Malware Analysis Report

2025-01-18 23:28

Sample ID 240627-w5zpbatgqd
Target https://vk.com////away.php?to=https://tracker.club-os.com////campaign/click?msgId=ds0i838c6bd137e6a03157c6c728cbc659e734fc398%26test=false%26target=circuitovtr.com.br/dayo/u4wzs/captcha/[email protected]
Tags
phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://vk.com////away.php?to=https://tracker.club-os.com////campaign/click?msgId=ds0i838c6bd137e6a03157c6c728cbc659e734fc398%26test=false%26target=circuitovtr.com.br/dayo/u4wzs/captcha/[email protected] was found to be: Likely malicious.

Malicious Activity Summary

phishing

A potential corporate email address has been identified in the URL: httpstracker.clubos.comcampaignclickmsgIdds0i838c6bd137e6a03157c6c728cbc659e734fc398testfalsetargetcircuitovtr.com.brdayou4wzscaptchatest@sk.com

Legitimate hosting services abused for malware hosting/C2

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-27 18:30

Signatures

A potential corporate email address has been identified in the URL: httpstracker.clubos.comcampaignclickmsgIdds0i838c6bd137e6a03157c6c728cbc659e734fc398testfalsetargetcircuitovtr.com.brdayou4wzscaptchatest@sk.com

phishing

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-27 18:30

Reported

2024-06-27 18:33

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://vk.com////away.php?to=https://tracker.club-os.com////campaign/click?msgId=ds0i838c6bd137e6a03157c6c728cbc659e734fc398%26test=false%26target=circuitovtr.com.br/dayo/u4wzs/captcha/[email protected]

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{649B1646-DCD4-45C3-BB64-55D48030A344} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2208 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 3164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 3164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2208 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://vk.com////away.php?to=https://tracker.club-os.com////campaign/click?msgId=ds0i838c6bd137e6a03157c6c728cbc659e734fc398%26test=false%26target=circuitovtr.com.br/dayo/u4wzs/captcha/[email protected]

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f40f46f8,0x7ff8f40f4708,0x7ff8f40f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,12328829580940975062,16938651809019410658,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 vk.com udp
RU 87.240.137.164:443 vk.com tcp
US 8.8.8.8:53 away.vk.com udp
US 8.8.8.8:53 ad.mail.ru udp
RU 95.163.41.56:443 ad.mail.ru tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 164.137.240.87.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 tracker.club-os.com udp
US 35.170.14.114:443 tracker.club-os.com tcp
US 35.170.14.114:443 tracker.club-os.com tcp
US 8.8.8.8:53 privacy-cs.mail.ru udp
RU 95.163.52.89:443 privacy-cs.mail.ru tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 stun4.l.google.com udp
US 8.8.8.8:53 stun3.l.google.com udp
US 8.8.8.8:53 circuitovtr.com.br udp
US 8.8.8.8:53 114.14.170.35.in-addr.arpa udp
US 8.8.8.8:53 89.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 56.41.163.95.in-addr.arpa udp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
BR 177.53.140.240:80 circuitovtr.com.br tcp
BR 177.53.140.240:80 circuitovtr.com.br tcp
US 74.125.250.129:19302 stun3.l.google.com udp
US 74.125.250.129:19302 stun3.l.google.com udp
US 74.125.250.129:19302 stun3.l.google.com udp
US 8.8.8.8:53 k1g.ticemi.com udp
US 172.67.167.161:443 k1g.ticemi.com tcp
US 172.67.167.161:443 k1g.ticemi.com tcp
US 8.8.8.8:53 129.250.125.74.in-addr.arpa udp
US 8.8.8.8:53 240.140.53.177.in-addr.arpa udp
US 8.8.8.8:53 161.167.67.172.in-addr.arpa udp
US 8.8.8.8:53 poky.25bvnw8.ru udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 172.67.197.249:443 poky.25bvnw8.ru tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 249.197.67.172.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 www.alibaba.com udp
BE 104.68.85.25:443 www.alibaba.com tcp
BE 104.68.85.25:443 www.alibaba.com tcp
US 8.8.8.8:53 s.alicdn.com udp
US 8.8.8.8:53 g.alicdn.com udp
US 8.8.8.8:53 25.85.68.104.in-addr.arpa udp
US 163.181.154.215:443 g.alicdn.com tcp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 insights.alibaba.com udp
BE 104.68.85.25:443 insights.alibaba.com tcp
BE 104.68.85.25:443 insights.alibaba.com tcp
US 8.8.8.8:53 sale.alibaba.com udp
BE 104.68.85.25:443 sale.alibaba.com tcp
BE 104.68.85.7:443 assets.alicdn.com tcp
BE 104.68.85.25:443 sale.alibaba.com tcp
US 8.8.8.8:53 aeis.alicdn.com udp
US 8.8.8.8:53 i.alicdn.com udp
US 8.8.8.8:53 open-s.alibaba.com udp
US 8.8.8.8:53 marketing.alibaba.com udp
US 8.8.8.8:53 onetalk.alibaba.com udp
US 8.8.8.8:53 passport.alibaba.com udp
US 8.8.8.8:53 tradeassurance.alibaba.com udp
US 8.8.8.8:53 ug.alibaba.com udp
US 8.8.8.8:53 215.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 7.85.68.104.in-addr.arpa udp
US 8.8.8.8:53 gj.mmstat.com udp
US 8.8.8.8:53 buyercentral.alibaba.com udp
US 8.8.8.8:53 bdc.alibabachengdun.com udp
US 47.246.136.160:443 gj.mmstat.com tcp
US 47.246.136.160:443 gj.mmstat.com tcp
US 47.246.136.160:443 gj.mmstat.com tcp
CN 123.183.232.65:443 bdc.alibabachengdun.com tcp
US 23.219.235.76:443 onetalk.alibaba.com tcp
BE 104.68.85.7:443 i.alicdn.com tcp
CN 123.183.232.65:443 bdc.alibabachengdun.com tcp
US 47.246.131.241:443 ug.alibaba.com tcp
US 8.8.8.8:53 fourier.taobao.com udp
GB 79.133.176.222:443 buyercentral.alibaba.com tcp
US 8.8.8.8:53 activity.alibaba.com udp
US 47.246.131.139:443 tradeassurance.alibaba.com tcp
US 47.246.131.139:443 tradeassurance.alibaba.com tcp
US 47.246.131.139:443 tradeassurance.alibaba.com tcp
US 47.246.131.139:443 tradeassurance.alibaba.com tcp
US 47.246.131.139:443 tradeassurance.alibaba.com tcp
US 8.8.8.8:53 rule.alibaba.com udp
US 8.8.8.8:53 app.alibaba.com udp
US 8.8.8.8:53 buyer.alibaba.com udp
US 8.8.8.8:53 inspection.alibaba.com udp
US 47.246.131.241:443 inspection.alibaba.com udp
CN 124.239.14.250:443 fourier.taobao.com tcp
CN 124.239.14.250:443 fourier.taobao.com tcp
US 8.8.8.8:53 160.136.246.47.in-addr.arpa udp
US 8.8.8.8:53 76.235.219.23.in-addr.arpa udp
US 8.8.8.8:53 222.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 241.131.246.47.in-addr.arpa udp
US 8.8.8.8:53 139.131.246.47.in-addr.arpa udp
CN 124.239.14.250:443 fourier.taobao.com tcp
US 8.8.8.8:53 ipp.aidcgroup.net udp
US 8.8.8.8:53 itunes.apple.com udp
US 8.8.8.8:53 logistics.alibaba.com udp
US 8.8.8.8:53 my-health.alibaba.com udp
US 8.8.8.8:53 partner.alibaba.com udp
DE 47.246.146.191:443 us.ynuf.aliapp.org tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 reads.alibaba.com udp
US 8.8.8.8:53 seller.alibaba.com udp
US 8.8.8.8:53 service.alibaba.com udp
US 8.8.8.8:53 supplier.alibaba.com udp
US 8.8.8.8:53 191.146.246.47.in-addr.arpa udp
GB 79.133.176.222:443 buyercentral.alibaba.com udp
US 8.8.8.8:53 activities.alibaba.com udp
US 8.8.8.8:53 ai.alimebot.alibaba.com udp
US 8.8.8.8:53 img.alicdn.com udp
US 8.8.8.8:53 www.lazada.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.tiktok.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 apps.apple.com udp
US 8.8.8.8:53 baba-blog.com udp
US 8.8.8.8:53 biz.alibaba.com udp
GB 79.133.176.234:443 img.alicdn.com tcp
GB 79.133.176.234:443 img.alicdn.com tcp
US 8.8.8.8:53 g-sellercenter.taobao.com udp
US 8.8.8.8:53 global.alipay.com udp
US 8.8.8.8:53 i.alibaba.com udp
US 8.8.8.8:53 rfq.alibaba.com udp
US 8.8.8.8:53 rulechannel.alibaba.com udp
US 8.8.8.8:53 survey.alibaba.com udp
US 8.8.8.8:53 talent.alibaba.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 world.taobao.com udp
US 8.8.8.8:53 www.1688.com udp
US 8.8.8.8:53 www.alibabagroup.com udp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 234.176.133.79.in-addr.arpa udp
CN 123.183.232.1:443 bdc.alibabachengdun.com tcp
CN 123.183.232.1:443 bdc.alibabachengdun.com tcp
US 8.8.8.8:53 air.alibaba.com udp
CN 124.239.14.250:443 fourier.taobao.com tcp
US 8.8.8.8:53 px-intl.ucweb.com udp
US 157.185.188.1:443 px-intl.ucweb.com tcp
US 157.185.188.1:443 px-intl.ucweb.com tcp
US 8.8.8.8:53 baize.alibaba.com udp
US 8.8.8.8:53 offer.alibaba.com udp
CN 124.239.14.250:443 fourier.taobao.com tcp
GB 79.133.176.211:443 offer.alibaba.com tcp
US 8.8.8.8:53 tags.creativecdn.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 connect.facebook.net udp
RU 93.158.134.119:443 mc.yandex.ru tcp
GB 89.187.167.7:443 tags.creativecdn.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 1.188.185.157.in-addr.arpa udp
US 8.8.8.8:53 211.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 asia.creativecdn.com udp
SG 103.132.192.30:443 asia.creativecdn.com tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
FR 185.235.86.153:443 ag.gbc.criteo.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
NL 185.235.87.71:443 gem.gbc.criteo.com tcp
US 47.246.131.135:443 baize.alibaba.com tcp
SG 103.132.192.30:443 asia.creativecdn.com tcp
US 47.246.131.135:443 baize.alibaba.com tcp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 sslwidget.criteo.com udp
NL 178.250.1.9:443 sslwidget.criteo.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 sync-t1.taboola.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 r.casalemedia.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 matching.ivitrack.com udp
NL 185.89.210.244:443 ib.adnxs.com tcp
US 172.64.151.101:443 r.casalemedia.com tcp
NL 141.226.228.48:443 sync-t1.taboola.com tcp
US 34.117.157.22:443 matching.ivitrack.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
DE 141.95.33.120:443 id5-sync.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
IE 34.246.179.114:443 ad.360yield.com tcp
IE 52.212.126.131:443 dpm.demdex.net tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 exchange.mediavine.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 sync.outbrain.com udp
US 8.8.8.8:53 simage2.pubmatic.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
SE 23.34.232.19:443 contextual.media.net tcp
IE 54.171.23.218:443 jadserve.postrelease.com tcp
DE 52.59.3.190:443 exchange.mediavine.com tcp
US 50.31.142.255:443 sync.outbrain.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
DE 18.196.251.50:443 match.sharethrough.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 criteo-sync.teads.tv udp
US 8.8.8.8:53 criteo-partners.tremorhub.com udp
US 8.8.8.8:53 eb2.3lift.com udp
SE 23.34.233.33:443 criteo-sync.teads.tv tcp
US 3.227.203.124:443 criteo-partners.tremorhub.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 8.8.8.8:53 ad.yieldlab.net udp
US 8.8.8.8:53 sync-criteo.ads.yieldmo.com udp
US 8.8.8.8:53 e1.emxdgt.com udp
US 8.8.8.8:53 c1.adform.net udp
SE 23.34.233.189:443 ad.yieldlab.net tcp
DE 3.76.127.247:443 e1.emxdgt.com tcp
IE 3.248.0.14:443 sync-criteo.ads.yieldmo.com tcp
DK 37.157.2.228:443 c1.adform.net tcp
GB 142.250.200.34:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 7.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 119.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 153.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 135.131.246.47.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 30.192.132.103.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 22.157.117.34.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 244.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 48.228.226.141.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 120.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 114.179.246.34.in-addr.arpa udp
US 8.8.8.8:53 131.126.212.52.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 218.23.171.54.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 190.3.59.52.in-addr.arpa udp
US 8.8.8.8:53 19.232.34.23.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 50.251.196.18.in-addr.arpa udp
US 8.8.8.8:53 255.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 33.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 14.0.248.3.in-addr.arpa udp
US 8.8.8.8:53 124.203.227.3.in-addr.arpa udp
US 8.8.8.8:53 247.127.76.3.in-addr.arpa udp
US 8.8.8.8:53 189.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 228.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 71.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 cashier.alibaba.com udp
US 8.8.8.8:53 lang.alicdn.com udp
US 163.181.154.215:443 img.alicdn.com tcp
US 163.181.154.215:443 img.alicdn.com tcp
GB 79.133.176.219:443 cashier.alibaba.com tcp
BE 104.68.85.25:443 lang.alicdn.com tcp
CN 124.239.14.250:443 fourier.taobao.com tcp
CN 124.239.14.250:443 fourier.taobao.com tcp
US 8.8.8.8:53 219.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 yandex.com udp
RU 5.255.255.5:443 yandex.com tcp
US 8.8.8.8:53 core.yads.tech udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 sync.sharethis.com udp
US 8.8.8.8:53 gw-iad-bid.ymmobi.com udp
RU 213.180.204.90:443 an.yandex.ru tcp
RU 213.180.204.90:443 an.yandex.ru tcp
US 35.153.23.177:443 core.yads.tech tcp
US 47.253.61.56:443 gw-iad-bid.ymmobi.com tcp
IE 34.241.72.243:443 sync.sharethis.com tcp
US 8.8.8.8:53 5.255.255.5.in-addr.arpa udp
US 8.8.8.8:53 243.72.241.34.in-addr.arpa udp
US 8.8.8.8:53 90.204.180.213.in-addr.arpa udp
US 8.8.8.8:53 56.61.253.47.in-addr.arpa udp
US 8.8.8.8:53 177.23.153.35.in-addr.arpa udp
US 8.8.8.8:53 yandex.ru udp
RU 77.88.55.88:443 yandex.ru tcp
RU 77.88.55.88:443 yandex.ru tcp
RU 77.88.55.88:443 yandex.ru tcp
RU 77.88.55.88:443 yandex.ru tcp
US 8.8.8.8:53 88.55.88.77.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 gm.mmstat.com udp
CN 59.82.33.226:443 gm.mmstat.com tcp
CN 59.82.33.226:443 gm.mmstat.com tcp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_2208_NZMDODDEOKKKPTCN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 686875a641906abbb972d29b8a6ed86f
SHA1 44235afa4a5bd1eb53d663e3266b623d54b72850
SHA256 973c7a7f5d59d5a95a087d9781ac0bebc83f68e87ab2ddae02022fe0fc4737fa
SHA512 bcb381c5e82b26761f7bf3841aeaf4d6a347007a53ba12b2072882418587e4b6be25501a2b86b9c4caefcb39b13359042896cdbc8c8bca1068785551081cac51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9e1234394d59a2ea6c9ae7c0f1f542c7
SHA1 2c93788252ecc5ec3833a5f3d41a930f3c673ad6
SHA256 b8c3cfa1a59eab235d67853bc10b009950ea069344ac11598ea37f0e86461f8f
SHA512 2cc269e0036002ae578acfe92d0482e7ee6114fb1f8e1d7e98e84306b15661da63176e430b7706f6a73bcb0bed398a28b98825402bb476a03349bef0f2cf610b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 48ac448faa15b5ff8f47ce7782b92631
SHA1 cf3f0eea0bd2dccaff696650eddd632ffaaf0da9
SHA256 07fdad6234ca102675cb5e8d1342541fc79b37687f02e8e90aac2dc9b873139b
SHA512 63bbaf20083cc9f7fe39377ea67336a1b24451aa6a1b96c1dd0f0a410053a21b20a0659d514f7d32b414c32371127c0be2c7ba9740279a7ad972bf47697caa6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 07b5c161ae65675760b0c0e0b83d902a
SHA1 3021dce49f3fdd0843193d60d1ddae6403934e1f
SHA256 f8c269527ab7287347c56b0871a3bc333f74ce8d810eede980dbb6e7a845c15d
SHA512 6918744f3bb8c7b9d880772310a47ada8ef63ae30e51eff9c016e76d824548cfe7f12f63e2ef4e76c6c1822eb26e0b5ab99f86157b411c19f9dc5a056589e60a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579ccc.TMP

MD5 ca5b931d68591f0189463f2a7318db3c
SHA1 39ad8185f7cd4d582bd26a01d75558e3f90e654a
SHA256 2569a331f6dfc8502c673ad762e6c773bbb8ce9659fb1f263e86c47b22d8df2f
SHA512 441ebc3d8400a4537f29d0b33b3099cd027d4dec8cfe8ca2505ecbe0ab232f14341195c4295b4a7120303593c845f50f4705fa53bf06d6b085ed580af23aa96d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b101bd3e793b2e0a36f4c309af04f77a
SHA1 136b6d02e96ac7a0b1ae5615a0f5492895b3ec48
SHA256 e759c84a5483f521324934650a7d6dfca59e366bcf10cf98a04812d8c30acc41
SHA512 ccaeb183c45c40a87e8ed649d256688657782ee1874bcb057cb75a81602510ecddb745eb18c4c64db32ea91adfe416a952876be8db83c53c27db706210047d4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

MD5 008d0ae10f41631bb124d78799baf5bb
SHA1 cd5956db2574b3e718d8e87f3e4af79e2a3b5e0b
SHA256 a0aee1664677fce87357ff299c236f12803be313c1838a312d779ccf1ce0e590
SHA512 e4c1c5a8d88b6e0caa60b3c6ce02c05b0b2653c478a788d9d6c330d34439a5f91acecd67dc6baa4f40cf8f4cf21a684a13162562df8e2406cd06ac3145c6216e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\be35666cd73d55aaaf8ad83d8bbbe8d1cf6fb2c0\index.txt

MD5 53afe4328fe10e440966d31a6cb6c702
SHA1 5276e255a2f10e6a945a655b78cfb99e4458d790
SHA256 c7f1a36b26d87de2e8119b0f581b2e89487cd1ca529fdd4f09078247efb8efc2
SHA512 e647cd2eaee3e6172b01d6a295a43169083d3d97a79bb6473078db909959b62be2fe335d803ef71d12bc26d4a67cba826428303d87fc81ee0ee3ad54b089e7d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b43d9d11d99abbe1388b529c03458e9e
SHA1 fa3bf8258c1eb18dc679a678ea493f966dbb23b3
SHA256 2f2bbdc5c7c66f5e8bfb0ba529bf324644c020653bc016a7ca308ffa3ae7cf13
SHA512 98e2426f8b9878bb98b7b8fec0403b6d1cf745713cfa4f3b7ff72e2251ded36896329b1e11449296a4a2ea977a66540359950cd0d291dac3d838957e2b7f5329

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bde75131a1dee9719f6c73a5125c510d
SHA1 3b3dbbbdc40274562629544f580efcb1fcd3c66e
SHA256 2a208249492db042e056d52f8fca314dafabbe2ac216249bfa9e97f13280d81f
SHA512 993564c159a5f247ec98203d893dddd581e5c96a0d7435c100089e17223528520d7726193e132a6c5ecbfb741e96fb16f2e610d86bf9e815be9ec9183f207abd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\be35666cd73d55aaaf8ad83d8bbbe8d1cf6fb2c0\650f2d7e-0b49-4198-8610-4e36dae21190\index-dir\the-real-index

MD5 bc91469983de1bcd876da986521faed2
SHA1 4ef6c2ae52723ae3cd81387a948fdc4c3be10169
SHA256 39dcfd89f79e57230c535cdd86905f8b073b9de56427a3d6fb06ea8725005aa8
SHA512 cc64b67d1aa168e5d1e402995ba625b481d4a1aef7815d12c84a5bab3d717a48fd3f44a1594e332b76986af0ed2efbdf5402a9b9ff99c1d3f847cb8cb5ed0f90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\be35666cd73d55aaaf8ad83d8bbbe8d1cf6fb2c0\650f2d7e-0b49-4198-8610-4e36dae21190\index-dir\the-real-index~RFe5812c8.TMP

MD5 a5c098bac2adb8e107617d5a59e63705
SHA1 886635fc4787e6ea4bc6b6ca28b3da3c688ce525
SHA256 655048691497a4c059fc749360f87d9405e4aead4242702fbda847c6e91816d9
SHA512 cd63544e4233cf421d63f222d9b54b4ed2fad5c95fa646494bc23dd2a5567123209e5bcd9d2d2f974023c63fe72ac7949209d7e491e762f0696d4651dabe6071

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\be35666cd73d55aaaf8ad83d8bbbe8d1cf6fb2c0\index.txt

MD5 f5c9287f85c597bf84a1216394c6c09e
SHA1 4a28dce4c0ea05d6b6cb7f7fd6db68b3f9aabd46
SHA256 c7f42692dc81383cee37633b684e8cb6d3c9bffe128934185ab58bd526193c9e
SHA512 c1d45e34044097a041f4a15b47ffe799c2ca80c67c883f92697374a34d343f320a9403e5ebf9ecddfecdee2a40386410eab0dc3927f726a709846781b1153d74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 377667737f4457a649803fa3f94424de
SHA1 3748ee8749a984807bbe7f1c3f4a98d473cf9a4a
SHA256 b5a56d4ced945f34eec75163a84da76b079019ecd5874ef635897139a617e4ac
SHA512 dcb8aaee4eb16ccf606190706eca0066c112e7e8d3bcd9b50284ae3fbae7115b9183cfe51f08647c81c927b68dfae8971b0325bfd1e4002c74e062601cf71a00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581393.TMP

MD5 637d10494a0898d36152eea7f71a33e3
SHA1 844e32e8fcda9b3c0c84f26d598577bb0015b440
SHA256 7a7934435cafeb15974ef951cf57cd8b62440def5e01c0403850c0d3eaf79a09
SHA512 b7d38609f10d198620eb147e105ef1233b95b8e31d915b6f749f176a817a5d71ec43b57f7a52d1042a14c20d2feffe0434769751147796da460e4ef780729aa7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e3ece7ac1d748bd8cf130a6dd1fa386ea15cfca\index.txt

MD5 627b3f7e5ae2dd24a12b71add2476e0b
SHA1 fd4c277d5015f6d0cbc567c4c047707e2c5be79f
SHA256 62406d52ee8e8b4fb66e68c0e7a58f1eeb4fa412cbf430efe9ea8edf32da111b
SHA512 492e23e34143e43f18276b311b6d2c53e71b34aa531df7e4f905ba46122077e0f935394677ae6f7ab31f3ccc4dea83581f4339371aff382494f94a66ec209697

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e3ece7ac1d748bd8cf130a6dd1fa386ea15cfca\index.txt

MD5 1b877c8c03aca3b5fafd09076c3be9d5
SHA1 94743f5f1c670e4b6e35016e728498d4ec98fb84
SHA256 699e8ca1765f1876c4e1480a05cb703896603ec8319672f1bbb62bd5fc360a8a
SHA512 ac498e35ff9b585f1b85f43f4069b6c87bdaf2ae25175382d4d4a19a04bc4ec67d454d5839efced66fd42143e96dbe8edb680072bed0829f5d1bae231d59ffc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6637df16e88080d48ef9b0218166380d
SHA1 788376ac4ff5f3b99b373fc5ec2bac8333be8c03
SHA256 a3b33141ea4aa5863e417039d77f9ea50208a9b0029dd1ac34c5b65e2d443978
SHA512 d376a5249d3ccc5c09618c39df2628b89c37fac4658ebeebe593d67698abf5389c6ccedeccfd326fc5aafa8cda301edb0af22ce95e51031f4593e40736437121

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8180d20f747ee871b2915adfc410a620
SHA1 8dd2734b58d9178d1844a988d310801c571d6cfc
SHA256 f3da45c83d2c201cbb06a69147079b99e0c323ebe1e517ef5866052827a625b7
SHA512 4bbe6a4272e91c4278f39512c590bd2b753f493e5c30197be4194c9400647dd3ed2df6ed618e349930cc4327066b83e819602e6cf73d48eac74bf92b470aae7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0a6fa025a06c5ff3c65ce35d670b36a6
SHA1 c2288bb498f0323eda3df1a70aa5abcd67af3252
SHA256 edbc3edd510036e406877a4ebb7397a9e0676a8c619d5a3142abb0e75f70a4f1
SHA512 2f04e0c12c100d5aee6cb6a3b13d1e21afa809e44a445cda2486c348913d35c85660ef10152a51d82b49583ee2be41e10256e72679aeec461c3c792a0a7c7d33