Malware Analysis Report

2024-08-06 18:17

Sample ID 240627-tc428aydpg
Target https://file.io/Ak7A94tKrLXb
Tags
xenorat rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://file.io/Ak7A94tKrLXb was found to be: Known bad.

Malicious Activity Summary

xenorat rat trojan

XenorRat

Checks computer location settings

Executes dropped EXE

Enumerates physical storage devices

Enumerates system info in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

NTFS ADS

Scheduled Task/Job: Scheduled Task

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Scheduled Task/Job
T1053
Scheduled Task
T1053.005
Persistence
TA0003
Scheduled Task/Job
T1053
Scheduled Task
T1053.005
Privilege Escalation
TA0004
Scheduled Task/Job
T1053
Scheduled Task
T1053.005
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-27 15:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-27 15:55

Reported

2024-06-27 15:58

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/Ak7A94tKrLXb

Signatures

XenorRat

trojan rat xenorat

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\file.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\file.exe N/A
N/A N/A C:\Users\Admin\Desktop\file.exe N/A
N/A N/A C:\Users\Admin\Desktop\file.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 969932.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\AppData\Roaming\XenoManager\file.exe\:SmartScreen:$DATA C:\Users\Admin\Downloads\file.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1844 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/Ak7A94tKrLXb

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef34646f8,0x7ffef3464708,0x7ffef3464718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5640 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6292 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6800 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x510 0x4ec

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\file.exe

"C:\Users\Admin\Downloads\file.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1

C:\Users\Admin\AppData\Roaming\XenoManager\file.exe

"C:\Users\Admin\AppData\Roaming\XenoManager\file.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11156 /prefetch:1

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /Create /TN "svhost" /XML "C:\Users\Admin\AppData\Local\Temp\tmp9D88.tmp" /F

C:\Users\Admin\Desktop\file.exe

"C:\Users\Admin\Desktop\file.exe"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /Create /TN "svhost" /XML "C:\Users\Admin\AppData\Local\Temp\tmp6D5B.tmp" /F

C:\Users\Admin\Desktop\file.exe

"C:\Users\Admin\Desktop\file.exe"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /Create /TN "svhost" /XML "C:\Users\Admin\AppData\Local\Temp\tmpE1EF.tmp" /F

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3464 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 file.io udp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 24.107.55.45.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 3.165.113.97:443 www.file.io tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 3.165.113.97:443 www.file.io tcp
US 8.8.8.8:53 32.66.84.52.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 97.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 hb.vntsm.com udp
GB 143.244.38.136:443 hb.vntsm.com tcp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
GB 143.244.38.136:443 hb.vntsm.com tcp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 8.8.8.8:53 hb.vntsm.io udp
US 151.101.1.194:443 hb-vntsm-com.global.ssl.fastly.net tcp
US 172.67.36.131:443 hb.vntsm.io tcp
US 8.8.8.8:53 194.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 131.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
BE 64.233.167.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 ad-delivery.net udp
US 172.67.69.19:443 ad-delivery.net tcp
BE 64.233.167.154:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.exelator.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 143.204.176.17:443 cdn.exelator.com tcp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 17.176.204.143.in-addr.arpa udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 mydmp.exelator.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
GB 52.84.90.40:443 config.aps.amazon-adsystem.com tcp
IE 34.254.143.3:443 mydmp.exelator.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 onsite-tag-logs.apps.nielsen.com udp
US 8.8.8.8:53 load77.exelator.com udp
BE 2.17.107.235:80 apps.identrust.com tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 44.218.33.195:443 onsite-tag-logs.apps.nielsen.com tcp
GB 89.187.167.8:443 load77.exelator.com tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
NL 63.215.202.178:443 proc.ad.cpe.dotomi.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 40.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 3.143.254.34.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 153.161.49.23.in-addr.arpa udp
US 8.8.8.8:53 173.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 235.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 8.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.33.218.44.in-addr.arpa udp
US 8.8.8.8:53 178.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 a.ad.gt udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 104.22.4.69:443 a.ad.gt tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 45.55.107.24:443 file.io tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 p.cpx.to udp
US 8.8.8.8:53 cadmus.script.ac udp
IE 108.128.83.239:443 p.cpx.to tcp
US 104.18.23.145:443 cadmus.script.ac tcp
DE 91.228.74.200:443 secure.quantserve.com tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 rules.quantcount.com udp
US 35.71.131.137:443 match.adsrvr.org tcp
US 8.8.8.8:53 i.clean.gg udp
DE 37.252.172.123:443 ib.adnxs.com tcp
GB 18.245.187.126:443 rules.quantcount.com tcp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.edkt.io udp
US 8.8.8.8:53 script.4dex.io udp
US 34.120.111.33:443 cdn.edkt.io tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 34.95.69.49:443 i.clean.gg udp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 tlx.3lift.com udp
NL 145.40.97.67:443 prebid.a-mo.net tcp
US 8.8.8.8:53 track.venatusmedia.com udp
US 104.18.43.178:443 elb.the-ozone-project.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
DE 18.157.205.136:443 btlr.sharethrough.com tcp
DE 18.157.205.136:443 btlr.sharethrough.com tcp
DE 18.157.205.136:443 btlr.sharethrough.com tcp
DE 18.157.205.136:443 btlr.sharethrough.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 apex.go.sonobi.com udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
FR 5.135.209.96:443 prg.smartadserver.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
US 8.8.8.8:53 239.83.128.108.in-addr.arpa udp
US 8.8.8.8:53 123.172.252.37.in-addr.arpa udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 126.187.245.18.in-addr.arpa udp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 232.154.172.18.in-addr.arpa udp
US 8.8.8.8:53 s.cpx.to udp
US 8.8.8.8:53 pixel.quantserve.com udp
IE 108.128.131.144:443 track.venatusmedia.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
IE 52.215.149.134:443 s.cpx.to tcp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 api.edkt.io udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 image2.pubmatic.com udp
IE 67.220.226.233:443 aax-eu.amazon-adsystem.com tcp
US 34.120.111.33:443 api.edkt.io tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
GB 142.250.200.2:443 cm.g.doubleclick.net tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 eff761eaf6aeffb5a04974f594a659e5.safeframe.googlesyndication.com udp
US 8.8.8.8:53 tg1.aniview.com udp
GB 172.217.169.65:443 eff761eaf6aeffb5a04974f594a659e5.safeframe.googlesyndication.com tcp
SE 23.34.233.243:443 tg1.aniview.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 33.111.120.34.in-addr.arpa udp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 178.43.18.104.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 136.205.157.18.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 96.209.135.5.in-addr.arpa udp
US 8.8.8.8:53 134.149.215.52.in-addr.arpa udp
US 8.8.8.8:53 144.131.128.108.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 8.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 233.226.220.67.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 243.233.34.23.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 player.avplayer.com udp
US 8.8.8.8:53 feed.avplayer.com udp
US 8.8.8.8:53 track4.aniview.com udp
US 172.240.45.75:443 track4.aniview.com tcp
SE 2.21.96.27:443 feed.avplayer.com tcp
US 2.20.12.70:443 player.avplayer.com tcp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 ib.3lift.com udp
US 8.8.8.8:53 cdn1.vntsm.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
GB 143.204.68.51:443 ib.3lift.com tcp
FR 143.244.56.50:443 cdn1.vntsm.com tcp
US 2.20.12.70:443 player.avplayer.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 27.96.21.2.in-addr.arpa udp
US 8.8.8.8:53 70.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 75.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 51.68.204.143.in-addr.arpa udp
US 8.8.8.8:53 50.56.244.143.in-addr.arpa udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 play.aniview.com udp
US 8.8.8.8:53 content1.avplayer.com udp
US 2.20.12.70:443 content1.avplayer.com tcp
SE 23.34.233.243:443 play.aniview.com tcp
US 8.8.8.8:53 img.3lift.com udp
BE 2.17.107.122:443 www.bing.com tcp
BE 2.17.107.122:443 www.bing.com tcp
US 34.120.111.33:443 api.edkt.io udp
GB 13.224.245.107:443 img.3lift.com tcp
US 8.8.8.8:53 go1.aniview.com udp
US 172.240.45.81:443 go1.aniview.com tcp
US 8.8.8.8:53 122.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 107.245.224.13.in-addr.arpa udp
US 8.8.8.8:53 81.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 gum.criteo.com udp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
SE 23.34.232.193:443 ads.pubmatic.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 creativecdn.com udp
SE 23.34.232.182:443 acdn.adnxs.com tcp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 stx-match.dotomi.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
NL 185.184.8.90:443 creativecdn.com tcp
NL 63.215.202.137:443 stx-match.dotomi.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 74.121.140.211:443 sync.mathtag.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 bh.contextweb.com udp
US 52.86.0.224:443 sync.srv.stackadapt.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 dnacdn.net udp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
DE 52.58.182.79:443 match.sharethrough.com tcp
US 8.8.8.8:53 sync.go.sonobi.com udp
NL 178.250.1.11:443 dnacdn.net tcp
IE 99.81.105.107:443 pr-bh.ybp.yahoo.com tcp
US 69.166.1.34:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 193.232.34.23.in-addr.arpa udp
US 8.8.8.8:53 182.232.34.23.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 137.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 211.140.121.74.in-addr.arpa udp
US 8.8.8.8:53 224.0.86.52.in-addr.arpa udp
DE 52.58.182.79:443 match.sharethrough.com tcp
US 69.166.1.34:443 sync.go.sonobi.com tcp
US 69.166.1.34:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 cms.quantserve.com udp
GB 142.250.200.2:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 104.17.44.93:443 gum.aidemsrv.com tcp
US 8.8.8.8:53 onetag-sys.com udp
DE 51.89.9.254:443 onetag-sys.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
ES 23.60.223.190:443 secure-assets.rubiconproject.com tcp
US 2.20.12.70:443 content1.avplayer.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
SE 23.34.233.229:443 eus.rubiconproject.com tcp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 107.105.81.99.in-addr.arpa udp
US 8.8.8.8:53 79.182.58.52.in-addr.arpa udp
US 8.8.8.8:53 34.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 93.44.17.104.in-addr.arpa udp
US 8.8.8.8:53 190.223.60.23.in-addr.arpa udp
US 8.8.8.8:53 254.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
NL 89.149.193.117:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 52.86.0.224:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 64.202.112.127:443 b1sync.zemanta.com tcp
IE 52.31.82.199:443 match.prod.bidr.io tcp
NL 178.250.1.9:443 dis.criteo.com tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 8.8.8.8:53 cs.admanmedia.com udp
ES 18.154.22.98:443 api-2-0.spot.im tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
IE 63.35.249.114:443 ap.lijit.com tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
IE 63.35.249.114:443 ap.lijit.com tcp
US 8.8.8.8:53 ssp.disqus.com udp
US 8.8.8.8:53 cs.krushmedia.com udp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 3.215.231.218:443 ssp.disqus.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
DE 51.89.9.254:443 onetag-sys.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 34.98.64.218:443 u.openx.net tcp
US 64.202.112.127:443 b1sync.zemanta.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 sync.adotmob.com udp
US 3.86.75.19:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 s2s.aniview.com udp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 192.132.33.68:443 bttrack.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 104.22.50.98:443 spl.zeotap.com tcp
US 172.240.45.70:443 s2s.aniview.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 sync.aniview.com udp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 8.8.8.8:53 equativ-match.dotomi.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
NL 63.215.202.172:443 equativ-match.dotomi.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 8.8.8.8:53 229.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 117.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 199.82.31.52.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 98.22.154.18.in-addr.arpa udp
US 8.8.8.8:53 114.249.35.63.in-addr.arpa udp
US 8.8.8.8:53 127.112.202.64.in-addr.arpa udp
US 8.8.8.8:53 115.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 134.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 218.231.215.3.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 88.176.137.45.in-addr.arpa udp
US 8.8.8.8:53 19.75.86.3.in-addr.arpa udp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 98.50.22.104.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 70.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 id.rlcdn.com udp
FR 5.196.111.72:443 rtb-csync.smartadserver.com tcp
US 64.202.112.127:443 b1sync.zemanta.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 34.98.64.218:443 u.openx.net udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 8.8.8.8:53 ce.lijit.com udp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
IE 52.17.236.65:443 ce.lijit.com tcp
US 64.202.112.127:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
US 8.8.8.8:53 targeting.unrulymedia.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
GB 108.138.217.110:443 hb.yellowblue.io tcp
FR 5.196.111.72:443 rtb-csync.smartadserver.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 track1.avplayer.com udp
US 96.46.186.15:443 track1.avplayer.com tcp
US 8.8.8.8:53 sync.search.spotxchange.com udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 172.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 72.111.196.5.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 65.236.17.52.in-addr.arpa udp
US 8.8.8.8:53 91.130.46.52.in-addr.arpa udp
US 8.8.8.8:53 115.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 110.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
GB 142.250.187.202:443 imasdk.googleapis.com udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 216.58.204.70:443 s0.2mdn.net tcp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 15.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 csi.gstatic.com udp
US 216.239.32.3:443 csi.gstatic.com tcp
US 216.239.32.3:443 csi.gstatic.com tcp
US 216.239.32.3:443 csi.gstatic.com tcp
US 8.8.8.8:53 bid.g.doubleclick.net udp
BE 173.194.76.156:443 bid.g.doubleclick.net tcp
US 216.239.32.3:443 csi.gstatic.com udp
US 8.8.8.8:53 gcdn.2mdn.net udp
US 8.8.8.8:53 3.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 156.76.194.173.in-addr.arpa udp
GB 142.250.179.238:443 gcdn.2mdn.net tcp
US 8.8.8.8:53 r2---sn-5hne6nzy.c.2mdn.net udp
NL 172.217.132.167:443 r2---sn-5hne6nzy.c.2mdn.net tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 216.58.201.98:443 ade.googlesyndication.com tcp
GB 216.58.201.98:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 167.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 ads.eu.criteo.com udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 widget.nl3.eu.criteo.com udp
US 8.8.8.8:53 cat.nl3.eu.criteo.com udp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.9:443 widget.nl3.eu.criteo.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 imageproxy.eu.criteo.net udp
US 8.8.8.8:53 csm.eu.criteo.net udp
US 80.77.87.162:443 cs.admanmedia.com tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
US 8.8.8.8:53 17.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 6.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 15.1.250.178.in-addr.arpa udp
GB 216.58.201.98:443 ade.googlesyndication.com udp
N/A 127.0.0.1:1232 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:1232 tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
US 216.239.32.3:443 csi.gstatic.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 r4---sn-5hnekn7l.gvt1.com udp
NL 74.125.100.9:443 r4---sn-5hnekn7l.gvt1.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.100.125.74.in-addr.arpa udp
N/A 127.0.0.1:1232 tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
N/A 127.0.0.1:1232 tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 www.file.io udp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
NL 185.89.210.20:443 ib.adnxs.com tcp
DE 3.126.206.85:443 btlr.sharethrough.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
US 8.8.8.8:53 20.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 85.206.126.3.in-addr.arpa udp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
N/A 127.0.0.1:1232 tcp
N/A 127.0.0.1:1232 tcp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
N/A 127.0.0.1:1232 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:1232 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
N/A 127.0.0.1:1232 tcp
N/A 127.0.0.1:1232 tcp
N/A 127.0.0.1:1232 tcp
N/A 127.0.0.1:1232 tcp
N/A 127.0.0.1:1232 tcp
N/A 127.0.0.1:1232 tcp
N/A 127.0.0.1:1232 tcp
N/A 127.0.0.1:1232 tcp
N/A 127.0.0.1:1232 tcp
N/A 127.0.0.1:1232 tcp
N/A 127.0.0.1:1232 tcp
N/A 127.0.0.1:1232 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:1232 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c39b3aa574c0c938c80eb263bb450311
SHA1 f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA256 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512 eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

\??\pipe\LOCAL\crashpad_1844_AUKGSCWMVPLOOYNN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dabfafd78687947a9de64dd5b776d25f
SHA1 16084c74980dbad713f9d332091985808b436dea
SHA256 c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512 dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\17492625-a4a2-4db6-82ac-59a550e25a6d.tmp

MD5 33e234b5d2b38e0db5d761ad463e96a6
SHA1 0fa31577db54744f5cf0c5974f2a8d8e0747a7b1
SHA256 866ba412ae6caf99263e2c7ba479a2e96b3f5119f62ed13d4cac683190baaf00
SHA512 d839d680767838ab11abb44ba13bd01ad94e48476bd8eb49ffef1706a8dd0979cb27a9f6504c25c1269736cce345567bea0f64ef02030b7aeaf705571c799e64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 179f143f54c0b144a54cfa9fc9125218
SHA1 e372d6d6267617af3c6c2189b37057051cc9c7b5
SHA256 bfc5d33156f8ab7f3ec9de6485f7397a0a2ce3293390607bdf01bcb6e9d0836b
SHA512 0a7fc47ff075736d2f8cf864d7dc398ebc2e8dbd6711c8d5897667467c732731b136106d86b82c227aebaa34a6fc9dffb1166450791ea827a30e4fb16ca9285e

C:\Users\Admin\Downloads\Unconfirmed 969932.crdownload

MD5 4b1b3dd6c65a39f87623e1d651cc540c
SHA1 1e45060aace6ebdcdba0bad9a53bf905d8b3e0cf
SHA256 0180f38733e9256c2af2ef322843a3cdf5adc4f02c51633451c4ff9c5b7e2b1c
SHA512 d164ae0102e8d3ac172112fceffc80dfbdd0985d82244747337ac951ac75afa5128825205eeff742b8375e6572f3c409121bc96fbca7a0102a34b420a113fad5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9061c16b-f25f-4e7a-bdf6-9e32081cc2f3.tmp

MD5 dde345bf7ac1a70beef20395b8675e7b
SHA1 8fa0686444e7d955f47526c9d81d81806588bbf6
SHA256 f127a6ddf2eb5001eb091d0c7549297d0297d8c0e8d45a39bbcc4b7659ce5f24
SHA512 593dd4f914910e7f1f3318d27611598588a3dd51c6c7fbe50adc93c071a284ed95f8ecc6388e1ec164e5d7fcdfcb3c50cae199ad71e94f3d56b35b64eefb5aab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 4322f0449af173fb3994d2bef7ecb2e4
SHA1 b6ee5c6f76b8eee448f6b4b2b56fa1ec39653934
SHA256 0502e6e2f3fc54a30dea0eb07eb19a395c7ea6fc273321a49a4cc977a59b7cc9
SHA512 d8bae6131a5a8a1fcabb2d7efebc6cdbba27955fb77484a5d87dbce7a237c0cd5e19b74b4dad28312929ad732d3b80cf3d7f15f059c88438d0bc6ff9535ceeef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 9a23e02c51224896115a872ee5f62800
SHA1 447ac79a43947ca2519a6a9e4d63333c81156c06
SHA256 f6acbc67934394aa13122f6cb281e96a0765dca464725108b63b046da126831b
SHA512 9d1e4546a4ced1959212bd1c0f0f8f8a09e6d69b85db5d9cd0172c614745c46143b269ac9a47253fadccfd5834f2db03d35398db16419607b4e749fbd8938321

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1018711ca49a7bb7e9641ed4fd637a5d
SHA1 3825292b921acd8c1e9adb4197e958bfaa6fb6e7
SHA256 5eaaf15b2f535e8174d0a7a892211781de75998d4da83ca408233653c5d0a377
SHA512 832d472a1690f138823da3f3463d18bff0c360b0dac34181605bc5ff6327186847e87bdfa474cafbb20f77d2ad10f2731cb35d67c5c814da15f9625e2c050f34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3fb98db0-58dc-42d4-8a80-a1fd4a3a1d87.tmp

MD5 60e32a4800a0380cb1dc3020be69d0b0
SHA1 93ef286d6682f5d6b10ed15161ea533cd5d66c39
SHA256 2631d66012a8fdb88577a05a1804addb34f1f516fca882ed6d45ce1992c25a29
SHA512 5d24e3cf57bb3319a8da7ebdeea1f87da2df01491c0a8fa34a13b4a4d574c156afafa17cddd9d5a8251016a5c56689115d775941d07d706a2f19781f68accb2c

memory/7088-285-0x0000000000AF0000-0x0000000000B02000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

MD5 916851e072fbabc4796d8916c5131092
SHA1 d48a602229a690c512d5fdaf4c8d77547a88e7a2
SHA256 7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d
SHA512 07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 eca1790b1b4b57099fc139ebf0574018
SHA1 e637060da1d89d99cb384bdf24f363c744d5a585
SHA256 269257e2b4179ca8c79b99be2db320152829470c6431f930138ac8484b18928f
SHA512 772c0800d6100237b59a67f134501a80cce10ada49c44721c8e72229aaa30e3d14a210690645a4e6640cc6eb25657b2826783ee83505e4bfd662f9a2b7fd5232

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5792ca.TMP

MD5 8fd60b1b0a1eb59d847d79d70a5fb604
SHA1 d6b9b73d808b5bf074b6505078a1f255a3e8e7a1
SHA256 af47bb40cd666a82f0142f270b056196027d79bad7bb15e7188cf9e8038a2e3b
SHA512 01a919ee40fcc31db323edf1ae63ed4d986c37ab39c3444b517e7b17c370b7e79930ff89978eada24618eb8538c0837ad9ec4aead0095e4b54d742c865bbb795

C:\Users\Admin\AppData\Local\Temp\tmp9D88.tmp

MD5 a0397d62ca78dab38f367f379dfdcbe0
SHA1 a46bb7d79e431417dc1e99aa848936466d312265
SHA256 0f51d63f93a16fed389f22873e347022a1e92c7728d5c4a56cf862aeb6675850
SHA512 27db3fe96fe1c1d56ed68706a6d0a1c42cb596fb6a91f367667498d7c5806cac407e8ff97e55aa7840b2da6148ff8cd4aa1bedf7b05aee62bce3084d342d97a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 292bfb370767f9d0c8025787d26d5774
SHA1 205472bf47af56dc0d46d9d4a8a2d3657bb32d6e
SHA256 c74d626fca96a91fa325291f412b14706a18fb26096e21a9d6fd489b923e684b
SHA512 27a371681086e5971e8f9e5a6ad75d4ab50a7f34ea600dd40feae28b4b99ffb27a9ba4361e812426c09eb7355849d4c7989e34fa6d8a65ae36548dca350aa0e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a068b7373225cfba425ab822b7de49fa
SHA1 686ac392cf12611d9ef99da3f53d7e26a79d41d1
SHA256 80d36197e2a0fd1957e37762d7d358d8fd150c7c98e479cad849eb080b9038a7
SHA512 c753523da66a8cd7c2b750e55314e85f1a29b5e5d670412236fdf205f5ba311cbb4aeb373805e9f41550a6865840fbe4585ac66d7accdf0a394bde448b3954eb

C:\Users\Admin\AppData\Local\Temp\tmp6D5B.tmp

MD5 6b0ffb43517be5e8987bc7ed1c0ee1f5
SHA1 f8923ea13619d5bf7c90126b8fe5278c0bac381b
SHA256 7df2b01910ba8742ec89d348b3e08f7a530392cec50d9d6219af219b8a7a18b9
SHA512 c79f55ba5705557542b01b491979c9cdb5a0ec1320008e3abfed1d60c8d73db0a63b0304379e7dd5120cc2f6547f3365f0d07a1407cc2bb0d8a15b05bf471ab9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 06c1ee2689939484f48f57cd342fb316
SHA1 c44a0a5c32567400cc53358461232c296c7bb552
SHA256 f8813d4d0d55101b98eed9beefc7b44dd901e51e6efbb36bf35235ceb10b6fbb
SHA512 9b3bab684bddbaa57e26af535dc317493de339bfc6ca5f79da85eca83e55921f334d64e5073db282fa832c4021596e73684bd2e7bf594d12916203576b2a9803

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 088d20dcce9b894b9ee1b81f81ad5ead
SHA1 ad506e9e85180e9811b8320a4990e7cacdca9d34
SHA256 c51b4954fac9b8303506bfcfa60f483c391f1db6bed80200db989b384e9d8766
SHA512 ee0c7b59552f3c1eb85086c97fe8177a9446acfd561b04d99d760b489017287d697b6efde20702ae5e6f21201fc21d4946d23a7f976470b129b0aa38599c37c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c4a1f414-645d-4e29-984b-d68c72484999.tmp

MD5 5edce32733a621399175a3b643d269bd
SHA1 b0d52d9d66d01c0811e402e0d3038d4760276467
SHA256 af1b1beeca7a397f72bb14665f7dd17c8622cc34d8804880b7bda0801a554d1b
SHA512 ca404918dd9726c92107d12aa38426ec34cf4f6cd5509fab021b0b95584cc8587652cbb82a95efb3ca549dcd1f4a425950e0fb252854443c7df2b48e279823c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5922855dc4b2210f132dc3c8b360cbcf
SHA1 7310c659d7c3f9aba16cecfb768807a683c86367
SHA256 e344917d02d4fe6c3c145a22f932e3ca0251ea0a5a3e7f278bea96fc3b1781b5
SHA512 005717718c6fc5b7c01c3c9300fa0f824e96928401402924d1d673ba07f11d967132f31291d6fbf37f2311bceea50ea610e6a3f92f54707c4dca702d5b12672e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 03bb3d8978d16b0a7bfcca506029f6d9
SHA1 de69abd16e2bd0b7126f7fc9622273e48bd5caa1
SHA256 597657744a9bb9e0c642c3cbc881a6a0960cd96894df76fccdb410fa2959fefb
SHA512 64d49f522d39368a0fc15372d1b398eff585d09a298232162ebbd2a13b7a6395beed110726d4daefb78799e83ae61e5f3d95335823b1ce92dec24b7e7f5649cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 4a759cd64bbfa02ae56a61885ccf0d10
SHA1 25ae79b88eeaaeaae85ffac9fd496d13ddfc5a06
SHA256 f9d4aed54628f2870817cbab9b0f84b8d364bfcc7118adaf1ddb8c86e70e97f1
SHA512 0659e31e14cec42be976a671ed41e7bfd5c80c0ffdb6e80c168211de7ca6b6f5deea310bad0a2995d76d51e4a3c6c5843279b681a749520c4a47aaba1725de8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c8b6787daa93f618b75498a2f78c3e04
SHA1 2b2f4346c0552d830589e5664226023d8768e0a8
SHA256 e64283151dd24e6dba29d0feeec564eb975c0a41554cd7e54b99477930f014d0
SHA512 5f600eb916c4ab4ede4402226fb4b49c6a2864b94ce89692b722af12c3dc7d377dbd6feda7c4a32fb19cbc60eaab8b3dbc5b038cbc3c52bbd4035a65ad72aa09