Malware Analysis Report

2025-03-15 04:17

Sample ID 240826-bq72xsxalf
Target https://buzzheavier.com/f/GJHt0zeNQAA=
Tags
discovery motw phishing
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

Threat Level: Shows suspicious behavior

The file https://buzzheavier.com/f/GJHt0zeNQAA= was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery motw phishing

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Browser Information Discovery

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-26 01:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-26 01:22

Reported

2024-08-26 01:24

Platform

win10v2004-20240802-en

Max time kernel

72s

Max time network

75s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://buzzheavier.com/f/GJHt0zeNQAA=

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3620 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3620 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://buzzheavier.com/f/GJHt0zeNQAA=

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb61b246f8,0x7ffb61b24708,0x7ffb61b24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=9728 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2cc 0x500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,15527298698205435629,10019608334692863865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8748 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\##!!s͜etUp_Use_2444_P͜@s$C0DE$$✔.rar"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\##!!s͜etUp_Use_2444_P͜@s$C0DE$$✔.rar"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 buzzheavier.com udp
US 104.26.4.225:443 buzzheavier.com tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.18.95.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 225.4.26.104.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
GB 2.18.190.81:80 apps.identrust.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 41.95.18.104.in-addr.arpa udp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 0polkser.xyz udp
US 104.21.91.152:443 0polkser.xyz tcp
US 104.21.91.152:443 0polkser.xyz tcp
US 8.8.8.8:53 4p5jdcvm.cfd udp
US 172.67.172.165:443 4p5jdcvm.cfd tcp
US 172.67.172.165:443 4p5jdcvm.cfd tcp
US 8.8.8.8:53 152.91.21.104.in-addr.arpa udp
US 8.8.8.8:53 165.172.67.172.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 rentry.co udp
US 104.26.2.16:443 rentry.co tcp
US 104.26.2.16:443 rentry.co tcp
US 8.8.8.8:53 cdn4.buysellads.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 16.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 200.20.217.172.in-addr.arpa udp
NL 152.42.150.143:443 cdn4.buysellads.net tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 exchange.cootlogix.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 srv.buysellads.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 pbjs.e-planning.net udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ads.servenobid.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 bidder.criteo.com udp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 104.22.74.216:443 btloader.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
GB 108.138.217.48:443 hb.yellowblue.io tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 193.3.178.4:443 pbjs.e-planning.net tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 104.26.8.169:443 script.4dex.io tcp
NL 81.17.55.99:443 prg.smartadserver.com tcp
NL 81.17.55.99:443 prg.smartadserver.com tcp
IE 52.51.169.167:443 ads.servenobid.com tcp
NL 152.42.150.143:443 srv.buysellads.com tcp
US 172.64.153.78:443 mp.4dex.io tcp
US 8.8.8.8:53 c.4dex.io udp
US 8.8.8.8:53 ad-delivery.net udp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.18.22.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
GB 108.156.39.27:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 api.btloader.com udp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
GB 18.245.143.58:443 tags.crwdcntrl.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 35.241.34.106:443 c.4dex.io udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 143.150.42.152.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 48.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 78.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 4.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 99.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 167.169.51.52.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 253.22.99.167.in-addr.arpa udp
US 8.8.8.8:53 107.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 106.34.241.35.in-addr.arpa udp
US 8.8.8.8:53 166.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 static4.buysellads.net udp
US 8.8.8.8:53 id.hadron.ad.gt udp
GB 18.245.162.102:443 static4.buysellads.net tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 adsdk.microsoft.com udp
US 8.8.8.8:53 acdn.adnxs-simple.com udp
US 8.8.8.8:53 cdn.adnxs.com udp
US 8.8.8.8:53 fra1-ib.adnxs.com udp
US 151.101.1.108:443 cdn.adnxs.com tcp
US 13.107.246.64:443 adsdk.microsoft.com tcp
GB 92.123.142.144:443 acdn.adnxs-simple.com tcp
US 8.8.8.8:53 i.clean.gg udp
US 8.8.8.8:53 a.ad.gt udp
US 34.95.69.49:443 i.clean.gg tcp
US 104.22.5.69:443 a.ad.gt tcp
US 34.95.69.49:443 i.clean.gg udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 151.101.65.108:443 cdn.adnxs.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
GB 95.101.143.201:443 www.bing.com tcp
GB 95.101.143.201:443 www.bing.com tcp
US 8.8.8.8:53 27.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 232.154.172.18.in-addr.arpa udp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
US 8.8.8.8:53 173.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 58.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 102.162.245.18.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 144.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 108.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 201.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 104.26.2.16:443 rentry.co tcp
US 8.8.8.8:53 static.criteo.net udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
FR 185.235.86.53:443 ag.gbc.criteo.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
FR 185.235.86.125:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 buysellads-d.openx.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 sync.cootlogix.com udp
US 8.8.8.8:53 public.servenobid.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
DE 51.38.120.206:443 onetag-sys.com udp
US 35.244.159.8:443 buysellads-d.openx.net tcp
US 159.223.126.40:443 sync.cootlogix.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
GB 108.156.39.59:443 public.servenobid.com tcp
US 151.101.129.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 53.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 125.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 eu-west-1-cs-rtb.openwebmp.com udp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
GB 13.224.222.56:443 eu-west-1-cs-rtb.openwebmp.com tcp
US 104.17.44.93:443 gum.aidemsrv.com tcp
US 54.175.57.209:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 player.aniview.com udp
GB 92.123.140.19:443 player.aniview.com tcp
US 8.8.8.8:53 251.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 192.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 108.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 59.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 40.126.223.159.in-addr.arpa udp
US 8.8.8.8:53 56.222.224.13.in-addr.arpa udp
US 104.17.44.93:443 gum.aidemsrv.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 secure.adnxs.com udp
NL 89.149.192.244:443 ssbsync.smartadserver.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 b1sync.zemanta.com udp
NL 185.184.8.90:443 creativecdn.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
DE 167.235.114.248:443 sync.richaudience.com tcp
US 52.1.95.45:443 api-2-0.spot.im tcp
US 35.71.131.137:443 match.adsrvr.org tcp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 34.248.137.99:443 match.prod.bidr.io tcp
US 70.42.32.31:443 b1sync.zemanta.com tcp
US 70.42.32.31:443 b1sync.zemanta.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 sync.aniview.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 172.240.45.78:443 sync.aniview.com tcp
US 8.8.8.8:53 image8.pubmatic.com udp
IE 18.203.167.224:443 g2.gumgum.com tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 cacerts.rapidssl.com udp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 54.204.207.243:443 sync.srv.stackadapt.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 pixel.33across.com udp
US 8.8.8.8:53 tracker.open-adsyield.com udp
US 67.202.105.24:443 pixel.33across.com tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 172.111.38.54:443 tracker.open-adsyield.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
IE 34.253.170.144:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 id.rlcdn.com udp
IE 63.32.219.61:443 ap.lijit.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 bttrack.com udp
US 192.132.33.68:443 bttrack.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
US 8.8.8.8:53 cdn.dxkulture.com udp
US 8.8.8.8:53 209.57.175.54.in-addr.arpa udp
US 8.8.8.8:53 19.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 249.129.214.23.in-addr.arpa udp
US 8.8.8.8:53 244.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 99.137.248.34.in-addr.arpa udp
US 8.8.8.8:53 248.114.235.167.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 31.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 45.95.1.52.in-addr.arpa udp
US 8.8.8.8:53 224.167.203.18.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 78.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 243.207.204.54.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 144.170.253.34.in-addr.arpa udp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 54.38.111.172.in-addr.arpa udp
US 8.8.8.8:53 61.219.32.63.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 93.44.17.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
US 172.64.145.29:443 cdn.dxkulture.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 sync.adkernel.com udp
DK 37.157.5.133:443 c1.adform.net tcp
DK 37.157.5.133:443 c1.adform.net tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
FR 164.132.25.185:443 rtb-csync.smartadserver.com tcp
GB 108.156.39.10:443 s.ad.smaato.net tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
FR 142.250.201.162:443 cm.g.doubleclick.net tcp
FR 142.250.201.162:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 tg.socdm.com udp
JP 124.146.153.162:443 tg.socdm.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 sync.ipredictive.com udp
US 8.8.8.8:53 match.deepintent.com udp
US 8.8.8.8:53 bh.contextweb.com udp
US 52.46.151.131:443 s.amazon-adsystem.com tcp
IE 52.212.38.212:443 pr-bh.ybp.yahoo.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 169.197.150.8:443 match.deepintent.com tcp
US 52.6.127.99:443 sync.ipredictive.com tcp
US 8.8.8.8:53 usersync.gumgum.com udp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 ssp.disqus.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 match.sharethrough.com udp
JP 124.146.153.162:443 tg.socdm.com tcp
US 8.8.8.8:53 hbx.media.net udp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
US 34.98.64.218:443 us-u.openx.net udp
IE 34.247.205.196:443 usersync.gumgum.com tcp
IE 34.247.229.60:443 ce.lijit.com tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 52.207.124.73:443 ssp.disqus.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
NL 147.75.34.177:443 prebid.a-mo.net tcp
GB 95.100.244.20:443 hbx.media.net tcp
DE 18.184.119.72:443 match.sharethrough.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
US 8.8.8.8:53 ads.dxkulture.com udp
US 8.8.8.8:53 29.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 10.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 185.25.132.164.in-addr.arpa udp
US 8.8.8.8:53 72.57.245.77.in-addr.arpa udp
US 8.8.8.8:53 133.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 212.38.212.52.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 162.153.146.124.in-addr.arpa udp
US 8.8.8.8:53 196.205.247.34.in-addr.arpa udp
US 45.55.126.71:443 ads.dxkulture.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
US 8.8.8.8:53 rtb.gumgum.com udp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 20.244.100.95.in-addr.arpa udp
US 8.8.8.8:53 60.229.247.34.in-addr.arpa udp
US 8.8.8.8:53 131.151.46.52.in-addr.arpa udp
US 8.8.8.8:53 177.34.75.147.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 72.119.184.18.in-addr.arpa udp
US 8.8.8.8:53 8.150.197.169.in-addr.arpa udp
US 8.8.8.8:53 99.127.6.52.in-addr.arpa udp
US 8.8.8.8:53 73.124.207.52.in-addr.arpa udp
US 8.8.8.8:53 71.126.55.45.in-addr.arpa udp
US 8.8.8.8:53 67.1.166.69.in-addr.arpa udp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 5.144.216.31.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.15:443 g.api.mega.co.nz tcp
LU 66.203.125.15:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 132.169.44.89.in-addr.arpa udp
US 8.8.8.8:53 15.125.203.66.in-addr.arpa udp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 gfs206n165.userstorage.mega.co.nz udp
BE 94.24.37.75:443 gfs206n165.userstorage.mega.co.nz tcp
BE 94.24.37.75:443 gfs206n165.userstorage.mega.co.nz tcp
BE 94.24.37.75:443 gfs206n165.userstorage.mega.co.nz tcp
BE 94.24.37.75:443 gfs206n165.userstorage.mega.co.nz tcp
BE 94.24.37.75:443 gfs206n165.userstorage.mega.co.nz tcp
US 8.8.8.8:53 75.37.24.94.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 update.videolan.org udp
FR 213.36.253.119:80 update.videolan.org tcp
FR 213.36.253.119:80 update.videolan.org tcp
US 8.8.8.8:53 119.253.36.213.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e765f3d75e6b0e4a7119c8b14d47d8da
SHA1 cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512 a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

\??\pipe\LOCAL\crashpad_3620_DXVLAXAFTMFFOOEU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 53bc70ecb115bdbabe67620c416fe9b3
SHA1 af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256 b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512 cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8187c6438c69f36756422942a750d98
SHA1 31b34196738daf62b713c29df70680db33d2916d
SHA256 abfa7c11e5837bab502eb0797592d0f9186ede5f3ff86da1ceded0f617ab31df
SHA512 d6067a0afb3c281446cc8e3e8fd4e218495e2902e36b05f636a1a7413367710aeb5894d8e3eff60f63899a0f95a05db311d8c2ab8af6c5be256170420972a09d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e05d2e206eacf727bc9aaaf98016549a
SHA1 732bad8caaf1329a84bd6bffac4185a0039dfd26
SHA256 7cdc5ee573bb94495a0090129850646800ac5e7cee41b4d142084bbfd689a9b8
SHA512 9f1481ddb8b6e0a346c80245df1b03f7ff1fcfaa7b9142d4d26d177c60a898ad0fcb16ba266fd7d69f2a68b97428de6ea75af749ce313f84650790bac34ef678

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 70af7bea8f36203472b770af51bb6fc3
SHA1 bc93d9f493ab88b05dda4e24b103af7397faa2a0
SHA256 313bcd3ae7953a72fa331340587de526999745d09f5275c7ac34ff68a9e2ec12
SHA512 ab3334281c759818e5a8652ed6b4d03e999965c8aba7f570701b849d0a079ee91ddf593814c55f53cf5707793af6cf4d504930a2bff6fed5b4444a0cee114cb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 fb3b3a463e11c4e5f22da74950411769
SHA1 b53d5c80579ca95dca9eecc57098d6b90d7fd46e
SHA256 582ff394c62eb3bf5fb53274dbe4fa5e2f114d54925191100612c66fdaab093b
SHA512 c0191fa938c5f23a707008b019c20e64fbd97482f63cdf7e4efd8cab35fd4433262b2cefb285f3aaa424ee54acb574a0f681a90dd5862d1517832d2ac2609f29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cd3f61a4f9fcd86dc46b8f2421d60654
SHA1 f317d064cef0d374e8f1a5b67e436a31c0227f2e
SHA256 d5f6830aef91198b77c904f3b14821471b3bc8fa3223d567bd0012d342e8ccb6
SHA512 8d097ecec3d64c0f3e02402eb51afec9f478ab621518c01b0c841868f090ff569d5111a83911efe0c67a610c56128acfe69798cec59e26b1e9d0bd2d499502b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1b8f8d6da7358fc24b29853c7412d7fd
SHA1 5c921a1f5138c6105d1c6c4c15b58a1505876b35
SHA256 e9af764c59ed7e813347f1e88267bf8d36aa2a68a5a584b4d6eb25e63b102bdc
SHA512 4caa604af47792f61eff6113163af3a6023eddbbaddeffb9c10acbc071de633ab294f836fb0b9b2b2bdc51f92ed7afbd507147ecacd2a410a7d9e6b57acaa55e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9fe989b830f0955849a5788e2749338d
SHA1 03293c4beb3d8ab9495b248962036d59fbb1c2d3
SHA256 788cdef481914fb7f405aeda5a11586cb8a683efbe8801ba8da095a983c8b4f8
SHA512 6e3414139cf0a53935c5bc7bd78fab46a855a2b9381199b369b6e7c306de939dd59b4a51390d0a8c4a1403a0536a7211372146b5e4ad19efbab4edd4540e2bd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584b9a.TMP

MD5 dcaf8e8b4d048c454715d389d671c2b5
SHA1 6eaa4b196dd9aa7a3bdd0b20ecc228ad13965abf
SHA256 13bd0ef53c251dc4cfed33c35010e72b405559a4ff9c1cb21c9551ba97dda8cd
SHA512 0aef32c1a57366a0add24f59874266c87156cccd47f6c12642004c99e40d388bd2fb38289f050e14abee6c268526e3c8931f20444e18961bbabc24b19383d69d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2dff59d33c78acabc40b97f5a0379fab
SHA1 0da1e11388ef9073957ebc37c0fad3106753e9f8
SHA256 bb226752364004be3ce6c7e39279907d8481493c031be0f74fc0e7c886b1fa65
SHA512 b43ca354207f26a8907b40909ef26e660612ebfaaa540cf89ec14791f6725f912d48fc4efd588e9a6e539e6f00cddbb747807a2b9666f14b98792a787227afe4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a9d2756ca56fefb5a249ad63f83c98ac
SHA1 3e405a72f1904f54b2bb09e6ea351fefb16684f0
SHA256 8810f4b8b9bf7c1bdf5f2415823bd871344fea4dd2bed0c297a784617c5c7e06
SHA512 226d4617b031ef0374aae492e1d2ffcb99a92d1987afd73e58aeffd5401e919bab2b076470d3a520f0ff4f24496ef0059a41bdd866710e5a0e39fcafa5f44f34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587c40.TMP

MD5 09e52163e2e9328321347680954dc622
SHA1 ef126b83eb0642b58cdf5927c2869b3c7721278b
SHA256 46c71eb43dc12928bbeac881d6dcd282634d84dd729c8ff90069cb976727c132
SHA512 200a2b9251e7e4c535227557cbe79de629526c45a2633c17b2c40f81ceaabed13b26a68f3aa67b57ec03c78640cb760926c7f13ef5d5a2f14aa9560601826cde

C:\Users\Admin\Downloads\##!!s͜etUp_Use_2444_P͜@s$C0DE$$✔.rar

MD5 a38a8fee54eb3744701aba4b0846e9b5
SHA1 365e724d64e0bff266c9812e79430938a68cba61
SHA256 ce537a5213e10276efff84a178d270358a906280a1df8b4da7f1202b1d275cd3
SHA512 ec7d953270eb1741cb7a55fd2568b844af17cbf525e1651e7a16608f55d62855649f7eae68705adaa3f5e59d8b2d94f2f735bf4e3ba4f053cd30e9172e36e784

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c544adfba9ca6ae76da3cb8606fe4be4
SHA1 59b90dcf2d4296500453ea7657ffaa81abfde985
SHA256 4a9caa93b45a3fd5f786d0e356d32ad95bf433e7c8d7d7cfbef647c32e895f9f
SHA512 ad94062e197b9d01f888a48362c9346f7f1dfe66444591ee46abae37c9091b28117185372ce5d321f55f4ef5b0ec355c1c987ef08687c7f5510c8a3c68fca0f8

memory/8012-371-0x00007FF713C60000-0x00007FF713D58000-memory.dmp

memory/8012-372-0x00007FFB50560000-0x00007FFB50594000-memory.dmp

memory/8012-373-0x00007FFB4CC50000-0x00007FFB4CF06000-memory.dmp

memory/8012-374-0x00007FFB47AD0000-0x00007FFB48B80000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 64dff0a788ae5754f7b66b36d33c5f02
SHA1 ee3e4f3476e6f86c3fa9f47fefd1de4d4ff65dd9
SHA256 b72a4c0691b4e9fedfa2278f872f6177ceba544b875f657e3b28cba1b1afc6cf
SHA512 83b75599be4aecb728a38a102e65b6bd202da55451b0ffed5aab3379873a1b49ad8b4b9ab7fe0e98c1c9265b9d30cc8ebbf785bdf07e3a07726e7d6dabb0957a

C:\Users\Admin\AppData\Roaming\vlc\vlcrc

MD5 7b37c4f352a44c8246bf685258f75045
SHA1 817dacb245334f10de0297e69c98b4c9470f083e
SHA256 ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e
SHA512 1e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02

C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

MD5 781602441469750c3219c8c38b515ed4
SHA1 e885acd1cbd0b897ebcedbb145bef1c330f80595
SHA256 81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d
SHA512 2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

MD5 990b8db13df98b620ce23ee699898da7
SHA1 9db73d2eb6b590382b52a663d8f0794184082864
SHA256 2f280fcf73576f85182a318edb52f210c8bac36067c3f17d460ff02ad34a732d
SHA512 293c3c6c6526247d52e1149a19581b024a33ebd4e90b7822b825c1ab2a662a4d12460eb119bdf4b8edde192382f7643313bda3ac7211b2aadcc075cd7134ba42

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

MD5 56272e9c62878c114c1d09f9f25a0183
SHA1 fb040626575bca1acf27b001f02ecd47a37da34e
SHA256 c02a4bd0bc5e2711a27b6440fe6c9760442b3d209e8a9b213ef50607cb20c90b
SHA512 7a4aa4628a7b59ac5f17c8e8ebb893e8c88da8ba67fc09ad013748cbd82bf0363735593341bfe65498108f7b140520242f996d884204e0d61d502f118004d870

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5c49867e302af91f51b28d12edcf9052
SHA1 e2c174048d1ff15a68caf2dd5f49141f14e8da07
SHA256 a2e047079810cc2bc3c05995cac24232d1b283007160c8b9058dd94b26a21d5d
SHA512 009e3d3edda0754b89c42d10b85a01fdc0ac6448753a027fe6f443a21e5391af7d71cd371cec97bf5621467f4016dcb8c28f76f1d64140747deaf9b3ebea047a

memory/6860-430-0x00007FFB4D920000-0x00007FFB4D954000-memory.dmp

memory/6860-432-0x00007FFB4A8A0000-0x00007FFB4A9AE000-memory.dmp

memory/6860-431-0x00007FFB4B780000-0x00007FFB4BA36000-memory.dmp

memory/6860-429-0x00007FF713C60000-0x00007FF713D58000-memory.dmp