Malware Analysis Report

2024-11-13 14:19

Sample ID 240704-3a5qeavfpk
Target https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFdhTGszdFByQTdOd1kwcXRuWTk3UjctOEFLUXxBQ3Jtc0ttUGdIcG0zQlFPSjBZR3g1QUtfdzc4WHNHQmpJM3JKLVRjcnRCcVNUcWdrZnVrUXMzcjRna1ZFaG04aEdLNFZ4eEtDN2RnMlRDdzFnQ1hoNzg0dU9ldnJsb2Jka1I0V3BQLURiUTRRZlpZa0pTZldsWQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fpcu35b6nrb60w%2FqeUaxJCA3FO&v=LWkyxNcQVdc
Tags
lumma spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFdhTGszdFByQTdOd1kwcXRuWTk3UjctOEFLUXxBQ3Jtc0ttUGdIcG0zQlFPSjBZR3g1QUtfdzc4WHNHQmpJM3JKLVRjcnRCcVNUcWdrZnVrUXMzcjRna1ZFaG04aEdLNFZ4eEtDN2RnMlRDdzFnQ1hoNzg0dU9ldnJsb2Jka1I0V3BQLURiUTRRZlpZa0pTZldsWQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fpcu35b6nrb60w%2FqeUaxJCA3FO&v=LWkyxNcQVdc was found to be: Known bad.

Malicious Activity Summary

lumma spyware stealer

Lumma Stealer

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-04 23:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 23:19

Reported

2024-07-04 23:23

Platform

win10v2004-20240704-en

Max time kernel

121s

Max time network

123s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFdhTGszdFByQTdOd1kwcXRuWTk3UjctOEFLUXxBQ3Jtc0ttUGdIcG0zQlFPSjBZR3g1QUtfdzc4WHNHQmpJM3JKLVRjcnRCcVNUcWdrZnVrUXMzcjRna1ZFaG04aEdLNFZ4eEtDN2RnMlRDdzFnQ1hoNzg0dU9ldnJsb2Jka1I0V3BQLURiUTRRZlpZa0pTZldsWQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fpcu35b6nrb60w%2FqeUaxJCA3FO&v=LWkyxNcQVdc

Signatures

Lumma Stealer

stealer lumma

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
N/A N/A C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
N/A N/A C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
N/A N/A C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
N/A N/A C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
N/A N/A C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
N/A N/A C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
N/A N/A C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3840 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFdhTGszdFByQTdOd1kwcXRuWTk3UjctOEFLUXxBQ3Jtc0ttUGdIcG0zQlFPSjBZR3g1QUtfdzc4WHNHQmpJM3JKLVRjcnRCcVNUcWdrZnVrUXMzcjRna1ZFaG04aEdLNFZ4eEtDN2RnMlRDdzFnQ1hoNzg0dU9ldnJsb2Jka1I0V3BQLURiUTRRZlpZa0pTZldsWQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fpcu35b6nrb60w%2FqeUaxJCA3FO&v=LWkyxNcQVdc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb11b246f8,0x7ffb11b24708,0x7ffb11b24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7268 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\qeUaxJCA3FO\" -ad -an -ai#7zMap16043:84:7zEvent32079

C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe

"C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe"

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe

"C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe"

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe

"C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe"

C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe

"C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17184367541367800220,9000454065892784312,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8364 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
GB 142.250.187.206:443 www.youtube.com udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 216.58.213.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 cdn.amplitude.com udp
FR 13.249.9.41:443 cdn.amplitude.com tcp
US 8.8.8.8:53 connect.facebook.net udp
IT 157.240.203.2:443 connect.facebook.net tcp
US 8.8.8.8:53 translate.google.com udp
GB 172.217.169.46:443 translate.google.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 41.9.249.13.in-addr.arpa udp
US 8.8.8.8:53 17.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 2.203.240.157.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 api.amplitude.com udp
US 44.240.76.145:443 api.amplitude.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
GB 142.250.200.42:443 translate.googleapis.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 145.76.240.44.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 74.125.71.156:443 stats.g.doubleclick.net tcp
GB 172.217.16.227:443 www.google.co.uk tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 156.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
GB 74.125.71.156:443 stats.g.doubleclick.net udp
N/A 224.0.0.251:5353 udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.227:443 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.200.42:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 www.ezojs.com udp
US 104.21.63.106:443 www.ezojs.com tcp
GB 172.217.169.46:443 translate.google.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 api.btloader.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 g.ezoic.net udp
US 104.16.53.110:443 cdn.otnolatrnup.com tcp
FR 15.188.219.54:443 g.ezoic.net tcp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 106.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 110.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 54.219.188.15.in-addr.arpa udp
US 8.8.8.8:53 go.ezodn.com udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.mediafiredls.com udp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 104.26.3.173:443 www.mediafiredls.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 34.120.63.153:443 prebid.media.net tcp
DE 18.197.202.95:443 btlr.sharethrough.com tcp
DE 18.197.202.95:443 btlr.sharethrough.com tcp
DE 18.197.202.95:443 btlr.sharethrough.com tcp
DE 18.197.202.95:443 btlr.sharethrough.com tcp
DE 18.197.202.95:443 btlr.sharethrough.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
FR 18.155.129.56:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
IE 34.251.46.222:443 bcp.crwdcntrl.net tcp
IE 34.251.46.222:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 173.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.202.197.18.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 56.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 222.46.251.34.in-addr.arpa udp
FR 15.188.219.54:443 g.ezoic.net tcp
US 8.8.8.8:53 b52936dd9f6ca4b3ada13af8c7133ddc.safeframe.googlesyndication.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
GB 142.250.180.1:443 b52936dd9f6ca4b3ada13af8c7133ddc.safeframe.googlesyndication.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
FR 99.86.95.82:443 cdn.prod.uidapi.com tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 oajs.openx.net udp
GB 2.18.190.81:80 apps.identrust.com tcp
US 34.120.135.53:443 oajs.openx.net tcp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 216.58.201.97:443 cdn.ampproject.org tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 eb2.3lift.com udp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 2.18.108.192:443 ads.pubmatic.com tcp
GB 95.100.244.20:443 contextual.media.net tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 82.95.86.99.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 192.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 20.244.100.95.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 34.120.135.53:443 oajs.openx.net udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 id5-sync.com udp
DE 141.95.33.120:443 id5-sync.com tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 120.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
NL 178.250.1.11:443 dnacdn.net tcp
NL 185.235.87.165:443 ag.gbc.criteo.com tcp
FR 185.235.86.225:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 165.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 225.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 download2281.mediafire.com udp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 8.8.8.8:53 sys.ctrackapp.com udp
FR 52.222.201.8:443 sys.ctrackapp.com tcp
FR 52.222.201.8:443 sys.ctrackapp.com tcp
US 8.8.8.8:53 22.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 track.donecperficiam.com udp
FR 52.222.149.118:443 track.donecperficiam.com tcp
FR 52.222.149.118:443 track.donecperficiam.com tcp
US 8.8.8.8:53 go.etoro.com udp
GB 23.214.118.147:443 go.etoro.com tcp
GB 23.214.118.147:443 go.etoro.com tcp
US 8.8.8.8:53 marketing.etorostatic.com udp
GB 104.103.247.210:443 marketing.etorostatic.com tcp
GB 104.103.247.210:443 marketing.etorostatic.com tcp
GB 104.103.247.210:443 marketing.etorostatic.com tcp
GB 104.103.247.210:443 marketing.etorostatic.com tcp
US 8.8.8.8:53 etoro-cdn.etorostatic.com udp
US 8.8.8.8:53 8.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 118.149.222.52.in-addr.arpa udp
US 8.8.8.8:53 147.118.214.23.in-addr.arpa udp
US 8.8.8.8:53 210.247.103.104.in-addr.arpa udp
GB 142.250.200.42:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 c0.adalyser.com udp
US 8.8.8.8:53 amplify.outbrain.com udp
US 8.8.8.8:53 dc.services.visualstudio.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 cdn.taboola.com udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 204.79.197.237:443 bat.bing.com tcp
IE 52.30.56.162:443 c0.adalyser.com tcp
US 151.101.193.44:443 cdn.taboola.com tcp
GB 199.232.56.157:443 static.ads-twitter.com tcp
FR 18.245.175.102:443 static.hotjar.com tcp
NL 20.50.88.233:443 dc.services.visualstudio.com tcp
GB 2.18.109.60:443 amplify.outbrain.com tcp
US 8.8.8.8:53 52.177.19.104.in-addr.arpa udp
US 8.8.8.8:53 157.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 233.88.50.20.in-addr.arpa udp
US 8.8.8.8:53 162.56.30.52.in-addr.arpa udp
US 8.8.8.8:53 44.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 60.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 102.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
GB 216.58.213.10:443 translate-pa.googleapis.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
DE 18.197.202.95:443 btlr.sharethrough.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 c9a8e5bee569437ed37b067cd16d5417.safeframe.googlesyndication.com udp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 104.16.52.110:80 otnolatrnup.com tcp
US 104.16.52.110:80 otnolatrnup.com tcp
US 8.8.8.8:53 110.52.16.104.in-addr.arpa udp
US 8.8.8.8:53 woreppercomming.com udp
FR 18.155.129.32:443 woreppercomming.com tcp
US 8.8.8.8:53 www.chancial.com udp
US 172.67.141.135:443 www.chancial.com tcp
US 8.8.8.8:53 www.opera.com udp
DE 52.59.173.9:443 www.opera.com tcp
US 8.8.8.8:53 135.141.67.172.in-addr.arpa udp
US 8.8.8.8:53 32.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 172.217.169.46:443 www.googleoptimize.com tcp
US 8.8.8.8:53 9.173.59.52.in-addr.arpa udp
US 8.8.8.8:53 61.143.214.23.in-addr.arpa udp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 www-static.operacdn.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
DE 52.59.173.9:443 www.opera.com tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 citizencenturygoodwk.shop udp
US 104.21.76.55:443 citizencenturygoodwk.shop tcp
US 8.8.8.8:53 55.76.21.104.in-addr.arpa udp
US 104.21.76.55:443 citizencenturygoodwk.shop tcp
US 104.21.76.55:443 citizencenturygoodwk.shop tcp
US 104.21.76.55:443 citizencenturygoodwk.shop tcp
US 104.21.76.55:443 citizencenturygoodwk.shop tcp
US 104.21.76.55:443 citizencenturygoodwk.shop tcp
US 104.21.76.55:443 citizencenturygoodwk.shop tcp
US 104.21.76.55:443 citizencenturygoodwk.shop tcp
US 104.21.76.55:443 citizencenturygoodwk.shop tcp
US 104.21.76.55:443 citizencenturygoodwk.shop tcp
US 104.21.76.55:443 citizencenturygoodwk.shop tcp
US 104.21.76.55:443 citizencenturygoodwk.shop tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f060e9a30a0dde4f5e3e80ae94cc7e8e
SHA1 3c0cc8c3a62c00d7210bb2c8f3748aec89009d17
SHA256 c0e69c9f7453ef905de11f65d69b66cf8a5a2d8e42b7f296fa8dfde5c25abc79
SHA512 af97b8775922a2689d391d75defff3afe92842b8ab0bba5ddaa66351f633da83f160522aa39f6c243cb5e8ea543000f06939318bc52cb535103afc6c33e16bc6

\??\pipe\LOCAL\crashpad_3840_EQTYXSDAHCOTXOTO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a27d8876d0de41d0d8ddfdc4f6fd4b15
SHA1 11f126f8b8bb7b63217f3525c20080f9e969eff3
SHA256 d32983bba248ff7a82cc936342414b06686608013d84ec5c75614e06a9685cfe
SHA512 8298c2435729f5f34bba5b82f31777c07f830076dd7087f07aab4337e679251dc2cfe276aa89a0131755fe946f05e6061ef9080e0fbe120e6c88cf9f3265689c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e209ae22e2db9f4b7300c6e8468d307a
SHA1 6fd912a90ee949ce88ad871c12667912bb236926
SHA256 3273ec59ec167f10bbe241bdb1da71f089418df214f122ab07ae8d5bd046ae93
SHA512 b3cf3a87456c0e6b8087bd2449067cf89f7d04fe3f23653e4537af5ec9a386860010a11a5cd2f299370cd6d84cfa50c869b1e861b5b355948c7edd0a74882b30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 35a06243a05b84d24aa24774b8637f9b
SHA1 3e027121ad78ad56a24d7b9b2ee3880bacb8338a
SHA256 dd9d24f5dd91b0c92ce01833d9373ee6cd672279c96eb9736defa55e1ca6ce4b
SHA512 77b58d98a3f6d042cffb99c416d302fa27153dfb798d44ec20f9e1d590d81f6af8b3ae23c3877421279358c6222d97421f396eb6bd756a29225750059e4305ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4a39eee674251c3878942b3267c78e32
SHA1 a5929a0bdcfd72b0a0ff1ca0c8e83698faf5e257
SHA256 cf1880ad75b9e8865daec754ac5cd3f066828cbf87f0a79ec0834fc4852cec24
SHA512 854e1ccbbd548a7507f4927b6b29360ad8bb6ffd2f3eda52bc2e54b48322b5832f47e28a86741f233c4d7bfd7b666b743cd376ee56a788d3db3f30fc85c92fd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 6b04ab52540bdc8a646d6e42255a6c4b
SHA1 4cdfc59b5b62dafa3b20d23a165716b5218aa646
SHA256 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d
SHA512 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 c03ff64e7985603de96e7f84ec7dd438
SHA1 dfc067c6cb07b81281561fdfe995aca09c18d0e9
SHA256 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526
SHA512 bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bd04e5c56a3d008999699c7e6a489df0
SHA1 6b50415e43418987a5028c025b214d4ec1293ba8
SHA256 fb6059393de12e04dec51c0af66badbb999cee253d205c33208e2f56d8a7bf90
SHA512 b6377b3cfed9db690bf3b521f36c333656aec0e5d1343e65648f656d39301bbace050ba25ca8e98222371fcfff58b53b9150234c3055b51d8f97940de4ed8b09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0d43db16ffd507d1e86da7478b3b546d
SHA1 afcbbd8e0b7f7a14fd20b42185155d42fae64efa
SHA256 bcb3eca92dfb0827d301571f636a11cc7d072653f11904e1d984531b35756a8f
SHA512 ddedd56cfd8830290318dbd530ff6a935dad5b364a5238a45920fbb3e58226376e59b8ba75d2b23f242b290f1366dc7b05de4c120ae66fc3b64c6813f03a0b44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f368.TMP

MD5 fd3eda67fc7a1e07c1d7c972f25f02f0
SHA1 9ae87061e2f1cf029adeabbe4b38629d172da910
SHA256 b60f4fab117a54978ee5d45182e8fc5576606f767d0f0f73c46f9b59cb5a1a00
SHA512 e9fc5f8af2800a3e57a50a1982c1056708bc98376b615e507f5ea468b7cad4acac0efda436383055049e9824bc6a4a0454a9713b022c1fd0fa97d31a6ca4051c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 663f1bbabbd9c1b41291421d89c3afbc
SHA1 5803cfd3c4fc0368d2c8d93d83184cb56e9c0277
SHA256 2e386fa469cbaaa96b19416b7406d3bd73bb07a29094bb40266b20a6d5af8cbc
SHA512 132b387f8df106bded733e05d44507826bae01805ed898a1248d19398e1534e8055af582964d5e7715697f842cc34344dbc8bd208c023896342138da52944449

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 38e505a9f0ad1fe16fc3037b5686d2eb
SHA1 8a81862b3028c67845e73907cfffb93f2506a2cb
SHA256 a95ffc74d583185e95800dccf65111131653384d225e764a03a24f787baef105
SHA512 11dd910dae3d4e46b8af96b68aa804dfdb4a1e1175219b64f069f99b79d8ab009e22fbf679eb6197ba5c79d8733c54fd821dce3cce4b98364e1f9501aa3c48d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 5949a3da6de26d5d430ea3ed50200cd1
SHA1 4fd58b8e744d78b7d02953c703dd8ea8fe94a640
SHA256 b3e58783bc5da4c0d1f348c79d5d162dfa2632e448a687d0813ee198b40ad43c
SHA512 4fde77e6471a5592d58c58adab61add77a09feacca048f2b46b66037b658e6e21e89d4235024b47f6e737ed8be7917ef7fa1b5cf23169ba612eb9b220775bf7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 007655445477ca41dc64b996870e8092
SHA1 46e1cd478232d4c87bc1beb2eaef19c232690f39
SHA256 59d87f1d20661d767b69f2092c7837c8ecf06f55a2ea34a588216bf5f4966078
SHA512 2cbdc1c58c02edfa95dea55f8f512fe09407d3d7d7f2ccc7baada5b34cb9f68f2468a73ed4620d9109e04c498fd64c4023699444e4ccbc3c5b3d3443a99ecb38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 660c3b546f2a131de50b69b91f26c636
SHA1 70f80e7f10e1dd9180efe191ce92d28296ec9035
SHA256 fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9
SHA512 6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 42e99033124f94cd942d24e760a6b885
SHA1 9dc8076ec901d16904a7301a04a0e417c56d2b11
SHA256 974dc59f17476c2f5c1e172f8aa3f7ba8873785a651a7ac6e640d63e465714c1
SHA512 a67b65eb67c87980756837707f80e0c1699c86a8625686caa95438a2067292b06b39beed5af161061ec1844425af24bb168916bc7859d12ef7f3fde1661be785

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 da2d260116a68efcef921d4928c25f2c
SHA1 af9f4a51e888052652ebeb5ab1a8907b936ca175
SHA256 962ff5c288838e03222b1c8b94475fd2b9d97f013a83fd7ac2899d42d6f815e6
SHA512 d36b71a6ab0a35d329f744572124eae53aa401efa7298d0fe64abfa91e5bdcedb3b306377b9c8d4a040bca9dc1249a10e626b97e5ec5ab5cab1cb05e2cdf1979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 4833e31eab7953941b47560f75cb301a
SHA1 e6a5c7375606e2b7e777203a778e9730c177c7c3
SHA256 14b6e98af5e25c465a253bc9571700135bb587d3d2256e8ef53a07145138aea0
SHA512 5df199a8c323173bd4001ca0876d29377b9badf5996956bae51a7319f56e68dffbe38eca6257abb008080c3d8ec1d4fd46eb8b5e0ca7abb599ed3a68fc852608

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 36e4cf2aa1a0a43fb25af7a85d5fad10
SHA1 ab8e31406f9c358f47168d70ba3b0aad4202cbaf
SHA256 9252e4ab03a8a827c0c769a9c6f4bd47a85cfce267c3c2073d94fab170703422
SHA512 736d140aeb52ad0c78cbc0c615bff37dd90afddf572f2594480f7688e8ea812dbdfed753d6065c7b6a13651020c42d23bce96904c2d78eb6f8d2a2538e98b3c1

C:\Users\Admin\Downloads\bf1365ea-f852-41ce-9ad3-8e454719cbbb.tmp

MD5 afdf62af6d1bf814a73f7a38ed77089f
SHA1 0163d21e55c5378a2dff651b8a10cc2af24c5d55
SHA256 e69eee0b6f72252892be32e8e30e069ca712d773d2cb556f4c237faa2d941575
SHA512 5afaf60b70b6af1f30ad2113425ec1bd9ecb4c2a4b40af8bbea3767bcf8642ed7003ce77147f56dd49fc5b18c2624476ec1c51c72b119c8df9e23cd0e8216274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6e837bb55ebfee4eaf81d1cad3939bb1
SHA1 d53de9f070f8c5d86ee942097e789bdc9f9da416
SHA256 7b08fa5607d125e3159589509efbc8e5bbf7cd8449adcb9eb1f8c54f9850c2d5
SHA512 c9234c10faa16ba68c851a42812a46f130e90d0c1cd09ce9092c454adeea654dd62408010664667210191258c5a5577518992e25aee8898c5dcf00c61227c759

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a6b5699e2e02970b75eaa2efdace3670
SHA1 39603246fb7c5d7bf72f9859e9519ff7a710ad63
SHA256 82e68a580143e2fb898785bca0eba4035150ec267a4f80434aae02bbb7d7794d
SHA512 5943186fcbba6bf580694b2007f48ae6288703f2fdbf4e34a0a16676a1370af07a4756ebf303d8e83268bba3aa2cc3d9ea9d566263f585cf82bcf0e4146386ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3d8a760641f9a0fa8ba652d76979379d
SHA1 02c177d018b8079ff0423fcbb97492fe6c2dd211
SHA256 2b3270d58e305695826e4630cef3cd70274dc1afaf16e81224c7a92a180458db
SHA512 cdd74c2aba2cd2b2ddd1af8baadc2da9a1e0948cb63e021590e7731bec0c109c31f214d7e5c96ddc43656dd1b89b4ad249b86ccae4dadbea8ec9a5fba7c0049c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6dc1bcd0f6866d5677fa84da2a0efe20
SHA1 2761e8eb2fe2d9fe10bbbb4ecc411108fa037aae
SHA256 383746040ad3bcb59e50b3268d51144d964250d7d684b334830f2eab264122a5
SHA512 73d53aa0236308ad160c252391238a38143c11a92622a3e1b24a2065befa956df2511f0552a054513dfd3ef5ff01f67906706dbbd4bb50d802681f5aaff9f4e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bfed6a7e710f278e916adc2894f59405
SHA1 66d36e14f5ee715e63ee1c85677a159ac19d3cdd
SHA256 4b2afd80a0624775ef5072810821bb7563322412738225290de1764de87311b5
SHA512 871d25199a5a06275da24d2bb92209586eb7f1f3e2877acc66204f840988487400644c58c54465ae5cf6cce4a9e637679aa1b0bea72ee28ac321c1c2f7956949

C:\Users\Admin\Downloads\qeUaxJCA3FO\qeUaxJCA3FO.exe

MD5 b82c80a3ce9b5c44391d3f11307f8b8e
SHA1 7480059bc051383eaaf0d83b7f39d7c4989e4dea
SHA256 ce9b5ec3693188ed91e363e55286cd212f44912b042bd83a924af2f43daaa55f
SHA512 c04bb5a116dfbe2599ce91e084888d5c051e831812ed75e7d0fd40373f0f0ade7701246a433cf5552b5b8b370155b95547f8165d7d38c76325124c7afbf431e2

memory/3524-803-0x0000000000660000-0x00000000006B6000-memory.dmp

memory/3524-805-0x0000000000660000-0x00000000006B6000-memory.dmp

memory/4108-804-0x00007FF6C3C50000-0x00007FF6C4365000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 6f7a27c50ffd001bd3651c24cc369335
SHA1 2606a189ed1ccf87dc6050f18d521405b3a70aa4
SHA256 98ab15905e7e241dec138289721c9f41681a38587966c5c79541564577f1d7eb
SHA512 5bb8483b17b4d36c47de27a3686f61b1ec0a4a83b3c9fe74df1557f31e37119504fd038932d158858f89d4e5ffa34d7459dcdedb6c94fda570ea7872152bbbb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

memory/5752-814-0x0000000000580000-0x00000000005D6000-memory.dmp

memory/5752-815-0x0000000000580000-0x00000000005D6000-memory.dmp

memory/1864-816-0x00007FF6C3C50000-0x00007FF6C4365000-memory.dmp