Analysis Overview
Threat Level: Known bad
The file https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbk9UT25TQzQ3ZFFNeE9DR2wxN3NtUkVIbG41d3xBQ3Jtc0trNk04WnFqcDRIMFhzS3NRNmxDN2dzQXh6c2RudldxcUh5Qm9Pd3Z2alhTSnRZclBuSUlIdUtuS1BsRHVQeHNQX2dNLWRPSUI5TmZldklaWHhyZjl6T3VxUTBzVkZ2aDRURWZDSm5yVjRMaHE3ZGRuaw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2F3is42kz6mwjhj%2FFiles&v=qq0j1po9-D4 was found to be: Known bad.
Malicious Activity Summary
Vidar family
Detect Vidar Stealer
Vidar
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Uses browser remote debugging
A potential corporate email address has been identified in the URL: [email protected]
Loads dropped DLL
Themida packer
Checks BIOS information in registry
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Suspicious use of NtSetInformationThreadHideFromDebugger
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-05 19:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-05 19:56
Reported
2024-11-05 20:01
Platform
win10v2004-20241007-en
Max time kernel
263s
Max time network
265s
Command Line
Signatures
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Vidar
Vidar family
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Documents\S0FTWARE_(password_1234)\S0FTWARE.exe | N/A |
Downloads MZ/PE file
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\S0FTWARE_(password_1234)\S0FTWARE.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\S0FTWARE_(password_1234)\S0FTWARE.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\S0FTWARE_(password_1234)\S0FTWARE.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\S0FTWARE_(password_1234)\S0FTWARE.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Documents\S0FTWARE_(password_1234)\S0FTWARE.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Documents\S0FTWARE_(password_1234)\S0FTWARE.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Documents\S0FTWARE_(password_1234)\S0FTWARE.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133753104681453592" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbk9UT25TQzQ3ZFFNeE9DR2wxN3NtUkVIbG41d3xBQ3Jtc0trNk04WnFqcDRIMFhzS3NRNmxDN2dzQXh6c2RudldxcUh5Qm9Pd3Z2alhTSnRZclBuSUlIdUtuS1BsRHVQeHNQX2dNLWRPSUI5TmZldklaWHhyZjl6T3VxUTBzVkZ2aDRURWZDSm5yVjRMaHE3ZGRuaw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2F3is42kz6mwjhj%2FFiles&v=qq0j1po9-D4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5a6646f8,0x7ffc5a664708,0x7ffc5a664718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5684 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x4fc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7504 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,7840530839907437820,9124961366186817592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7640 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Documents\S0FTWARE_(password_1234)\S0FTWARE.exe
"C:\Users\Admin\Documents\S0FTWARE_(password_1234)\S0FTWARE.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc48edcc40,0x7ffc48edcc4c,0x7ffc48edcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,16025789273368738300,10916307629225994389,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1888 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,16025789273368738300,10916307629225994389,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,16025789273368738300,10916307629225994389,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2672 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3220,i,16025789273368738300,10916307629225994389,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3448,i,16025789273368738300,10916307629225994389,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4584,i,16025789273368738300,10916307629225994389,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4576 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,16025789273368738300,10916307629225994389,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4364,i,16025789273368738300,10916307629225994389,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4376 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4976,i,16025789273368738300,10916307629225994389,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4660 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5112,i,16025789273368738300,10916307629225994389,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4660,i,16025789273368738300,10916307629225994389,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,16025789273368738300,10916307629225994389,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5200 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,16025789273368738300,10916307629225994389,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5324 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5348,i,16025789273368738300,10916307629225994389,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5316 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4988,i,16025789273368738300,10916307629225994389,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5296 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc5a6646f8,0x7ffc5a664708,0x7ffc5a664718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,13479294948852490655,2723850512032513693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,13479294948852490655,2723850512032513693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,13479294948852490655,2723850512032513693,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2264,13479294948852490655,2723850512032513693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2264,13479294948852490655,2723850512032513693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2264,13479294948852490655,2723850512032513693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2264,13479294948852490655,2723850512032513693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,13479294948852490655,2723850512032513693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,13479294948852490655,2723850512032513693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,13479294948852490655,2723850512032513693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2624 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,13479294948852490655,2723850512032513693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4288 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,13479294948852490655,2723850512032513693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2456 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,13479294948852490655,2723850512032513693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2236 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffc5a6646f8,0x7ffc5a664708,0x7ffc5a664718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,13479294948852490655,2723850512032513693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2400 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,13479294948852490655,2723850512032513693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3944 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr3---sn-5hneknek.googlevideo.com | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| NL | 74.125.8.136:443 | rr3---sn-5hneknek.googlevideo.com | tcp |
| NL | 74.125.8.136:443 | rr3---sn-5hneknek.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 54.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.8.125.74.in-addr.arpa | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | rr4---sn-5hne6nsy.googlevideo.com | udp |
| GB | 64.233.166.84:443 | accounts.google.com | tcp |
| NL | 172.217.132.105:443 | rr4---sn-5hne6nsy.googlevideo.com | udp |
| GB | 64.233.166.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.17.150.117:443 | www.mediafire.com | tcp |
| US | 104.17.150.117:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| DE | 18.154.63.62:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 142.250.178.14:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 117.150.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.63.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 54.149.127.17:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.127.149.54.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.15.177.108.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.200.42:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| GB | 142.250.178.14:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 104.19.208.227:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 172.67.73.78:443 | www.mediafiredls.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 227.208.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.187.37.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.73.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 52.16.238.77:443 | bcp.crwdcntrl.net | tcp |
| IE | 34.248.111.137:443 | bcp.crwdcntrl.net | tcp |
| DE | 18.66.248.90:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| GB | 216.58.204.78:443 | fundingchoicesmessages.google.com | tcp |
| DE | 18.154.63.114:80 | crt.rootg2.amazontrust.com | tcp |
| DE | 18.154.63.114:80 | crt.rootg2.amazontrust.com | tcp |
| DE | 18.154.63.114:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 90.248.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.238.16.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.111.248.34.in-addr.arpa | udp |
| GB | 216.58.204.78:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.63.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ee3d37c060374187a47bcfdbe9f78751.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| GB | 216.58.213.1:443 | ee3d37c060374187a47bcfdbe9f78751.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| GB | 87.248.114.11:443 | ups.analytics.yahoo.com | tcp |
| DE | 141.95.98.64:443 | id5-sync.com | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| GB | 172.217.16.226:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| IE | 34.241.172.35:443 | ap.lijit.com | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| DE | 108.157.4.82:443 | hb.yellowblue.io | tcp |
| FR | 163.5.194.30:443 | prebid.a-mo.net | tcp |
| IE | 52.214.64.178:443 | ads.yieldmo.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.193.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.172.241.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.168.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.64.214.52.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 185.235.86.149:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.64:443 | gem.gbc.criteo.com | tcp |
| GB | 172.217.16.226:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.178.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.178.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.178.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.178.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.178.1:443 | cdn.ampproject.org | tcp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 149.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | check.analytics.rlcdn.com | udp |
| DE | 18.154.63.81:443 | check.analytics.rlcdn.com | tcp |
| US | 8.8.8.8:53 | 81.63.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download2296.mediafire.com | udp |
| US | 199.91.155.37:443 | download2296.mediafire.com | tcp |
| US | 199.91.155.37:443 | download2296.mediafire.com | tcp |
| US | 104.19.208.227:80 | otnolatrnup.com | tcp |
| US | 104.19.208.227:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | 37.155.91.199.in-addr.arpa | udp |
| GB | 54.230.10.111:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 104.21.79.34:443 | www.chancial.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 3.73.194.163:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 104.123.95.139:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.123.95.139:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.123.95.139:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.123.95.139:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.123.95.139:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.123.95.139:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 216.58.201.110:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | 111.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.79.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.194.73.3.in-addr.arpa | udp |
| GB | 104.123.95.139:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | 139.95.123.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| DE | 3.73.194.163:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 66.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | votae.top | udp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| GB | 2.23.210.82:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 22.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.201.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.194.219.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.210.23.2.in-addr.arpa | udp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | clients2.googleusercontent.com | udp |
| N/A | 127.0.0.1:9223 | tcp | |
| DE | 195.201.251.31:443 | votae.top | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| DE | 195.201.251.31:443 | votae.top | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:9223 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_3936_OMJLQZKJMHFQXREH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd4e64e22a04b029fdfaa78ad80e2937 |
| SHA1 | d87c49ed7e5a8b7da4170f03f2e5a131e33437a0 |
| SHA256 | dd650fcb0df576044f28caac9c034baf57b9208a57c72dfe9752bb1a9ca92daa |
| SHA512 | df8270efcfec900ec1c5ff0b24598c0f67191387a376a5bdffee4a8d9348a9d57fa24356f295381a64f45ea59baead19e88024ead38f914cf84d22d24c8858a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e9b157b621a4a26cec89bba77737e2af |
| SHA1 | 94b85021278971b0e94f09d3a54cfcd08daba23f |
| SHA256 | 45ce652ddd47f1bd96d3b1152318c1b26b9f4c6c8c5b8d3b6e7cb9e3b1a4520c |
| SHA512 | 0e029b66baaddfbea827c942165c55d197c0f6a63b6bb392e9d9189b709e4709a46be3d7903aa967020ea5ecbd898ee26a73a2fa3b3cc32d06525095c304cb62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b92a78f7cca2366eab01e62aded5dcd5 |
| SHA1 | 6edff72ac0ab9c54ec3e40ec23369a38207eb031 |
| SHA256 | f8df760a4dbecc87e639099b51dd7259d0424da0325905d6f6db8a3afedb44b1 |
| SHA512 | c029b2133362041bb39a749660b2b4e4d48d883ea30c1c3fab62601caf8fc2acd5861671703ed691c1350c685f08488ec6e05efef10f7df5e8fc22130f731c1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 819171ac567ae4967c59a4c71b630861 |
| SHA1 | 4439d9fd395450a556c7399838ee7e57dfd5e80f |
| SHA256 | a9ff586e3002b7c677b1220c604db38a22a27f8c1294dbfdcec4824dce479eb2 |
| SHA512 | be3b503a3f1c7509aee82a85ea96a819ff5467ced0edfbcdf70f1af4bc9c772bd63ce70da0ae90d4e32a8b0a05a5d5e58edb27ee6f70346d46575f170cf20943 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f37bd4195423c2110590be516e2bdc7c |
| SHA1 | ae365d01989a1077b94f53810c218d92eca9c320 |
| SHA256 | d5f2643368199822b1958a3bc1fd66310547685cd0929b2b8c6f7a3a6595cded |
| SHA512 | 14c3cc13f8907ba23563de96c0b83b514e1e3072745a809c37b5f33b8bb4151ce30fa343b0ff69cfa6ad198da4e5964bd29ecea022d589c43b34cade1c9705e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f3d6.TMP
| MD5 | a92f99990ca3537bffd482233a175973 |
| SHA1 | 82553cb1fe72267044f73bced7f04bb6e1fbff50 |
| SHA256 | e03dd448e5950b2f20f2f9c430bf470dec6bb12e0963d7bf38e7a4e97c4fa7ff |
| SHA512 | a6cad10eb1180fb5822c989d09f2aa9cf55bf7ff607125c8143eff98f0b9fef76ab0c3de13a39650d492af54631c0bcf47c005919a799d50841acc76578230bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | d21e023797f192d8804da542bc61dd39 |
| SHA1 | c80d9ac775cc07564edac41267acf5919ed48014 |
| SHA256 | 4c90cecb7138f19057e099a77cff9305d211207fd2bf8854c74b55c9d1de028a |
| SHA512 | 7523de8f328c0d1ea6a21d2736ea7b89b9a2de596389dbef3fc0b0fe1e1244eac1c6dd446ef57fdd8230596abb792ffb1d399552754439be6dc1e19021f7a227 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 52ccd47368cf193a47c7d9a3c441cf60 |
| SHA1 | 3dee05c3657b4d5430b341106a45ae4885d338e8 |
| SHA256 | adf5e1e1269fbf9566be5dfb5b56287aa80d505043dbe21fa895b0cf8d933dec |
| SHA512 | 955eaac9e86d3cfed3726517eae79494cec8331bc2142f8850ee33bf8e91b42b0a7941b789cdb5520cd43f095662524ca77c9b200b5a4270a3628c10b6403cae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | df12bbe04422715c7ba0048083177420 |
| SHA1 | b49e6f20ea4ecdc45af74397288be0dc7aadfba4 |
| SHA256 | ef3cf2630aa1ac6a95a17dadccb7838d6d6c5996728d50f1421839632099cd41 |
| SHA512 | 116b2f0d5d3da4d9a380485b9d2e442a3fbb972ae159ac32a6c4c093cf869e024af3cad43ee61ad3d9d132b20c91dd145e4269eced930525acd4520681067eed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0589654e2fca28f4e91e595ec99fd99 |
| SHA1 | 0abd0dbeb235e527d08045449efd0e5fcfeb5a59 |
| SHA256 | d042cf5919e9fe0f8592f25c17dfaa2a321386a6cf49754c1aaa8555bd4d43b1 |
| SHA512 | 9b89ca700512e603736f1ef90e3faf81005fb2993530d5a76e2c9ac02e921c952b285e546887c72ec3106f341c331a75a53637fc9db5a2251c060aec62437e68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 709d5056e426c5bbc90d854394c6f188 |
| SHA1 | f216faa2c40eb0a806ad89c4a6dae786fae4b712 |
| SHA256 | c43f037bfd056a13c50aab9578eb77b1ffc27b62aa77f73ffe46e84fd59b7cbf |
| SHA512 | ce931707f4b6f0968f398a1235218fc69f5632bd4c7b5140ae2aaebeb64b3f335d46f552321a624899dcdd13eed81897e13d0c9926ef3abd7b06925c94a84a84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 85ed6ca67ec6890a93d9ac0e776ece9c |
| SHA1 | 6f5c144e9a5eb83e2fed13d92772e217768c4b32 |
| SHA256 | 69f468b6a1d3f80a26517c4c7915fc9c080c49f81432c6a43e2d833e991fc1fb |
| SHA512 | 6d30d090f83c27a5a6104fcb7784d09bf59e6759becf8589b926007e2d6c660f688007837bdb983e001a80f22fbc76428a4005bd9d169e614f84d99d5d49e62c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c2995235fe5bb98bfd0ea638f30a6797 |
| SHA1 | 3b6611b51f53d9d218e517e880b71f8377daab5f |
| SHA256 | a1769f5037d20420db333dd63a1158bacffa13a14060df171e213ac9600dd64a |
| SHA512 | 964c044eb36db5b6b59739b1374c58afe7f0872b70cb447993c37a44368cdf37a45852a9c4b3d8208a129b2ebe6fc81541913c1cbf9b44dbb4cf2f2a814f9a2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9c3da88c18ec5800ab5013d0b9ba3cda |
| SHA1 | b6e399b354150f583ad1a72054feb0498f351f0d |
| SHA256 | edfd4e8af3957492fc42f1857d50f937ee42c36bf3413b62db7f99176d6fc323 |
| SHA512 | f20a9e71f821e130bc738ca1c3cc946efa6150534ca18602f0e85ed3b0df8b7d0e5b15e95eea61daea6c3e0bf5619f0e6a92b1123b7131c9068a1dcdd3d2a926 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e740da1af6e23d5c8c3ba8d140843548 |
| SHA1 | b179065e1ff60d5e4f27d0cb8b82cbdff6e43cdf |
| SHA256 | a382bece206855e47471a08c3ab4acc902aa4a453112e53debb6d62fc052a3d2 |
| SHA512 | 17aa1873bdfb9db1fc3912b100fb9a14a785f4b565ee9a90ac045085f03f0ddb10262970a312282e40faa1b931ec1d02d64112e149730f356c6fcf8e51bd7e96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58aa74.TMP
| MD5 | 55a7802fb732efc80b72939a49645e15 |
| SHA1 | 1c4a4519a8bd1ebee4e9ed9de7839e6dd4a021a1 |
| SHA256 | ddf34c0c7f8f2c40c734bc0a1b44a217b1d349af30cf22c2370877c532230a18 |
| SHA512 | a29da390454071115daea633dbd9797c36a871846ee75065f7aa3319c3f214887071f91788c931978eb2bbb86d2aa9fcec60e94ec3da1b2ef5970d702973db3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 56f8ee295e63ca4fd1432a20f55f5f17 |
| SHA1 | d01b0537a348c570bed55a5baff26a6f6e5eb877 |
| SHA256 | a1917788cf47ef8c92f62f8383e1c010ed48a15a88500a18a9576e67f5e5beff |
| SHA512 | e04789c52d262a61fd125f6a009fc139480a6e2aa3c5015d7b24b024f4144716ccbd7272432631695dfcd7859c2eb5954d3f7ee6873dcd0f586bb76cbceeeeff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0dc06d17b14711b86f0a4f8edf924831 |
| SHA1 | 6aa96e64d9ba5811dd4da8bf63268a9e9e6056a2 |
| SHA256 | 03e27f8429b8b7b7381f8becd8116bf5d7e7b29994e3493ab19f409105813135 |
| SHA512 | b6bb1984a8e9eedc04ad93ecbf4ba70a7b36290d68ff4324025dd602758c511a4ed5d0423d623c131024c376965c519dd25933bcb95620edf14dd4d6e01df912 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6302b60eb83e70dab0e14c9a780a345b |
| SHA1 | b7afecdb07ec743d055bb4cb641019d51a9dbb2a |
| SHA256 | 71b693a802eea751255e842b628a8b18687bea0137ce81b8601644abbe3c6278 |
| SHA512 | fc3cd065a388fba440b6a34e4cd63897bbdb852c2a85bb46f87fb5e59f2d71775e2c88cb313ddf638f7fd5fd49ffad938a2cc7964137dad1e783506baf64ce0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8a312e4b591908f3e21e5e325b7d0a6e |
| SHA1 | 591cf3b6265af59b0a6051c461ed41e677ad24a5 |
| SHA256 | 277b537481f70789a8ebe4b0e9542bbcaf094fb40fe9189d4b4f404640660d10 |
| SHA512 | 6f7345c932e95e4e147b1bb895aab9dcafb70ce3a9a9a3bcb22377f6ad9eee4859c548a46251954e43d6874deddfbb7fe0729b8a6165b156709faba77a03e9ab |
memory/2236-634-0x0000000000280000-0x0000000000F79000-memory.dmp
memory/2236-636-0x0000000000280000-0x0000000000F79000-memory.dmp
memory/2236-637-0x0000000000280000-0x0000000000F79000-memory.dmp
memory/2236-640-0x0000000000280000-0x0000000000F79000-memory.dmp
memory/2236-639-0x0000000000280000-0x0000000000F79000-memory.dmp
memory/2236-638-0x0000000000280000-0x0000000000F79000-memory.dmp
memory/2236-635-0x0000000000280000-0x0000000000F79000-memory.dmp
memory/2236-658-0x0000000021A50000-0x0000000021CAF000-memory.dmp
C:\ProgramData\chrome.dll
| MD5 | eda18948a989176f4eebb175ce806255 |
| SHA1 | ff22a3d5f5fb705137f233c36622c79eab995897 |
| SHA256 | 81a4f37c5495800b7cc46aea6535d9180dadb5c151db6f1fd1968d1cd8c1eeb4 |
| SHA512 | 160ed9990c37a4753fc0f5111c94414568654afbedc05308308197df2a99594f2d5d8fe511fd2279543a869ed20248e603d88a0b9b8fb119e8e6131b0c52ff85 |
memory/2236-677-0x0000000000280000-0x0000000000F79000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\30220815-5a5b-48a1-ba42-1832ea925ffa.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir5992_1514383280\ad3a4ad7-cf70-488d-82cb-378ec7a7e12f.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir5992_1514383280\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 736221d16dfa1aed494be7e4badacd32 |
| SHA1 | 94fe0c7558f74f25d253ebb6230d16d921a77111 |
| SHA256 | 84483264b5ae742e47ee78bf418a1e372804dd60fef56f92c3542ec98efb110b |
| SHA512 | c43051be0339f90a58c90ea0cebe33c51f89a4847e2749007193d6be32de40ad80e53e29477a6ca29b48544b01102dcc386013a41ccddba9b0041dc4598bbddb |
memory/2236-1101-0x0000000000280000-0x0000000000F79000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | acf9c54d17ba490936ce63b6179eb769 |
| SHA1 | 1c304383bc91c12a382bb19ecfcc7213b06d227e |
| SHA256 | db77b2536d6e277fcfc1eaf3d5ed15a4a23e6e4c917a4168010a68c8cbc560b5 |
| SHA512 | 596bb45ce23f7f66bb3cab31f643345fb64fb488e8032d3690ef550b1e107abc6a1177712153344b964cfa0a464de038a5b88a6e3a582f5bbffb875e06a6bcc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 89dae4224bc9c82aeebc527c8ad534f3 |
| SHA1 | 7cbf9004cb6a979bb2757e13cbeef315c2bb6f59 |
| SHA256 | 91ee55be2b4dc3432c707a8ade487ec5db276626e788d3fd01a2e14b19ee4f8d |
| SHA512 | 4db5b5afc6110dfea6e97eea6fc5dcae618d44d1bc9bbebf2c0e5adfc37fbc8e21ab8f4ae2010f6c9b90bfd70a5980b5d4487013aa7ad952ad737c7e8b7a82bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 3dac22c955440eb4df87cf356b4152b7 |
| SHA1 | cd17e749653296be83affd995618b1da20c93de2 |
| SHA256 | a91c7ed96239449917bdba988a46a3b6557bfb3af5e0afd83a248caca12dedd1 |
| SHA512 | 999b9efe707eda770a66ed4290566b3708b6dafa217e5568491223b4835f3cbd0bf2086c704e9c987e56dfcf0d7f7eeb142c34356433bca7cd320cfa4b2c25af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 35c4be01c35042648dee46133fdd6683 |
| SHA1 | 85609ef6a791320ce924bf3453440449d4fc6682 |
| SHA256 | 9e1c0cc3317261e16df700a51d0016ed68dfd344856a43f0781a9831f80ee459 |
| SHA512 | c67eb37fabbe4ed1ae791bc12903a6ae31065549aa81fc50cfcc981843e51b7c628e2fdcdffd057377c94cd632762a65706320082d755a5dd4a740e15bfbc74a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 02f2a5a52dba33dc2a147c26479d7ad1 |
| SHA1 | 5e0967b8ab776c9c826aa5c9b6fc21607cabfc7e |
| SHA256 | 0358213f9481b52851ca9790de962283eda98c4db00f32e142552dc1aead74e6 |
| SHA512 | 7ce15d2c522f50a6319841188dbf103268a8cf1927a446d993ed4f8881b8e2bce5856ad27af670c1cf9f9f6b2700946e79179c1bc70ecb703e3cb660e01725bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | b7e6ed57af2eedbccf9e03cce786eea5 |
| SHA1 | 6413427d4d2ed61402b4489ebb533399fdffdeb3 |
| SHA256 | 7d1a18b867e8e0de334708bc93cd4b2e78635bc58e4e2501300d88f4852cb957 |
| SHA512 | acf81e2ce8cf0934bc24c166baaeca59992fced164397b778f5f2e12a4530a41fb4c1b7df75ece6c722b1d6b3091586a1e816c0d1b91f41ed4a20b1c8bdcc25c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e7feee9f349fe639e77ec6334d089fbb |
| SHA1 | 2b546425a30c49f63a123dac0b74c58ebb707629 |
| SHA256 | 8ef95abc9b6856e1e6177364ff00f607b64b13470ef00fd541c9be72b5cfa57d |
| SHA512 | cdba12e6ccc8abe32fbc2bfc15c6c8939c3bdbf12f17920fde0ac65a919fd122074857b682c51ca52dceed49bceb6ce7f558bf544697e80af23c0c84a45951c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13375310228084226
| MD5 | 94e8367d32c5ba9396f942e3cfe89590 |
| SHA1 | b6827f9b19bdd174e49dfc389f31307fadab9b84 |
| SHA256 | b78ca344f2cb22e759e97d2da95a297bc008a052ee084e082db0688022b18467 |
| SHA512 | c6c674a8b776153d2ba2e175c63331b8664716071b8686b564b6aec27296a1c2187f116527b9b31e348d4252b3284bf96ec72f632684090e6967e58b55930bd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13375310228256226
| MD5 | 16e08e14b7dcd53f258b93b4dca953bd |
| SHA1 | 61ecb2a3fd3d234c89ee7f43db0ffcaa5d779aa6 |
| SHA256 | 269462cc0122b092f12d48c1486d89c282a295c84491ac3b78c6d4d16830824a |
| SHA512 | e2f3153ea7c4b21400838f1da04aeb8f466bf9e7f0e6e2e2805009ef63176da3d59ec153a67296d9d4ceca6aa908a8fa61f4f6a23231e8cdd1af02e0030c3f77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 36a70bff40de7921abab1c2240a299b1 |
| SHA1 | 77476e343cf28e92723e0a0319828ee9a5f28269 |
| SHA256 | 9a8843109e61d353b2750bdf4c2b6d14876679fa5ff4ffab6df0f98893ba64de |
| SHA512 | 3636856eadb7c91f49f4cc32c9b9757c5b855f1405f10754913968370e45598de8dd2834d61406e0943a786ad8e20cc31284f2040a9aa481e95833adb395b2ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 83705ce1df39d16bb7eca24bb6a8d24a |
| SHA1 | fcaa976fbe79f9788be50734004457b0d63f9645 |
| SHA256 | 377d56d8ddf275e8e6c5b48350a2c9311a32323da4e87c078c43d9c92e4a4aff |
| SHA512 | b93784bcced6b5dc005b618e1cdd737f5d9bfb542dc9dca584923d24eee9d614d8dd066ee28f380463dd431dd3230f9407fb213ea3f97fb7bc8ee26c59f7278f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 1471550214030f6673328ab58832b124 |
| SHA1 | 51827c1db46b773f88e6fdbf80572bd48f9c35b3 |
| SHA256 | a3e496e4456250f8253a7687b620489163d1bd8dd9619a7b0969b26547cd0e9e |
| SHA512 | 6aadc98aec371e8242a35c6e149e9fefa01fed81703ab58f220dfc584ef362305ccba6277087c1a0e8d7a867a6bd8d48b8706577c734010dac4abb7e753b2a85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
| MD5 | ba2f3dfb37652951ebfa52bdadb5e900 |
| SHA1 | e9af6c5a83601ffbaf3f8705f4a88ae61e70abc8 |
| SHA256 | 1962a6cbcfd845ea390075c7600ad02b40d583cd5795d1b4bd7fa3160e6beaca |
| SHA512 | e5cfbe5cf69f6e4946d1487a26903764b2fdc4309bd8968498ad18c3b987310fb8e864910903163a5dfdcbe228b27b1da3b791eace47077d4d826233724ff488 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | c40c14a6e0bdbc1f0d8f5ef78c8f169f |
| SHA1 | 4101d9fbbfb93b8c6a87b1e88d90af88375f384a |
| SHA256 | a6f01eaaea4d2683b868880812bb053e5db674b83361cf1471b740d5075e138c |
| SHA512 | 96bee7a9c9c96dce38549428fa485cedf38c19b4f4fd88f86683d84cd16e985ddf087bebdf36f9dd0265e44b2cf1ee4ecb4ee83d3235546af3d8866b4c9b7a37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a545e50b6e4b5b0806185186a2bb9d7 |
| SHA1 | e5cf1d2a86493b0796c38b9390f8801a279f1c70 |
| SHA256 | ec9e8fc185039635d763467e502a43b04ff5948a8a5a56f5e7c40cef55ad0499 |
| SHA512 | ca3d4efbc178a2564109edf582d6e6970c6d91cf6d980df22f5df8ee128735a6858ec9666cdc0105ace6d3f9f87643d7571b14f2f91f7e0ebace466ba0d29945 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\99b4da5d-ea3b-4a9b-9899-dcd30fe8002f.dmp
| MD5 | 6382def3a23643d04d14bc5fbf261224 |
| SHA1 | a5d065e1e8b7c3a267bdc87faf922bb1f7534347 |
| SHA256 | 97f8d131afc3e31bdf3589977652a1d29a7337b87f403e6cdd29727111cb302f |
| SHA512 | 29f82601d2eee0a2fbb33e965071ea72b8ac9c54252924e52135000b8ab83c0e45783ff090a9b8f6be3ee0222c8b2e845ba9f65fa3d974257ce42a4d217edfb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1a4e3b58c155cf69b0c2863fc1ede582 |
| SHA1 | 6cc495886933a550ddd42c02a6de5e5eb240c05c |
| SHA256 | db6142dfd2dc870e654295a8f92952e84e67661a9424149b9416c93ad34ecd63 |
| SHA512 | 34d3ea16c6cdf464fe9cd09808d846595da13bf96b4d8a40320517edcfeee21a2c93eb2ca3839cc1137ae5118562145f58c706ff375c4367002f7e6f47010f89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1edfc049-8bbb-40f0-96f4-bdd6756d6b7a.dmp
| MD5 | 25bad79b43fde8af254e5570f841430b |
| SHA1 | 584727fc96f3c142b497db7a63b6cc8250ffc924 |
| SHA256 | 225d1336db3581ba1d7d81324e22d290b5f6688e9dc08fbe78398a7ac2a2cf8b |
| SHA512 | fba90d4249c6a13259b16391f1b6ea8d6fcb493b839d421baca912ef8a2c0f3226a8d2e38c15671f8962e92225fffa1d56a655ffc4f9b045456fb064949de0d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\a4d1b0f1-29e1-45a1-a52a-8fb592f97a6d.dmp
| MD5 | dc5804abc31fd911aaa244f2907869a8 |
| SHA1 | b947479802c054715fb85e11c978c3ff8178915e |
| SHA256 | a5a7c177965fb7335472a8ad92afa061c0409f8b565809d7611bfe9cb53a5436 |
| SHA512 | 7d931a0e4542f2b7df4805d5e2ed04bbae6897cfd8450469397ab5709208c2714b3fb3364635f073e86c32451819cdd24a497daf333dae4ef5ec0e278aa3257b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c4037143-c1e4-445a-b306-9df3f5bfa1c6.dmp
| MD5 | 9aa040a66343eeb3f8e0407f2ecf601e |
| SHA1 | 349ae5e7c186c19279593af20cb433ad868e4c0a |
| SHA256 | 4ff2acdd7223e0093ef3d851385e8160992fc004ffb262d67851526b7ec3614f |
| SHA512 | 2ccca209d06d5da9f547ed6004080483a74a603b5b1777468d41c24df0ea8dd5d6fd9b7598899d9f964ffcbb937c7e664141606aa4cec23908322df7f93198c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 93fd3cd64dc69736ff3e6fb37de89a27 |
| SHA1 | d47e4916814e7cb02706439294009e3fb87d57a9 |
| SHA256 | e608a97354b6df427cfeb75edd3dfb61fbb6ecaf1a3c924670ff38583eeea22c |
| SHA512 | ec6775fe972adf63f6ee5701abb2b44ffdc24a6f2693f304dafd13fdd77868d92bbe282ab0222931648366a4b2adbf6702c33969af4aecfce00a92e825dfbbe9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\ea239e4d-4b09-48f8-a36e-6532f08788c3.dmp
| MD5 | daf9dabc4fac7ff37c2f33ba075970e1 |
| SHA1 | 54c6c0b5735133a71a89a4a7b3de0575af677a0a |
| SHA256 | 09b72705e6e618cb7a252ac4bd6573fd54d89178da85db209372664a580ddbdc |
| SHA512 | dc00a4b274da69435617f02835a847c7ac25689a0d71036545382eec8d341dfe0aeffe37e3669dfc427b826a417e3e32a94e30628f2a89f179dbee92bbe83945 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\31ddfe98-8853-4b26-a225-13984f1bbc7f.dmp
| MD5 | aead682d9b22cb76463f3c68fcbaba90 |
| SHA1 | 8cc387a43a762a849de9d108c9ea8e7944dee5b1 |
| SHA256 | a03360f87083da9e16184808e665823ace3d1339d93527432ec97845bf8f615e |
| SHA512 | f7c8f7fea17c42c514014a574f855ac9a3c44bae428e4f614241ee1291c325811f19752ca71bcca3fdba071e5a4a49ddf4596264a5fe061e941c861f0717d37b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8eb4796437450894406cc7f41768dad0 |
| SHA1 | a7a31fcc68a422f3b2bc93f1b5c2fda920b4a80d |
| SHA256 | 8d38ef72681d91840d7ad0546dc16dfe63be855bdb82084c15aad86fbfa119cf |
| SHA512 | 1143a487331b76fa7a344597478f0568fc0cea704f09e572b02c49dd4c299c01a030b16f18d6def9ef92d7f584ed2d21e9acb5d785cf10c1e6bc2390fd425d6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 417747ab69aa84575636fd22f10d6c5f |
| SHA1 | 383cf8dc901d555cab66b5af8c023dd145464e2e |
| SHA256 | 83ca2c69ceaa8516cb7a246129dbf22c67c4961e9f6fcb7f694616ee432cd5e2 |
| SHA512 | d47f289a13682a0e12ec310f885e60106b7e2aa8c4dd192d975524a58f0cbb831ffc8e0078dbbb2e6fe8e4c3b83bfc873e509d953cee9830b0f7edfd36c5f915 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\ee186996-a986-4606-a220-e58c118743f6.dmp
| MD5 | 32a825c39c97a3cf60c4a266ead07172 |
| SHA1 | 2a2629c6b2fbb050a98c96b835941d471751f00d |
| SHA256 | d6102f750cdac5d1a514d0566a265846e66c94045b6803703ec077ca6652df66 |
| SHA512 | 29a9d35561834defc1b063ef7ca4720cfcadf016404e44340acc920fa80635fe50a9255f4d8b269494d01e4b15360c55d69a1daa5092047c11836bb390c6e904 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\4f101412-a9cc-4b7d-b7a5-be97aee0903c.dmp
| MD5 | e342830a034b66f51159a2ecba8556f9 |
| SHA1 | 12de9c178cc2c63bbb0e5676e4f6d66bc95879d2 |
| SHA256 | 3840211b7d1d7f7b2f4fead5c347cfb96f6b26e18fd7e93808fce4da2f235692 |
| SHA512 | a197ad1d2aad407fab6b0252a653d2d9a45328569672283cc1c3d751c88a734fc021bd56db7bd4c23878a664d417aa358c140c0f954bc780855c0410a8c84aba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 112717ced5426247c2f3814d453e7eda |
| SHA1 | 6f03bc95a826d0f8e84832ebe590343a2f515754 |
| SHA256 | 00ba09e318ded805e6e6fa428e84ca5efe330cf3df1f2077d368ab986fc0c07b |
| SHA512 | 1e59444fdf63de8acb1b6ece747c552cb03dbec8db10c86d76585f1190eaf392d0f9c6a9e1e6ab842c8bffd2779e400825956c3ad2435beee44f69cb413d8f4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\35458af0-3ffe-487e-b39d-d5eba4872da8.dmp
| MD5 | cb24a338dd53a067ea3ac8762344a1e7 |
| SHA1 | 76c6b3dd8627c5fe3b32ef6e1a00738af8a9cc33 |
| SHA256 | 8943ecf074d3bdc8bea7453eee11c2f91416414763aa25e62384f8de26fcd93f |
| SHA512 | 6eb5f967652814de097f140bf34bd8c60f107dcb165fa1ef8c6c58bb729a1abde7d10e806f3d208bed8262a2f7400df1b7a5b153ee6b08bc3239068a345a6427 |
memory/2236-1517-0x0000000000280000-0x0000000000F79000-memory.dmp