Malware Analysis Report

2025-03-15 04:08

Sample ID 240827-h33rasyfmg
Target .
SHA256 5997ccc2847d0f1d63ee84ad5926acb98616d342f17b890f205a3c3005551242
Tags
discovery motw phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

5997ccc2847d0f1d63ee84ad5926acb98616d342f17b890f205a3c3005551242

Threat Level: Likely malicious

The file . was found to be: Likely malicious.

Malicious Activity Summary

discovery motw phishing

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Enumerates connected drives

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Blocklisted process makes network request

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Drops file in Windows directory

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Modifies registry class

NTFS ADS

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-27 07:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-27 07:16

Reported

2024-08-27 07:46

Platform

win10v2004-20240802-en

Max time kernel

1800s

Max time network

1784s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Bootstrapper.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Bootstrapper.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\Program Files\nodejs\node.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@colors\colors\lib\custom\zalgo.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\events\tests\remove-listeners.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\clean.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\tiny-relative-date\lib\factory.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\are-we-there-yet\lib\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-dedupe.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\common-ancestor-path\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\spdx-exceptions\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\safer-buffer\safer.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\LICENSE.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\man\man1\npm-exec.1 C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\remote.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\ip-regex\index.d.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\docs\output\using-npm\registry.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\strip-ansi\license C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\sign.d.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\pretty_vcproj.py C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\color-support\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\docs\content\configuring-npm\npmrc.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\parse.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-pack.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\node_modules\glob\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\https-proxy-agent\dist\agent.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\man\man1\npm-dist-tag.1 C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\fs\lib\with-temp-dir.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\example\callback.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\node_modules\minimatch\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\bin\ideal.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\negotiator\HISTORY.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\identity\oauth.d.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\identity\issuer.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\bin\virtual.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\@npmcli\fs\lib\mkdir.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\move-file\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\query-selector-all.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\util\array.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\is-windows.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\read\lib\read.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\semver\classes\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\readable-stream\readable-browser.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\ignore-walk\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\depd\lib\browser\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\util\stripComments.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\mode-fix.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\lib\nopt.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\npx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\man\man1\npm-pack.1 C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\asn1\tag.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\git\lib\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\write-file-atomic\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\promise-inflight\inflight.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmsearch\lib\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\semver\internal\debug.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\arborist\rebuild.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\color-convert\conversions.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff-apply\index.tests.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-team.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\semver\ranges\max-satisfying.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\lib\type-defs.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\ours\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmversion\lib\read-json.js C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA613.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA643.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID279.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9D36.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9CF7.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAE15.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5899ce.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5899ca.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA3C0.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICEDE.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5899ca.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9D56.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIADE5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICCF8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICD85.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\wevtutil.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000624c7b65d7e4da012283bae9e0e4da01a717c36051f8da0114000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Downloads" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "7" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782 C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 267796.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Bootstrapper.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wevtutil.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3204 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3204 wrote to memory of 1832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff914d546f8,0x7ff914d54708,0x7ff914d54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8

C:\Users\Admin\Downloads\Bootstrapper.exe

"C:\Users\Admin\Downloads\Bootstrapper.exe"

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding EFE0BB9444D5EEEEBDB406D6CC43B475

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 999295F7B3869267188DB05A45C1D005

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 899F24A3AA3B50431775BEA518A623BA E Global\MSI0000

C:\Windows\SysWOW64\wevtutil.exe

"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"

C:\Windows\System32\wevtutil.exe

"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1

C:\ProgramData\Solara\Solara.exe

"C:\ProgramData\Solara\Solara.exe"

C:\Program Files\nodejs\node.exe

"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 0b8c8dd0495a44ee

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4768 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6468 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16542576674533620028,4290335487510627154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
GB 92.123.142.185:443 www.bing.com tcp
GB 92.123.142.185:443 www.bing.com tcp
US 8.8.8.8:53 185.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 getsolara.dev udp
US 172.67.203.125:80 getsolara.dev tcp
US 172.67.203.125:80 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 8.8.8.8:53 125.203.67.172.in-addr.arpa udp
US 8.8.8.8:53 getsolara.dev udp
US 104.21.93.27:443 getsolara.dev tcp
N/A 127.0.0.1:6463 tcp
US 8.8.8.8:53 27.93.21.104.in-addr.arpa udp
US 8.8.8.8:53 pastebin.com udp
US 172.67.19.24:443 pastebin.com tcp
US 8.8.8.8:53 clientsettings.roblox.com udp
GB 128.116.119.4:443 clientsettings.roblox.com tcp
US 8.8.8.8:53 24.19.67.172.in-addr.arpa udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 www.nodejs.org udp
US 104.20.23.46:443 www.nodejs.org tcp
US 8.8.8.8:53 nodejs.org udp
US 104.20.23.46:443 nodejs.org tcp
US 8.8.8.8:53 46.23.20.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 c6ff8eb7.solaraweb-alj.pages.dev udp
US 172.66.44.59:443 c6ff8eb7.solaraweb-alj.pages.dev tcp
US 8.8.8.8:53 59.44.66.172.in-addr.arpa udp
US 8.8.8.8:53 file.io udp
US 45.55.107.24:80 file.io tcp
US 45.55.107.24:80 file.io tcp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 www.file.io udp
GB 18.245.218.91:443 www.file.io tcp
US 8.8.8.8:53 24.107.55.45.in-addr.arpa udp
US 8.8.8.8:53 91.218.245.18.in-addr.arpa udp
US 8.8.8.8:53 hb.vntsm.com udp
US 151.101.3.42:443 hb.vntsm.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 151.101.3.42:443 hb.vntsm.com tcp
US 8.8.8.8:53 www.google.co.uk udp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
FR 142.250.201.163:443 www.google.co.uk tcp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 42.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 200.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 hb.vntsm.io udp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 104.22.47.142:443 hb.vntsm.io tcp
US 151.101.193.194:443 hb-vntsm-com.global.ssl.fastly.net tcp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.exelator.com udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
GB 143.204.176.17:443 cdn.exelator.com tcp
US 8.8.8.8:53 142.47.22.104.in-addr.arpa udp
US 8.8.8.8:53 163.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 194.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 mydmp.exelator.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
IE 34.254.143.3:443 mydmp.exelator.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
GB 108.156.39.27:443 config.aps.amazon-adsystem.com tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 8.8.8.8:53 onsite-tag-logs.apps.nielsen.com udp
US 8.8.8.8:53 load77.exelator.com udp
US 54.237.163.72:443 onsite-tag-logs.apps.nielsen.com tcp
GB 84.17.50.8:443 load77.exelator.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
FR 172.217.20.206:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
NL 64.158.223.146:443 proc.ad.cpe.dotomi.com tcp
FR 172.217.20.206:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 a.ad.gt udp
US 104.22.4.69:443 a.ad.gt tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.120:443 id5-sync.com tcp
DE 162.19.138.118:443 id5-sync.com tcp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 17.176.204.143.in-addr.arpa udp
US 8.8.8.8:53 34.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.143.254.34.in-addr.arpa udp
US 8.8.8.8:53 27.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 8.50.17.84.in-addr.arpa udp
US 8.8.8.8:53 72.163.237.54.in-addr.arpa udp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 146.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 cadmus.script.ac udp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 173.222.211.8:80 apps.identrust.com tcp
US 8.8.8.8:53 i.clean.gg udp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
GB 18.245.189.34:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.edkt.io udp
US 34.120.111.33:443 cdn.edkt.io tcp
US 34.95.69.49:443 i.clean.gg udp
US 8.8.8.8:53 track.venatusmedia.com udp
IE 3.248.98.103:443 track.venatusmedia.com tcp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 8.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 33.111.120.34.in-addr.arpa udp
US 8.8.8.8:53 34.189.245.18.in-addr.arpa udp
US 8.8.8.8:53 prod.tahoe-analytics.publishers.advertising.a2z.com udp
US 54.70.103.160:443 prod.tahoe-analytics.publishers.advertising.a2z.com tcp
US 8.8.8.8:53 103.98.248.3.in-addr.arpa udp
US 8.8.8.8:53 160.103.70.54.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 script.4dex.io udp
US 172.67.75.241:443 script.4dex.io tcp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 ib.adnxs-simple.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 apex.go.sonobi.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 104.18.34.190:443 elb.the-ozone-project.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 89.149.192.192:443 prg.smartadserver.com tcp
NL 89.149.192.192:443 prg.smartadserver.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 147.75.34.177:443 prebid.a-mo.net tcp
US 172.67.75.241:443 script.4dex.io tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
NL 185.89.210.244:443 ib.adnxs-simple.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 8.8.8.8:53 241.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 190.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 192.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 177.34.75.147.in-addr.arpa udp
US 8.8.8.8:53 244.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 230.93.153.18.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 8.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 p.rfihub.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 x.bidswitch.net udp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
GB 23.36.168.202:443 ads.pubmatic.com tcp
US 52.71.88.198:443 sync.srv.stackadapt.com tcp
US 216.200.232.253:443 sync.mathtag.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
FR 142.250.75.226:443 cm.g.doubleclick.net tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
FR 142.250.75.226:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 202.168.36.23.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 198.88.71.52.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 253.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 226.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 69.166.1.35:443 sync.go.sonobi.com tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 eu-west-1-cs-rtb.openwebmp.com udp
US 8.8.8.8:53 gum.aidemsrv.com udp
GB 13.224.222.101:443 eu-west-1-cs-rtb.openwebmp.com tcp
US 104.17.43.93:443 gum.aidemsrv.com tcp
US 8.8.8.8:53 onetag-sys.com udp
DE 51.89.9.253:443 onetag-sys.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 player.aniview.com udp
GB 92.123.140.19:443 player.aniview.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 54.90.152.160:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 secure.adnxs.com udp
DE 37.252.171.149:443 secure.adnxs.com tcp
NL 81.17.55.123:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
DE 168.119.72.236:443 sync.richaudience.com tcp
US 52.2.98.215:443 api-2-0.spot.im tcp
NL 46.228.174.117:443 sync.1rx.io tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
IE 34.252.6.15:443 match.prod.bidr.io tcp
US 50.31.142.159:443 b1sync.zemanta.com tcp
US 50.31.142.159:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 sync.aniview.com udp
US 172.240.45.78:443 sync.aniview.com tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 ap.lijit.com udp
DE 168.119.72.236:443 sync.richaudience.com tcp
IE 54.194.101.55:443 ap.lijit.com tcp
IE 54.171.130.238:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 101.222.224.13.in-addr.arpa udp
US 8.8.8.8:53 35.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 93.43.17.104.in-addr.arpa udp
US 8.8.8.8:53 253.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 19.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 249.129.214.23.in-addr.arpa udp
US 8.8.8.8:53 160.152.90.54.in-addr.arpa udp
US 8.8.8.8:53 251.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 149.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 123.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 15.6.252.34.in-addr.arpa udp
US 8.8.8.8:53 215.98.2.52.in-addr.arpa udp
US 8.8.8.8:53 159.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 78.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 bttrack.com udp
US 172.111.38.54:443 tracker.open-adsyield.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 192.132.33.68:443 bttrack.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 55.101.194.54.in-addr.arpa udp
US 8.8.8.8:53 238.130.171.54.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 54.38.111.172.in-addr.arpa udp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
US 172.67.19.24:443 pastebin.com tcp
GB 128.116.119.4:443 clientsettings.roblox.com tcp
FR 172.217.20.206:443 fundingchoicesmessages.google.com udp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 7c1810ecfebdbc4a9d35bd318beb5ff0.safeframe.googlesyndication.com udp
US 8.8.8.8:53 api.edkt.io udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 static.criteo.net udp
FR 142.250.179.65:443 7c1810ecfebdbc4a9d35bd318beb5ff0.safeframe.googlesyndication.com tcp
US 34.120.111.33:443 api.edkt.io tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
FR 216.58.213.66:443 ep1.adtrafficquality.google tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
GB 18.245.143.83:443 tags.crwdcntrl.net tcp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
IE 54.75.251.201:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
US 34.120.111.33:443 api.edkt.io udp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 cdn1.vntsm.com udp
FR 185.93.2.246:443 cdn1.vntsm.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 66.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 83.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 201.251.75.54.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
TW 64.233.187.120:443 csi.gstatic.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
TW 64.233.187.120:443 csi.gstatic.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
NL 185.235.87.251:443 gem.gbc.criteo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
NL 185.235.87.121:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 120.187.233.64.in-addr.arpa udp
US 8.8.8.8:53 251.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 121.87.235.185.in-addr.arpa udp
US 45.55.107.24:443 file.io tcp
US 216.239.34.36:443 region1.analytics.google.com udp
FR 142.250.201.163:443 www.google.co.uk udp
NL 89.149.192.192:443 www14.smartadserver.com tcp
NL 147.75.34.177:443 prebid.a-mo.net tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.226.238:443 aax-eu.amazon-adsystem.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 ced-ns.sascdn.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
GB 92.123.140.113:443 ced-ns.sascdn.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 apps.sascdn.com udp
US 8.8.8.8:53 euw1.smartadserver.com udp
GB 92.123.143.83:443 apps.sascdn.com tcp
NL 89.149.193.96:443 euw1.smartadserver.com tcp
NL 89.149.193.81:443 euw1.smartadserver.com tcp
FR 172.217.20.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 s0.2mdn.net udp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
FR 142.250.178.134:443 s0.2mdn.net tcp
US 8.8.8.8:53 215.173.252.37.in-addr.arpa udp
US 8.8.8.8:53 238.226.220.67.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 113.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 83.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 96.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 81.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 134.178.250.142.in-addr.arpa udp
FR 142.250.178.134:443 s0.2mdn.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
NL 89.149.193.81:443 euw1.smartadserver.com tcp
US 8.8.8.8:53 acdn.adnxs.com udp
GB 92.123.142.195:443 acdn.adnxs.com tcp
US 8.8.8.8:53 195.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
FR 216.58.214.162:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 162.214.58.216.in-addr.arpa udp
FR 216.58.214.162:443 ade.googlesyndication.com udp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 89.149.192.192:443 euw1.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
FR 172.217.20.162:443 googleads4.g.doubleclick.net udp
NL 89.149.193.96:443 euw1.smartadserver.com tcp
NL 89.149.193.81:443 euw1.smartadserver.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 89.149.193.81:443 euw1.smartadserver.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
FR 217.182.178.225:443 prg.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 apps.sascdn.com udp
FR 172.217.20.162:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 euw2.smartadserver.com udp
NL 89.149.193.81:443 euw1.smartadserver.com tcp
FR 5.196.111.65:443 euw2.smartadserver.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
FR 142.250.178.134:443 s0.2mdn.net udp
US 8.8.8.8:53 225.178.182.217.in-addr.arpa udp
US 8.8.8.8:53 65.111.196.5.in-addr.arpa udp
NL 89.149.193.81:443 euw1.smartadserver.com tcp
FR 217.182.178.225:443 euw2.smartadserver.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
FR 172.217.20.162:443 googleads4.g.doubleclick.net udp
FR 5.196.111.65:443 euw2.smartadserver.com tcp
NL 89.149.193.81:443 euw1.smartadserver.com tcp
US 8.8.8.8:53 194.18.217.172.in-addr.arpa udp
NL 89.149.193.81:443 euw1.smartadserver.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
FR 217.182.178.225:443 euw2.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 apps.sascdn.com udp
FR 172.217.20.162:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 www14.smartadserver.com udp
FR 5.196.111.65:443 www14.smartadserver.com tcp
FR 91.134.110.129:443 www14.smartadserver.com tcp
FR 142.250.178.134:443 s0.2mdn.net udp
US 8.8.8.8:53 129.110.134.91.in-addr.arpa udp
FR 91.134.110.129:443 www14.smartadserver.com tcp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp
FR 217.182.178.225:443 www14.smartadserver.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
NL 185.89.211.84:443 ib.adnxs.com tcp
FR 178.32.210.226:443 prg.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 226.210.32.178.in-addr.arpa udp
US 8.8.8.8:53 84.211.89.185.in-addr.arpa udp
FR 178.32.210.226:443 prg.smartadserver.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 178.32.210.226:443 prg.smartadserver.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
NL 185.89.211.84:443 ib.adnxs.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 178.32.210.226:443 prg.smartadserver.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 tlx.3lift.com udp
NL 185.89.211.84:443 ib.adnxs.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
NL 89.149.192.193:443 prg.smartadserver.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 apps.sascdn.com udp
IE 54.229.112.66:443 track.venatusmedia.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 euw1.smartadserver.com udp
US 8.8.8.8:53 www14.smartadserver.com udp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
NL 89.149.192.240:443 www14.smartadserver.com tcp
NL 89.149.192.65:443 www14.smartadserver.com tcp
US 8.8.8.8:53 193.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 66.112.229.54.in-addr.arpa udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.192.149.89.in-addr.arpa udp
NL 89.149.192.240:443 www14.smartadserver.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.178.134:443 s0.2mdn.net udp
NL 89.149.192.65:443 www14.smartadserver.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
FR 142.250.178.130:443 ade.googlesyndication.com udp
US 8.8.8.8:53 130.178.250.142.in-addr.arpa udp
NL 81.17.55.98:443 www14.smartadserver.com tcp
NL 81.17.55.98:443 www14.smartadserver.com tcp
US 8.8.8.8:53 98.55.17.81.in-addr.arpa udp
NL 185.89.211.84:443 ib.adnxs.com tcp
NL 89.149.192.193:443 www14.smartadserver.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 ib.3lift.com udp
GB 18.245.187.73:443 ib.3lift.com tcp
US 8.8.8.8:53 73.187.245.18.in-addr.arpa udp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 eb2.3lift.com udp
US 13.248.245.213:443 eb2.3lift.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
NL 89.149.192.193:443 www14.smartadserver.com tcp
US 8.8.8.8:53 apex.go.sonobi.com udp
US 69.166.1.32:443 apex.go.sonobi.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 apps.sascdn.com udp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 eus.rubiconproject.com udp
NL 89.149.192.240:443 www14.smartadserver.com tcp
NL 89.149.192.65:443 www14.smartadserver.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 32.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 89.149.192.240:443 www14.smartadserver.com tcp
NL 89.149.192.65:443 www14.smartadserver.com tcp
NL 81.17.55.98:443 www14.smartadserver.com tcp
NL 81.17.55.98:443 www14.smartadserver.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
NL 89.149.192.193:443 www14.smartadserver.com tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
FR 142.250.178.130:443 ade.googlesyndication.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 69.166.1.32:443 apex.go.sonobi.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
FR 217.182.178.224:443 prg.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 224.178.182.217.in-addr.arpa udp
US 69.166.1.32:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
FR 217.182.178.224:443 prg.smartadserver.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
FR 217.182.178.224:443 prg.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
FR 142.250.178.130:443 ade.googlesyndication.com udp
US 69.166.1.32:443 apex.go.sonobi.com tcp
FR 217.182.178.224:443 prg.smartadserver.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
US 69.166.1.32:443 apex.go.sonobi.com tcp
FR 217.182.178.224:443 prg.smartadserver.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 69.166.1.32:443 apex.go.sonobi.com tcp
FR 217.182.178.224:443 prg.smartadserver.com tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 46.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 69.166.1.32:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
NL 185.89.210.46:443 ib.adnxs.com tcp
FR 217.182.178.225:443 prg.smartadserver.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
FR 217.182.178.225:443 prg.smartadserver.com tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
FR 142.250.178.130:443 ade.googlesyndication.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 apex.go.sonobi.com udp
DE 37.252.171.21:443 ib.adnxs.com tcp
US 69.166.1.9:443 apex.go.sonobi.com tcp
FR 178.32.210.227:443 prg.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 227.210.32.178.in-addr.arpa udp
US 8.8.8.8:53 9.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 69.166.1.9:443 apex.go.sonobi.com tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
FR 178.32.210.227:443 prg.smartadserver.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
DE 3.124.64.248:443 tlx.3lift.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
DE 3.124.64.248:443 tlx.3lift.com tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
FR 178.32.210.227:443 prg.smartadserver.com tcp
US 69.166.1.9:443 apex.go.sonobi.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
FR 178.32.210.227:443 prg.smartadserver.com tcp
US 69.166.1.9:443 apex.go.sonobi.com tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 69.166.1.9:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
NL 185.89.210.90:443 ib.adnxs.com tcp
FR 178.32.197.48:443 prg.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 90.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 48.197.32.178.in-addr.arpa udp
FR 178.32.197.48:443 prg.smartadserver.com tcp
US 69.166.1.9:443 apex.go.sonobi.com tcp
NL 185.89.210.90:443 ib.adnxs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
FR 178.32.197.48:443 prg.smartadserver.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 69.166.1.9:443 apex.go.sonobi.com tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
DE 37.252.171.21:443 ib.adnxs.com tcp
FR 178.32.197.48:443 prg.smartadserver.com tcp
US 69.166.1.9:443 apex.go.sonobi.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 apex.go.sonobi.com udp
DE 37.252.171.21:443 ib.adnxs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 164.132.25.177:443 prg.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 177.25.132.164.in-addr.arpa udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 164.132.25.177:443 prg.smartadserver.com tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 164.132.25.177:443 prg.smartadserver.com tcp
NL 185.89.210.82:443 ib.adnxs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 82.210.89.185.in-addr.arpa udp
FR 164.132.25.177:443 prg.smartadserver.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 185.89.210.82:443 ib.adnxs.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
NL 185.89.210.82:443 ib.adnxs.com tcp
NL 81.17.55.112:443 prg.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 112.55.17.81.in-addr.arpa udp
NL 185.89.210.82:443 ib.adnxs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 81.17.55.112:443 prg.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 81.17.55.112:443 prg.smartadserver.com tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 53.171.252.37.in-addr.arpa udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 81.17.55.112:443 prg.smartadserver.com tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
FR 164.132.25.176:443 prg.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 176.25.132.164.in-addr.arpa udp
DE 37.252.171.53:443 ib.adnxs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 164.132.25.176:443 prg.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
FR 164.132.25.176:443 prg.smartadserver.com tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
DE 3.78.168.176:443 tlx.3lift.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 164.132.25.176:443 prg.smartadserver.com tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 164.132.25.176:443 prg.smartadserver.com tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 178.32.210.227:443 prg.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
FR 178.32.210.227:443 prg.smartadserver.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
FR 178.32.210.227:443 prg.smartadserver.com tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
FR 178.32.210.227:443 prg.smartadserver.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
DE 37.252.171.53:443 ib.adnxs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
NL 81.17.55.98:443 prg.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
NL 81.17.55.98:443 prg.smartadserver.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
NL 185.89.210.141:443 ib.adnxs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 141.210.89.185.in-addr.arpa udp
NL 185.89.210.141:443 ib.adnxs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 81.17.55.98:443 prg.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 81.17.55.98:443 prg.smartadserver.com tcp
NL 185.89.210.141:443 ib.adnxs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
NL 185.89.210.141:443 ib.adnxs.com tcp
US 8.8.8.8:53 apex.go.sonobi.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 69.166.1.64:443 apex.go.sonobi.com tcp
FR 178.32.210.226:443 prg.smartadserver.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 64.1.166.69.in-addr.arpa udp
FR 178.32.210.226:443 prg.smartadserver.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 69.166.1.64:443 apex.go.sonobi.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 180.210.89.185.in-addr.arpa udp
FR 178.32.210.226:443 prg.smartadserver.com tcp
US 69.166.1.64:443 apex.go.sonobi.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e765f3d75e6b0e4a7119c8b14d47d8da
SHA1 cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512 a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

\??\pipe\LOCAL\crashpad_3204_XJSVRIPXVTWZFPJI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 53bc70ecb115bdbabe67620c416fe9b3
SHA1 af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256 b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512 cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 79974b7decc2be7b59e7c7f3223dfeea
SHA1 800eb79047d734757419e370aa8b714c329f4499
SHA256 38835f1b1688691becf8242705d125e0db39d7730094a989674c5a1fd3177490
SHA512 4a306f2993e81e0af27ccc4f088b14d20523e801ba34726599aec8ba89b7e1197c462509c315bc09b55e2888231c454a7a35ea0b63838e52cef6794f38d53eab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3bce2c7ac18e19288a8b27e30d9b9a33
SHA1 4cf8a10ea473758c7e3e10ad3677ada71dea0c82
SHA256 0ffa3a1666b7f168e6fac453000488c92a3800a6e8834bbdfb2bc55a44fad981
SHA512 0f0a305a0d9886f7cb8eddb11ec29be6397d5ea4d62a977e203118c8415b1b4f03971a77d908cd8900de76591082b7458de1f6936661a3c062233fad56610cde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1b87052a21a9e81afe4a56275622798f
SHA1 05df010add4086739c2a06642b55ef81ec424e9f
SHA256 342ecda06147c9825c2d33fff23057b32f6c8317f75ce1bafdd8201eb3813040
SHA512 9fc6a5976d395e0f1e40d9093efaebf14b4d558805b9c91a96b19351add79d35ac800595085c2bebf21a5221f1b5814ace859818f21a7f1e5972302e239b6b4e

C:\Users\Admin\Downloads\Unconfirmed 267796.crdownload

MD5 4b94b989b0fe7bec6311153b309dfe81
SHA1 bb50a4bb8a66f0105c5b74f32cd114c672010b22
SHA256 7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659
SHA512 fbbe60cf3e5d028d906e7d444b648f7dff8791c333834db8119e0a950532a75fda2e9bd5948f0b210904667923eb7b2c0176140babc497955d227e7d80fb109d

memory/4528-98-0x00000190209D0000-0x0000019020A9E000-memory.dmp

memory/4528-100-0x000001903AFB0000-0x000001903AFD2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 37478be014f1ad51b0c00ab60d32e4cf
SHA1 8d854f2902a09050259beb12a287e115a9f5c91f
SHA256 be3dc1b9f54b61c7922356dec55fa19e63690cc2c0a282480a8c0c855018c163
SHA512 cdfc8fe1c941b0ea91c2d006ee6fcf9bba81f7c37236e5d4270985f0a2e3253936cd71f78292a5cbb0171303a87ae05458e5c89a4c12dce804d8cc27df81842d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5c92258848d9ca33de8700fc04647b1d
SHA1 eadcb10411e84baeb961c16111f6fc1ed03a9142
SHA256 7db992da95bb51a60b544d643b3f6c5ddca426f8c6262f20a7b855a3f647b266
SHA512 5b17ab60a1e23b9010a7e49d4ab1b5cb3f467a33ac33dcfd2ca28a1f91915134a466249fddc67355e092d3319359aecee183d4d651efebf8c85c1d456cc6821f

C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

MD5 0e4e9aa41d24221b29b19ba96c1a64d0
SHA1 231ade3d5a586c0eb4441c8dbfe9007dc26b2872
SHA256 5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d
SHA512 e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

C:\Windows\Installer\MSI9CF7.tmp

MD5 9fe9b0ecaea0324ad99036a91db03ebb
SHA1 144068c64ec06fc08eadfcca0a014a44b95bb908
SHA256 e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9
SHA512 906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

C:\Windows\Installer\MSI9D56.tmp

MD5 a3ae5d86ecf38db9427359ea37a5f646
SHA1 eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256 c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA512 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

C:\Windows\Installer\MSIA613.tmp

MD5 7a86ce1a899262dd3c1df656bff3fb2c
SHA1 33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541
SHA256 b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c
SHA512 421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

MD5 b020de8f88eacc104c21d6e6cacc636d
SHA1 20b35e641e3a5ea25f012e13d69fab37e3d68d6b
SHA256 3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706
SHA512 4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

MD5 d2cf52aa43e18fdc87562d4c1303f46a
SHA1 58fb4a65fffb438630351e7cafd322579817e5e1
SHA256 45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0
SHA512 54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

MD5 7428aa9f83c500c4a434f8848ee23851
SHA1 166b3e1c1b7d7cb7b070108876492529f546219f
SHA256 1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7
SHA512 c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

MD5 5ad87d95c13094fa67f25442ff521efd
SHA1 01f1438a98e1b796e05a74131e6bb9d66c9e8542
SHA256 67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec
SHA512 7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

MD5 d7c8fab641cd22d2cd30d2999cc77040
SHA1 d293601583b1454ad5415260e4378217d569538e
SHA256 04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be
SHA512 278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

MD5 bc0c0eeede037aa152345ab1f9774e92
SHA1 56e0f71900f0ef8294e46757ec14c0c11ed31d4e
SHA256 7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5
SHA512 5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

MD5 f0bd53316e08991d94586331f9c11d97
SHA1 f5a7a6dc0da46c3e077764cfb3e928c4a75d383e
SHA256 dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef
SHA512 fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

MD5 072ac9ab0c4667f8f876becedfe10ee0
SHA1 0227492dcdc7fb8de1d14f9d3421c333230cf8fe
SHA256 2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013
SHA512 f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

MD5 2916d8b51a5cc0a350d64389bc07aef6
SHA1 c9d5ac416c1dd7945651bee712dbed4d158d09e1
SHA256 733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04
SHA512 508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

MD5 d116a360376e31950428ed26eae9ffd4
SHA1 192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b
SHA256 c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5
SHA512 5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

MD5 1d7c74bcd1904d125f6aff37749dc069
SHA1 21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab
SHA256 24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9
SHA512 b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

MD5 e9dc66f98e5f7ff720bf603fff36ebc5
SHA1 f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b
SHA256 b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79
SHA512 8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

C:\Program Files\nodejs\node_etw_provider.man

MD5 1d51e18a7247f47245b0751f16119498
SHA1 78f5d95dd07c0fcee43c6d4feab12d802d194d95
SHA256 1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f
SHA512 1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

C:\Program Files\nodejs\node_etw_provider.man

MD5 d3bc164e23e694c644e0b1ce3e3f9910
SHA1 1849f8b1326111b5d4d93febc2bafb3856e601bb
SHA256 1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4
SHA512 91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

MD5 db7dbbc86e432573e54dedbcc02cb4a1
SHA1 cff9cfb98cff2d86b35dc680b405e8036bbbda47
SHA256 7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9
SHA512 8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

C:\Config.Msi\e5899cd.rbs

MD5 0a761f1d915cf56b79d7b78457d94a73
SHA1 659220124a3ee298d67e85abb7f125172628ca35
SHA256 08d59220ab9eecee842904ae76a97769770d0c243b7265864ff6e8119301a7b0
SHA512 57d579ab0c60de68a93aa0af8c78aeb688025a5657bbf856026c086e0f2d663e7b438e6d08cd49da413627c249222bda4b8f929ab9d275bb92e3ea17aad7271b

memory/4528-2525-0x000001903B1F0000-0x000001903B1FA000-memory.dmp

memory/4528-2530-0x000001903B270000-0x000001903B282000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 becc79fc312d256aa78e73af57847e52
SHA1 4fa05efd6ef149f1c623627e0c89970c4d3dbc2c
SHA256 dd5459b94cc7b282ef36cc14b260b44d401d4a3cc676bc9d0eba24613a2e3b42
SHA512 253cf2c037cd4b9c6458390f3de61a444281d4219e66e9aa6c060507c9c3fe04f200b03991106c2a76c1fb644bf658ecd6960f342cc5719dd28e07e272b0824e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 72a46af0bbb9e37f111b4aaf491d83c8
SHA1 1514a4000719d31ae6c8674aea250c176d477a98
SHA256 31e014fd7041ce932e81c3726ed0dc2b9f6632d2d47426c1e7ae0c956193a231
SHA512 9d2f7f2d52238656094719731860e5b4b9f8e004f69f4456fede089d523101bdd10af01c66ced6bf5715981d8642c076d64788154a8c669d412f9e2c4d8426c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 71d6b64b33e1c83e2a7716b5951c40a3
SHA1 6507aa3115c0cbb20456c33a24d71629b8515551
SHA256 d505b9cb83986f2fe61e4143f3af8e540745e6b1b8276921afa3224d1f51e4f6
SHA512 5268b3489f051e327a0628d89cc807d534fd1b558e093553b4a3b5ed2cfd9d919654cda3b645d6828de8ddc8bb3b7134ed3ee71d35077e3f7dd7103a3dd85228

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590b60.TMP

MD5 661760f65468e15dd28c1fd21fb55e6d
SHA1 207638003735c9b113b1f47bb043cdcdbf4b0b5f
SHA256 0a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e
SHA512 6454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c81bdc80-7385-46eb-ba3f-72742dc4ca90.tmp

MD5 412244f3a3f46f5fe8ff074d713e7814
SHA1 98bd287b508629200db7dbd29cc46072701b93a5
SHA256 e50a001a8aec266d35a63111d57d446dd700fd996dade05dbb107372f1e4c1da
SHA512 d03013ada4e70b5355ac5c88fa65c1128b08de8cecb2acaf040e489bc61db47ed88bc81a7142ea08eac7fb7a40cd8b1868bb3a2a078845ae20035dc85ec8010f

C:\ProgramData\Solara\Solara.exe

MD5 ddfdd5ff817b39f037284d2f900de407
SHA1 8540c39f3c0d133ae7a41581a74183bb887f8363
SHA256 3bb95ce8e49260a0ad856feb3bc79fcb0ca94c866c8694c7e302f087e8b712aa
SHA512 18bb853a124c336870caece45e115c0865f9ce9e7ce3d6e994e9c8ba9789eaf8d6fc77aa17289531920ea8aef36311fa03405965aba0d5fdf4ec251c5dee778f

memory/5220-3085-0x0000020F78790000-0x0000020F787B4000-memory.dmp

memory/5220-3086-0x0000020F7B300000-0x0000020F7B83C000-memory.dmp

memory/5220-3087-0x0000020F7AF70000-0x0000020F7B02A000-memory.dmp

memory/5220-3088-0x0000020F7B030000-0x0000020F7B0E2000-memory.dmp

memory/5220-3090-0x0000020F7B840000-0x0000020F7B9AA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 909cb66f8db14e2b822d63c67e7cd263
SHA1 8dbeabaec7e080b749fc3964ae21b9c6e06bfab2
SHA256 1a6610fb5e8eb50c033da78a71f662fcc435e875745c084d0305a7141decf2da
SHA512 6166915db8409a0671614769072016b4db2a5b870a76e7a6cf0ab1ba76b303ef93c43fb24d0c5db025924f3971f9e9f2fd8edfe06a7e6ddd92b39582e23a9781

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 14da4bb5d305368b317b34f42a83e2e0
SHA1 924e700ae652da205dc6bce665869332ed50db94
SHA256 486cc333099411cf104d7ec62790f3c680bb01d7a3386a487743e46a7577f8e8
SHA512 4f36cc5668272804899bf7ef829a3c9b2d5c63900a90341745e2554c52ed19bae5598a32a2db63b9cb0294783087909d768c82c5f5256c822df6ce47dd67305a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\df3abcf7-e027-4fa5-ae09-7764f409702a.tmp

MD5 f442bcb7b3610541ba137dc5ed3677c0
SHA1 52eae44f7cececffcc5934625f4a46b1bef2e637
SHA256 69892414d86c8996a19c8f483885c7c929774ec9b53d66126846ce32c0796024
SHA512 b35ff30a383273a0bf78628c8314f47ba0e6975b64c9dbc069e3aa303922d4e51c2034dac1815c8229a347d14cfdebbac39128796f3024769932cefa2f15ba1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fad70a5802b0bd965f8fe1bf92e18ad3
SHA1 4af3d045dbc675dbc35c8ef9d9165cd3c9ae7755
SHA256 bb8bee5f153f9532e88fc6cdfe9b945fe401e181a19cd2a43507d29e850ba563
SHA512 d99f01d3e3dca6540346ae6df4dcb269ce54717cdee3559145cd6ae14010d12d6834d76e7c6433ad19e32faf407e9b6c6090785563a44a7033f7b2cdef898ece

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 648b0af0a3641cfeace38865c7c57715
SHA1 73f0dd74b177a5a128774043018e707da45b327a
SHA256 864a9b037414844eb1a594c1fdac3c0c94ae47e654268aa5273a1c522ec64dfd
SHA512 737e8bccefa94bd976950e7854621204b1e37d0026f26c2da75b9a48a90fa5a256e951a2281830f45c7689e42b15c6f02dbbef70ef620db0e3e9a365a008145a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 60878a552bbdacd4d801027ddc7bbac9
SHA1 20fcde5669d562f5d00847755c77b4d8e4067bb0
SHA256 6e0b4e4a31c6f3cbcffd440e4631bef390e444315097fc5a96676d7115a76514
SHA512 5b87f74bdc3319cb99b89a2ad3fea8db6ae9ffeb35fbd7082ba573453b6afed028130d1999d3fb1113f6ccb1dd0ff1bd4af0ab6a314e7278978aedf0943e23ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ef671c5b64cf6830520d9405ed281e1d
SHA1 b5e16bf307d117a788edb2abe476b0be9d1fef42
SHA256 6b96d6042aa35ee73b2123745cea168d6c8bcc40c184409f3de162d5ef35db63
SHA512 e726bf4611ca793d67948d28068757f94ed2d3f2e9f775d6f320c1d64a872c037943c50adac3113b38f71a28d8bbdfc47a28c9cbc027ccf2fe7afbce319f49ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 681684b98337ff2d590ec8145f8f95d4
SHA1 a3d12dd3e20be6520c06bda3c188ab58478370e6
SHA256 6ed6c1fd7cf2572a27b0de9b5797bda243394eef1cce39c5583b9aa8e9b6ca26
SHA512 0743b836ce01b920723eb59e79ceffe2a068ec1dfb55523ac7850ebd9c432788677f0327c9ce8b27aa60d9d8e9294b08bdda53c20651f38f1cb0be073a859a2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6fe3fcb7327778486781a56f5f25a5a6
SHA1 c0da669afd37e4950584d5d48abff280c23f3be3
SHA256 d414e85345ecfa0bebab1ebd785b7b3695601c44e9bc4e2211cb4870a9c5f2af
SHA512 b9e65c65bfd0c4b039c81cd7fa24486620eff68782edeffea14d3efef5852ca09aaa2b26eb718c3ffaa80ac100846726d1d5b6fac43f85944258ec1825a80712

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 93b6575e41e26d335de5cfba2f69176a
SHA1 2cc32d74f38c277836884330fd6e9ce9928ae754
SHA256 ac3eb91b038b27cb11538a7cb1a6a28c0351058458bb78c3b74559fe15d3f4b3
SHA512 f8de82efabf6e8c5348817ffd420f1c5603ffb815f094492a0fb3758f0e2a633483999eac7dace74feec4a96f0fb645b8d731cd713993215898a11e4ac44593a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 230ab95d87a717be265134072eb17c25
SHA1 71a3d3dd6f952057ba0c6025d39c9792ff606828
SHA256 3fdfeaa675697f08f1c7c0fd6b77512f4bf9465e670637e8e332e65ebb9db068
SHA512 9b0636421ad14161f211e846521149ab0a7c866e77db309dba79718487835204cee3821c9f4678e48e134614be6a02421c155a34b7c9bc424012137705960b11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 e93848e7f29b9126e8c2ed6b0bc630a7
SHA1 10c9807e351a13104c0ee913fe7002f6324199d6
SHA256 4e857dc011248d1ccd8fcf8972714cccc44d7045e0b9dcc18e663b2d754e4bc6
SHA512 54c9b845fef1dacf236f88e7a7de0d1b36a4a4bd20eb926d81ccb6a3f8e7ff78c04ea24fe757c677a2007249713dde30dbb18edefad38d0ad6888d61aa14fca7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 9b9cca078069425aaa63f1086b92330b
SHA1 0078f84235027a570801e0b9731682b7dfcd3080
SHA256 29019948065649db2327927225c07c6bb220b3c0775fe0d0476e12ad3a5f9503
SHA512 0b1b2bde9b39cc9bb4253cc34ffcdd8a0a707bccfd8dcb2c752fe2b74f2ff60777084bb55392fe59f81fb63bf6d934266e29e138affb1d5c7ffb908a7a96ee97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 ae1521b4a8ba6eff65fd2e89f6501af5
SHA1 1f286652addedd3cee2eddeda3a201a447167cc3
SHA256 7587198d79deef3ef5b9012d300f7ef9807ccd36e830fc1c8290113726da3e6b
SHA512 96dd9191f8c52b64d266bcdd381d8ca9541c21908d3951f5faf656897cca650df579b26fed4cd910ee010570e8c4cad17e788d81550c41af0b51eec3e6d7f6d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 8ce4f30cd023fed9fb478fa430a17a39
SHA1 2ade3f74795174c5580ddb6ceac14daa4b3de212
SHA256 8eb84c730e5c5bdb759ce142a7a2605cddc6f8057aa4eb025591375868b4b833
SHA512 606d26324e803db60d70c3940071c3e8d4af0075ce8fe00d6547014b5c95552739b6ca9977426622ef92679c18045019eaba6387612dc80d6b1fbf75f8910dea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 aedf50f6fc0accd5fd25ccaf5dd2eff9
SHA1 23463a3bcc1e21f72113c1142920272917439017
SHA256 bb888aa70ecdd34ceb9b9117d6c613566ed08d8367ccf0f2a7a4aafe7d732a41
SHA512 a5c7f818d3d68664b9a4c4199d62dcba9575afd7b537cdc18c54736ad8fcbd429fd6e430ad5e7f5d5b29d5c48aa1c1063a42c34e4edb0c8178e20b022451a102

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 dd508008d4aacf06ec17af92bce37d3e
SHA1 f2b318fa118c65939c6ae623dbc80dacd3d1f2b3
SHA256 d720b84f23eda4a7f83020bf0a13131b7a618a695bc890a7690088d28af639c9
SHA512 bc1f26997b5ffb75fc7c1aec2d75f2f8d4545f6c631f730160e87bd32b3e04ca82bd29cd8df4afaffc38b561f2f4e61d857e93c33fee7abfdf72f2479085677b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cdb371858b8dd94c1ac62e1c7ea11b3f
SHA1 f6309fbc7dff639031d96f5e4c793a28ecdf6d3d
SHA256 6b4c8fb22e4734c77e8cd4cff8a0567d0e70963608c18f3d09debba046f2c281
SHA512 07f0cf9d550cd3f4ba5937fa814c4f4b8994ef1d6d886b7e6c33fa5c6b49c524071828ca3077b2a2d1f5ebff4832c2f6c3b97645e83de4397917b83ca5bf3196

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\21860378f362cb34_0

MD5 32856fd69d15eae9d85b20401cb2891b
SHA1 e0f45b22c44e1c396ddcfb15c035895312388956
SHA256 22d714353139210a7364e115f231218a9af0a91b83df4b8a6353480426f354a6
SHA512 096b962c440d4225e65c4e5d355234cf2aea82c0c531c66a088e9d84d737e999922611f8d596ceb336d815d95b51a0deb9b906b76b4040ee3a7ba6143496453b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cb837a8a891343f5_0

MD5 1f14a5933fd2fd9299ce148ad42bb1b8
SHA1 df4d7a427bbabffebb8a4220e8df4aed49756837
SHA256 19d0923bc301505c39edfaa97c85839ad1edcda9536ba7fc4a991425295ba05c
SHA512 2831f21ec58c64076fb47aa8478521c10cf67f9da270019fb84603d7be398b9d431cf7d0e33c3bc31202b872c8b246591c28c8e2781bde704b9fd3f29bb94550

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d175429a11916275803441f8b51a619a
SHA1 094a0eb1ba226a7ee166c5301eeb876cc4959ae6
SHA256 85e8792f340fd034343c83b8e948bd28bf58385794d7346a67f232adaa26e264
SHA512 6e3b1078ae055f3a3918a9c124e0be066cd076db597f0d8c2bd0f8de48101eab805c6cae5019cdc0142f93c6c72668ac014798477e73057b6ee4071303906062

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\efcc4770f74da3b1_0

MD5 f420365a73189afbfff2835852855262
SHA1 2273629751c96e85129aeb7a1c417afe981b8825
SHA256 d8d7f1559ea514ece6c5726f36bc6ce30c9e0332de9756ec15884392e30eba75
SHA512 69fce7b7356d1be94624e5c6c4f4a527c06037541e407c218ad576e758fda6cf84483fc51ebb538b9282d180a9f4cfba33f2d39c9228a1175ac188f8dde33c1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f61a6913520d4f69_0

MD5 d0e9ca3cc5db1d9979efa8e39367995c
SHA1 d1f2c0a56b1815a4459bfc8e5ba01ee705231f8b
SHA256 a65852105eab5faefdb28f231ca8875afaedd6960d9ae2faec61cb7f8dac6f18
SHA512 804d587fed9d207bdbd439d07d406808a34a4fac2edc7adcef8c8f2005e6baee18a6e0bee3fcc1a7a26c325b24f7c575fcf0aa8b42f4e87e64cb804fc6ac628a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8639827639832ac2_0

MD5 bc9100e119747d476a9f9fb10ec1690c
SHA1 5158c3e39df6d51e1473efb51cb155ffea37da19
SHA256 dd26e04a649c436e5abc62dd2161b36cf55f947a337107853ac9f9e2ee1ed81b
SHA512 c54dcac70c446df8d0239134d62c3386d9771adb30cf73e194555f718b09a2794765b3099ad80a3351e745cd042eac9fca3272a06052d78ab3057e15be246b32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5477e535e53740a2c7625c43e1c3294b
SHA1 14d09ab95ebfdca0eb93b2ebe79c198bc57accec
SHA256 1007367aec5b58ac416808d112d9392098d0afb6784e3b879028cfe8cdd0824f
SHA512 2df7a4a1dc2b6ff1b12a984121e28cc9a668dc248f1fb544739a12338a417376f8aa31e13a6e26406d0517e2a8ab6834d4895c60a16d43067ff772b3d6303f79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dab7477a9524ed01_0

MD5 6c9bac3b675d20d1bd64787f629e1b91
SHA1 ded62c40e8627060d5ae9e79ce8bb9ef8a0f4bbd
SHA256 e6daac8c976d16c0efb2d4a4d7ce89123a87f6b95db95362f932a3c479eb938d
SHA512 3a974bc2407ad7ec5c8c8d843b32e99bbb546fef707421260fb0cee137644eef9d72a0a93ef0bb825e9f949deb6198560233d4999b52b30cdf6f34bd81fd0acc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d2db31610c17423_0

MD5 863928b8e25f4290f6b2ab2436b2d121
SHA1 f32ff2e04c425d45026ded3fbf15e193aebf2349
SHA256 23b9e320bbd53407dca86c17a6fee7702121638eed04dbeab5b060b3dccd0ad6
SHA512 bcff27e57686e6d605890b069b3e9eac7f4cf3c7c98be3476112edc3c155b2d4cdd781aa66c046881f259e0519cecfd27be9d891ca97aa05bf2fd4f5c6b72d00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1b0ce29730ff10fde33aca46fa9ad802
SHA1 9f2e38f5b7b42f397ad0561a5ea87598d3ad7603
SHA256 5849e2640feb560451614c22872e494db907128abeec1cfc58e716118b92f21f
SHA512 c07b048d3f8b1da46001ce4804b350ae1fa59f4fd228b96b6b81efdd6ad4ca998a280eb245ea580075f63ef3fdda4b226376b76f431ce6a1fce366f814281b18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\afd627069fb06aa9_0

MD5 a8a0ef78cbe6210640c1a89904dff745
SHA1 2af3832b3e5a0f96e5505bbe3e95f3e5b35ca4c5
SHA256 b22bec0051cb111c1ed9cb0703fec716782440c3a6aa029f7d6dfc0ef8ac100d
SHA512 ef0f5bd37add6c0f511a337493abfdf85557bd8d70f92494c8d9279f8d8c68f731b810e11570f718d0ae83d70f3e61779e16bd4e8f454404b48590d4462e77cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\32d0e7ce0721af93_0

MD5 80ce844b7c3c9724f587c03dac2a96bb
SHA1 cd5a3b8bacd949c650a0686b5a793de14ad2957b
SHA256 9dc35cafecfcc3783c31ac022cb1c3a773f1ca20fc5bfb99c3489562d910500d
SHA512 1d004794bde04c040c581870b3dc08cb686c136c7b2aa1fb2b48c93a59cb8861efa780364dc5ac31928bb675167890122e8af623e6208aa127fda936c9411a0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 ce9c5514037ece9d05e7d1f39ec4dae5
SHA1 41cdcc5d6928bdb3dea59f24a93e6c9a5c281d35
SHA256 59113f210d047feaec3554d9e554a141f371ca5a8d2fc8e93b8b9ef7013f8c6a
SHA512 9aec016d6c0bfa3ce4c2ff84a576aacee1118a045e02e42e97dc1ec4eece48f940baa4d99cefb8a5f1d18ca32a4b328e1d6e7887ff4ac704cc157fbf1c7f546a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 c56f3ef6c995c4ee56637412da2d2b5e
SHA1 adb19deb59b1414b441782668b1cfed5aaf8b79b
SHA256 91fbf4db16e06f03aa69274beaa67eec5b664a4db4a7e60acfc8123edd595d1c
SHA512 a5693c4fe074d25ccb1a522f819fd734d547bfe8813ee705478c0326d9cc82046b8a3646be2848a68263f02b12eff8a82df9565ed8fb1f7ff7e6a5f3d8e0262f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ed5e5801bcd4d97bbef8ba5cb10141e9
SHA1 a10a47e0bbefabe14dad0664c9740fb7f34cb336
SHA256 bab320157ec6603f91008aa5510d79fe9ce2ff26bafedb86ff8bc8d847d05a5c
SHA512 5af14b250f87240149eeccd46731d676ea4cdbd14cf189c19b19dfc8d5d468167c3a2ee24f729c6aff0639dc6e2c67aa96e66d72318660cb663593a85a4017fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8c68b93c17ab6f22c30d77b4461da91b
SHA1 6b7cdfd606c63842f8a354921bfb60fdaef138e4
SHA256 0e9be1859edd472d830b0997f93850ee33f1229c2566b134cab655b0f21e8318
SHA512 47fc06f0446e699382cbb94f9c922f82afea8abd5d285b713788c9f38d4fc1ad8dcec8469e8840aca41e8d71c3bf1fa9ec7ea5edad2dfe621566d1055152ac5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7558403077f7d36d0afa12d54a09f57d
SHA1 118e764882001196e6d38d9c909df28c0e73a022
SHA256 16a160c162de791bc43fec71b2e7003daaf0a1ee8c9801a1459bd74e25a0343d
SHA512 515bbc27b6fe4195386a14855730379b7bde01b0157c0c421d3cbec5106b1abd0d56c970dc7e685f59da14c656a5b6a3dfc3e10a56d7621cd9e53550a56c3184