587fae9c2e84d7669d1b1bd44099cdfaf6fc500c143fba396cd1a30
SHA512 8b01ef95b5a66ce1897a417036ccfc33da6ef636dbab0d1dbc63b6a95b74a289488eeceb7e1ab04cc3d7b1c7f53144ffbe06c0ef767ab0644c493a5ae6005da9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 ce1093c800c0933d7c9674eda75790d8
SHA1 371c2dcde092f51b18852e2617bc6c0c176f5873
SHA256 57781a723db9a2483067bcbc89d1f30f7e2f22ae2d18aab1e45ad894d8cdab89
SHA512 fdbb31c607cc9a4bd75c42cbc552fb40d82e53804d156244ed2daa124c75e1680b908589f7a3ad8888b9b03ebfd1f4b3e83e19f84e3a746cf210d0b8a1678533

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 e9d809a1d7fd30047317fbd43fae61e9
SHA1 f787ab2f19856948bd9ea7aae25f45b2a8d08d8e
SHA256 0ba8c1a3ea7999dc49680abfe030219c514214972d20197ccf7def509471b72d
SHA512 e91109af437dfb88f8f97df5795a25e4efaf1a2fcf9ffff8410f19a815bcf80f62e21fe9d5de7e5b6df5e983eef8393c806e5df48353547a02b81c0780fefc50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c6380920644e04e7216e1c66a145f0f5
SHA1 7d6688ca0a49282993f3c57b2d05ee03eb091e15
SHA256 37e56765729f6865b75cfc741ba72dd0987904d732fa7d28365dbb937a9b17c5
SHA512 7f9d001bae6101bc2aced3b8663515440f023bab716bd9669a6d0224166da23c52624ef6f663f2af45cf9f43841dcd9adba9313f83fd11246e43ca439403019f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3a3f88978a2c90838b397d5de371eff4
SHA1 3664972ea3d044ad009d78b70b2439d721dc0dcc
SHA256 da4fdd16fd3b08c6e4d588f522d1de2a5c152d5c09f81aa1de58926d1cb37aab
SHA512 f78e8d78cc2f8d1a29647ed351e985d69b633f7245239bdd3a1f73455ec1cda748c0d587e211a1ff300f5b666c3e581a8918e3ea93f43df694751cd1ab7b6598

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d8859ada7aa4c4cea9b1a11207345a0d
SHA1 17d9f420d1f32d0338a2fb0b2d01c30790f47959
SHA256 89d596c305dc3125095b22030655199e7b1be5efa14e02e047897f7186e4490e
SHA512 b38648d8907839bfccdc3a20e2ef0c9838fcb0e23b614668477109163108f134da589cd85c7a82d4a71b6cb29983812636db2ef1e8d4a46cbbe30d117b91429e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 fa2a59b856008fd8ff43376e23cf71f2
SHA1 4b0129abf7fc6e616ec391de578fe8f93fe6ebbc
SHA256 41190fbf4dad54590828ee55b35030c9f935af04f8eec3be4d7d6a9cb97e8413
SHA512 dac3407ae617bb6a9d591b631a1a0568fdb22d4dbc04a94e925004e3e8d79cb7b047127fadedefde9b929ac9b699dcc0294e2718da1185cbb19be73877cbcf1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 3b296b6f9308570d77d5854a13af6ce5
SHA1 075f2a4cc2cd276bc8ef9455e0e6c13f0b49e387
SHA256 16541b2fb61bd2745fc9f32449fc5da8c04b3b1608078ccf2622e12669b61f67
SHA512 de2c7825c94c4a01f79890d226b4dfca0e6fe52b2dc0017a264924422943dc9c9f236e19f700fd7110a895d5e991e21edc205c51ad9bf9089e08d876969728da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 67e30bbc30fa4e58ef6c33781b4e835c
SHA1 18125beb2b3f1a747f39ed999ff0edd5a52980ee
SHA256 1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba
SHA512 271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 2155f385101771026a23f3dc2808c97e
SHA1 550ba8b46e714011059de97b0f672f0349dcf8de
SHA256 4641db11da9224b6da70ab3719915060084de315ad9037ca51c566d7d161dcd1
SHA512 653fa69902507e82f884910143a60305e2b3c6e4d7ef411273c4ca2a67cb144ef9a367963bdefb1f45e21af4193393bfcc16ea599289b6f45c923884b3fe39f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 7c8a4f5974f7d674797986fb3f01ebae
SHA1 0f8ec880a27199d5aa378de285b31eabc210fc8e
SHA256 e187a9def96fee64c33a99a6a1ac422240819c47d6ef431a3461d76f47867cde
SHA512 1dc90f4ca9e43b858d6a234635bd015b78315ea940d3edb2a904b46807d5d97b59ce662dec3d6e0509b3af529de74c6014d394133fcbb3707357586266c7f9d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 cf14e0fe8edff1b16d2c37677b891122
SHA1 7ee8038a41af877a3d0af90188a43e6d6d9c1cb0
SHA256 7ca880c4c6f4f06a73f2486d0f1e00f1208d6c0a278565b4a09f0ba6058717b4
SHA512 54eb81e9f2dfe83330bebeee4afbc0eeaea54c7c293191f1ec3c31b3c610bd2fbaa6fc3cb5027e1a6be78cb7bae89d391817d04c6df71d1adfcae9c86d3dd6e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 7651b1187bb58ac4c7be625337b35e5b
SHA1 307d969ef4137a66fe2793737dc1c546587c7f43
SHA256 0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968
SHA512 a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 400f788439d9c05ecfe5d1a1019701aa
SHA1 4aec161af1e984d72ec6f27d58b5bf068a352e88
SHA256 e95d56c376b2c2364329ce942dfff912f89f2e2564ceb0f8c165139f17c4ca80
SHA512 6657f818371c15011961609cdcc15c32c73dfc4cd1c299fc788599550b7e9b1bd7ff5c5e98f980040e9809070f668281da303e26bb9bb0ef9a270ee4a271a407

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 df2e1c48828159a8911f2afb36ceb5db
SHA1 19880497a1047327448de9be1772f69a206a7622
SHA256 4859e7f20daed6d194f558e387b8cdbfe0375c8172bc9085c3c8829cb645f190
SHA512 9f252aabb0648ce88099b1b3c2cd862cb7a9c87fad667244c1772e10ae93a0934dda83adf58d46fb88a7c333e9c9eb6e381cadf940d44d3903ea7c59494c689d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 e38f173dc1c8f42e5d8048aebdd16edf
SHA1 3983f49ad858a624fa64e4e90d47506c357208c9
SHA256 1a8d1ed6d98b3084fb129f9d530aa0aaa21c9240fc12dbfac921eadd25b60a79
SHA512 f4ad2a6041a729692d937e9d58453cab56b432ea60934f3598eab601318cdc315620cc8265db6692cd9e9fe7e5eb50ca5ba392f82b90373f6ec8e17a633b67dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 86900ee831d4b8287328fa2beaa975bb
SHA1 15d2e4b51bcc5b3073210bb890e412c31403d91b
SHA256 e999591661124ee5bad502061f8966525bb8ba104b5d37b010ea376f496fb90b
SHA512 684825c132c05c64778ada12c80f5d6cf2a00900774eb06989053e6aef954567399057a17e669336bfb87fbd7a96ad8561141dc11d5014b6acbbd740228de45a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 e7b4b6575dbeb89de07675b1aeae824f
SHA1 092488dec618c0f712e959691d9e7bedae897e0e
SHA256 8e7e1465bd76c07b62706e8e5c8beccf940a488abf00923c95f0d939b8a06552
SHA512 9a20ad3ec8df4768cf5d03cd3eb32cd3d3295f303d05040de2b4c76aa3f945b00d0dd5d8f40854f55e315e809222d1fe61d7734a6df154a594a2c0ee1b01f8e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 bbe3a9e17ca2f4552310b596d5be1068
SHA1 84bb7ae77f788ed87f508890666970c475f0e36b
SHA256 d6079987d76a9c0ca0899c0186795b86b3bd4659fd4d927eeee99c29162248d6
SHA512 a0514a47ba7f3be517af8a136e6bba68f3cf0eff735c324ee281322464cc856bfa52fbe16a9577eb2b9c9061490cdc2b775ce1f2020d0136bd88ea79b5eb267d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 2ea3efbd365a32a703b8741a2c2c2cb4
SHA1 40149f4af1af0978e86737d22552668424090a27
SHA256 f9401654947b2e2f20ff2134b2f25378e876d67ab9438328bb459a6a8fa8e40d
SHA512 3a9c20bddfcf7df3a11770e70c7874324e13a494f1e6c067fd503c02bc9bb0943a1d53007d6a8e9f63094f46c09254462169beab1e0762e4996c9714d619eb4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 0b63c1132870a72d36e8bf87fad354f2
SHA1 8f92fc171e4f86dae784d9324c3d35b93f75ec84
SHA256 8d037e317f6ff628f06d04139f5bebd8d5c0607f7a756c38c15813a2af1d2ead
SHA512 3498331109c061b3565be5c1e0c89d0f2593c16bc3a1ccf6efa4a5e0835e48d7a4fe2712ed1249ccfe99b3a23e861a5f3478425b5346ebb482813ac03a946954

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 b60a19de20b83f4498340a5c32a6e74f
SHA1 f1db6c7fef21ac433a356afd9105d1a3fa668592
SHA256 61cac4ef86c0aca5d5fa5af54c934ce0311f1271d96739d28d533d53d7340fc8
SHA512 b8d3225a397d1fa00817d328e0e68cb1ac517099e19f070de2e8e5950b0c4babe6bbf1b93c7cddec82b96625d077bc8803da92d7af62330e4c56c774a3fe3f02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d45b57fb1620209e_0

MD5 fca45b5c373f6df874fab862aa847c38
SHA1 caf1515aad58d93fa384ff5ecae735968ea52f5d
SHA256 9afd5aa7634b557f80b3b9f7d19a09d8cbf7277c732e7a315db64f0ce8bf0838
SHA512 dbe06a612401f2b22a3d4915c70c8d1f516a60cb205d18d5fa79931f92bfe28b4e23a36a7f9231e02afc55879acc4d07916b87e7929fb22b21098b1170000958

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cc5b98bd48413acebcd47ed8b1d637fd
SHA1 1b47a34b05697827ddf612c257c9fd6ef83eacf4
SHA256 e8b39d98ba0e37507f9765bd6ae8eb41a4358db89d5c19b8eb9fd29305765b8c
SHA512 0f862e76182dc1f084228734a65c23a2dda8ee6f75d5df11c137666abaf971f7b49f61321f294b60838635f4c701deb193854340e44973c7cf3d94a5476812ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 694399fb3e1a1a43a4769e5506145a82
SHA1 40d389cb731983e4508d669292f87deb5239b4fe
SHA256 216fc674b0e54c0e724e1ec5b9f218ca04baf874310dc7bd4a9264a784b1535a
SHA512 bfb648505926c19bfe5431b0c46b82cf687822c83b42d5bf2fd114acb3f127c50ea3b612accfeaf4971724da30cad3ff5fd79ac9266993736e17bdebfab64bd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8eb96e2ef821aa5050038ada886a0e86
SHA1 062d5d6fda7e72e423b004ad5bde889a560fe400
SHA256 f4a0d826a3916beb072a7bc45ac58833af070f705f2a3a5d69d2a6eafd1d95f9
SHA512 321862032ec023edbdd8cb3baec4713d23cb283b2de4afaacc49200bf65b9f9c0fb6f46a24d176f0728e0a7658b76080ff688f6f002df1caa03a23d4012e75f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2c7c55664c40a246af42e83dc6ad6749
SHA1 171476d9b19f44fe4391a5435e448787a54e22ef
SHA256 e3f2027082c839927ca97237f6900f0986b34c3a5eb0ebbf13a5474fdfc6931d
SHA512 21d300ab42feaafdc27f0ec6eba4eb9852be7255a611db52c354efe8a309f78d4253d53594a7ed53684b8722108110e2b8ac0b6a07e6ba76aab42bc30601836c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\132d9526479726f3_0

MD5 9b8f25700e0f761ce141749edce4e1c6
SHA1 8a1e57ca14f988e7f92d0d77e8882045334251af
SHA256 38ddbfda61e6baeb54fab653f325c91507a2bde0d18afce87f33fddefb871bf2
SHA512 ac4fe3bc7ee3786957a67828e90d0811d1c053727337d7f8c041d0b1f5656971d2d2f23f0272861e0ab289d5d6a59bad544ed82ced9749654bb99be5cf3d79b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9580a80c6f0c2b69ad8f137acb9bebe3
SHA1 9724f1f5cca768af4cabeded815e88193d8ce0f4
SHA256 dd312150ed86878d8183ab201f9da973eee91161eb5355ded0d3b4aeb1d32e17
SHA512 5fc69cb6f79aa22104f1686674bd797abeec2e9991508714e67fa957a02377edb63c4acdca842d5238c02490d64f2d91d85e4b321fd179f0d4f975c711102792

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 30c4649a01853ee7d9dd32fad5bf70a4
SHA1 5cb0b7e511a273a40a13812c2730a6c6ba41254b
SHA256 fdda6bfd869618d4d0bfa9ee612b0aec6b8ae20b6951ca1f20f3c2fc9ca3a61c
SHA512 df7919c577da1b7ae70c9b57b6050611dcbe472296240363927ec196062afc4bdd0b461552246566312a32b053b89428de7ff15c2f6291e77a84a0613f6d5693

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 19:19

Reported

2024-06-11 19:25

Platform

macos-20240611-en

Max time kernel

259s

Max time network

295s

Command Line

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.bing.com/ck/a?!&&p=5e7d392c24e7c45aJmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5Ng&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+two+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref N/A N/A
N/A /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool N/A N/A
N/A /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool N/A N/A
N/A /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool N/A N/A
N/A /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.bing.com/ck/a?!&&p=5e7d392c24e7c45aJmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5Ng&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+two+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.bing.com/ck/a?!&&p=5e7d392c24e7c45aJmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5Ng&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+two+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1"]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.bing.com/ck/a?!&&p=5e7d392c24e7c45aJmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5Ng&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+two+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.bing.com/ck/a?!&&p=5e7d392c24e7c45aJmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5Ng&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+two+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterBCBF2C69/OneDrive.app]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool

[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool

[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck

[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref

[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool

[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nfcd]

/usr/libexec/nfcd

[/usr/libexec/nfcd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.studentd]

/usr/libexec/studentd

[/usr/libexec/studentd]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Photos.1876]

/System/Applications/Photos.app/Contents/MacOS/Photos

[/System/Applications/Photos.app/Contents/MacOS/Photos]

/usr/libexec/xpcproxy

[xpcproxy com.apple.colorsync.useragent]

/System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent

[/System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.2028]

/Applications/Safari.app/Contents/MacOS/Safari

[/Applications/Safari.app/Contents/MacOS/Safari]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.History]

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History

[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.BADD390A-8FC0-4D6F-9582-CABB7AFB0D18 567]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.970BEB5A-4C34-4B58-806E-40349F7CF269 567]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Terminal.2100]

/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal

[/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal]

/usr/bin/login

[login -pf run]

/bin/zsh

[-zsh]

/usr/libexec/path_helper

[/usr/libexec/path_helper -s]

/usr/bin/locale

[locale LC_CTYPE]

Network

Country Destination Domain Proto
US 8.8.8.8:53 h3.apis.apple.map.fastly.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.65.93:443 tcp
US 8.8.8.8:53 api.apple-cloudkit.fe2.apple-dns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 e6858.dscx.akamaiedge.net udp
BE 23.55.96.225:443 e6858.dscx.akamaiedge.net tcp
US 8.8.8.8:53 api-glb-aeuw3b.smoot.apple.com udp
US 8.8.8.8:53 cds.apple.com udp
GB 184.85.51.234:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
US 23.220.113.166:443 help.apple.com tcp
US 23.220.113.166:443 help.apple.com tcp

Files

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.colorsync.profiles.502

MD5 bca846b10984926473caedb5bd5bced8
SHA1 7e1bac099573d0ea4812338b48a9efdf9b40ff57
SHA256 5d0e7e6b46720ad9dd83593b410a7e920ae66f2a44b114045fbc9a00f8543c3d
SHA512 51b4ccd0042f78375c9835c2571053023883f6d42d50f54d5a9b2b9d968824320d48c705d38c50d177ffaab58d8047a24d65af8fa00cd89525d15510c8dcb17b

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Photos//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Photos//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/dev/ttys000

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e