Malware Analysis Report

2024-12-07 10:03

Sample ID 241113-3l31ys1gll
Target Spotify.exe
SHA256 d3f0b6a5e1797be376a82e6887f414cfb448e4fcc87d9d42c2672b387f0e1f3c
Tags
vmprotect defense_evasion discovery execution impact ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d3f0b6a5e1797be376a82e6887f414cfb448e4fcc87d9d42c2672b387f0e1f3c

Threat Level: Likely malicious

The file Spotify.exe was found to be: Likely malicious.

Malicious Activity Summary

vmprotect defense_evasion discovery execution impact ransomware

Deletes shadow copies

VMProtect packed file

Checks computer location settings

Enumerates physical storage devices

Browser Information Discovery

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Interacts with shadow copies

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Volume Shadow Copy service COM API

Gathers network information

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 23:36

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 23:36

Reported

2024-11-13 23:39

Platform

win7-20241010-en

Max time kernel

14s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Spotify.exe"

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 392 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\Spotify.exe C:\Windows\system32\WerFault.exe
PID 392 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\Spotify.exe C:\Windows\system32\WerFault.exe
PID 392 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\Spotify.exe C:\Windows\system32\WerFault.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Spotify.exe

"C:\Users\Admin\AppData\Local\Temp\Spotify.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 392 -s 852

Network

N/A

Files

memory/392-0-0x000007FEF5E03000-0x000007FEF5E04000-memory.dmp

memory/392-1-0x0000000000E40000-0x00000000013FE000-memory.dmp

memory/392-2-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

memory/392-4-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

memory/392-3-0x000000001CA70000-0x000000001CBEC000-memory.dmp

memory/392-5-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

memory/392-6-0x0000000000880000-0x0000000000890000-memory.dmp

memory/392-7-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 23:36

Reported

2024-11-13 23:40

Platform

win10v2004-20241007-en

Max time kernel

207s

Max time network

211s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Spotify.exe"

Signatures

Deletes shadow copies

ransomware defense_evasion impact execution

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Spotify.exe N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\ipconfig.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\vssadmin.exe N/A

Modifies registry class

Description Indicator Process Target
Key deleted \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\AppData\Local\Temp\Spotify.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache C:\Users\Admin\AppData\Local\Temp\Spotify.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Spotify.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Spotify.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Spotify.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5056 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\Spotify.exe C:\Windows\System32\cmd.exe
PID 5056 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\Spotify.exe C:\Windows\System32\cmd.exe
PID 1788 wrote to memory of 4840 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\vssadmin.exe
PID 1788 wrote to memory of 4840 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\vssadmin.exe
PID 5056 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\Spotify.exe C:\Windows\System32\cmd.exe
PID 5056 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\Spotify.exe C:\Windows\System32\cmd.exe
PID 3964 wrote to memory of 2940 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\ipconfig.exe
PID 3964 wrote to memory of 2940 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\ipconfig.exe
PID 5056 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\Spotify.exe C:\Windows\System32\cmd.exe
PID 5056 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\Spotify.exe C:\Windows\System32\cmd.exe
PID 2104 wrote to memory of 924 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\fsutil.exe
PID 2104 wrote to memory of 924 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\fsutil.exe
PID 1780 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1780 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\Spotify.exe

"C:\Users\Admin\AppData\Local\Temp\Spotify.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /for=C: /quiet & exit

C:\Windows\system32\vssadmin.exe

vssadmin delete shadows /for=C: /quiet

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C ipconfig /flushdns & exit

C:\Windows\system32\ipconfig.exe

ipconfig /flushdns

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C FSUTIL USN DELETEJOURNAL /D C: & exit

C:\Windows\system32\fsutil.exe

FSUTIL USN DELETEJOURNAL /D C:

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb2a3d46f8,0x7ffb2a3d4708,0x7ffb2a3d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2032026464526698605,3956731947244640981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
GB 95.101.143.219:443 www.bing.com tcp
US 8.8.8.8:53 219.143.101.95.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 file.io udp
US 143.244.215.221:443 file.io tcp
US 143.244.215.221:443 file.io tcp
US 8.8.8.8:53 www.file.io udp
FR 3.165.113.125:443 www.file.io tcp
US 8.8.8.8:53 hb.vntsm.com udp
US 151.101.131.42:443 hb.vntsm.com tcp
US 8.8.8.8:53 221.215.244.143.in-addr.arpa udp
US 8.8.8.8:53 125.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 38.201.222.52.in-addr.arpa udp
US 151.101.131.42:443 hb.vntsm.com tcp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 8.8.8.8:53 hb.vntsm.io udp
US 151.101.1.194:443 hb-vntsm-com.global.ssl.fastly.net tcp
US 104.22.46.142:443 hb.vntsm.io tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 173.194.76.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 ad-delivery.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 42.131.101.151.in-addr.arpa udp
US 8.8.8.8:53 232.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 142.46.22.104.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 155.76.194.173.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.exelator.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
FR 13.249.9.21:443 cdn.exelator.com tcp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
FR 52.84.174.6:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 mydmp.exelator.com udp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
IE 34.254.143.3:443 mydmp.exelator.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
GB 216.58.212.238:443 fundingchoicesmessages.google.com tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 onsite-tag-logs.apps.nielsen.com udp
US 8.8.8.8:53 load77.exelator.com udp
US 44.207.166.221:443 onsite-tag-logs.apps.nielsen.com tcp
GB 89.187.167.38:443 load77.exelator.com tcp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
NL 63.215.202.146:443 proc.ad.cpe.dotomi.com tcp
GB 216.58.212.238:443 fundingchoicesmessages.google.com udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 122.194.245.18.in-addr.arpa udp
US 8.8.8.8:53 90.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.9.249.13.in-addr.arpa udp
US 8.8.8.8:53 6.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 230.175.78.104.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.143.254.34.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 38.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 146.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 221.166.207.44.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
GB 142.250.179.225:443 lh3.googleusercontent.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 120.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 cadmus.script.ac udp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 i.clean.gg udp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.edkt.io udp
FR 18.245.199.156:443 aax.amazon-adsystem.com tcp
US 34.120.111.33:443 cdn.edkt.io tcp
US 8.8.8.8:53 track.venatusmedia.com udp
US 34.95.69.49:443 i.clean.gg udp
IE 63.33.29.152:443 track.venatusmedia.com tcp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 33.111.120.34.in-addr.arpa udp
US 8.8.8.8:53 156.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 152.29.33.63.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 api.edkt.io udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 34.120.111.33:443 api.edkt.io tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 35.71.131.137:443 match.adsrvr.org tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
FR 18.155.129.56:443 tags.crwdcntrl.net tcp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 dnacdn.net udp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 ex.ingage.tech udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 apex.go.sonobi.com udp
NL 81.17.55.99:443 prg.smartadserver.com tcp
NL 81.17.55.99:443 prg.smartadserver.com tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
US 172.64.153.66:443 elb.the-ozone-project.com tcp
FR 163.5.194.36:443 prebid.a-mo.net tcp
US 69.166.1.64:443 apex.go.sonobi.com tcp
IE 54.194.120.205:443 bcp.crwdcntrl.net tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 172.64.146.150:443 ex.ingage.tech tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 56.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 99.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 66.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 150.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 36.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 85.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 205.120.194.54.in-addr.arpa udp
US 8.8.8.8:53 230.93.153.18.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 64.1.166.69.in-addr.arpa udp
US 172.64.146.150:443 ex.ingage.tech tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 8e4b8987992fda02cee2f71407280a2d.safeframe.googlesyndication.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 tg1.aniview.com udp
GB 142.250.200.1:443 8e4b8987992fda02cee2f71407280a2d.safeframe.googlesyndication.com tcp
GB 142.250.187.226:443 ep1.adtrafficquality.google tcp
GB 104.82.233.61:443 tg1.aniview.com tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.187.193:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 61.233.82.104.in-addr.arpa udp
US 8.8.8.8:53 feed.avplayer.com udp
US 8.8.8.8:53 track4.aniview.com udp
US 8.8.8.8:53 player.avplayer.com udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 172.240.45.75:443 track4.aniview.com tcp
GB 2.20.12.106:443 player.avplayer.com tcp
FR 185.235.86.153:443 ag.gbc.criteo.com tcp
FR 185.235.86.237:443 gem.gbc.criteo.com tcp
GB 95.101.143.160:443 feed.avplayer.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.193:443 ep2.adtrafficquality.google udp
GB 216.58.201.100:443 www.google.com tcp
GB 2.20.12.106:443 player.avplayer.com tcp
US 8.8.8.8:53 player.aniview.com udp
GB 2.20.12.106:443 player.aniview.com tcp
US 8.8.8.8:53 play.aniview.com udp
US 8.8.8.8:53 content1.avplayer.com udp
GB 104.82.233.61:443 play.aniview.com tcp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 153.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 237.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 160.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 75.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 scripts.webcontentassessor.com udp
US 151.101.66.217:443 scripts.webcontentassessor.com tcp
US 8.8.8.8:53 st.pubmatic.com udp
NL 185.64.189.221:443 st.pubmatic.com tcp
US 8.8.8.8:53 go1.aniview.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 172.240.45.81:443 go1.aniview.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 217.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 221.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
NL 81.17.55.108:443 ssbsync.smartadserver.com tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 sync.aniview.com udp
US 172.240.45.96:443 sync.aniview.com tcp
IE 18.200.140.103:443 ap.lijit.com tcp
US 8.8.8.8:53 81.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 192.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 108.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 115.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 cs.krushmedia.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 s.company-target.com udp
US 34.98.64.218:443 u.openx.net tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 34.98.64.218:443 u.openx.net udp
US 8.8.8.8:53 assets.a-mo.net udp
NL 35.214.136.108:443 x.bidswitch.net tcp
DE 51.75.86.98:443 onetag-sys.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 80.77.87.216:443 cs.krushmedia.com tcp
US 8.8.8.8:53 sync.1rx.io udp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
DK 37.157.6.254:443 c1.adform.net tcp
US 34.96.71.22:443 s.company-target.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 inv-nets.admixer.net udp
US 13.248.245.213:443 eb2.3lift.com tcp
DE 18.197.30.174:443 match.sharethrough.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
GB 2.20.12.106:443 content1.avplayer.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
DE 51.75.86.98:443 onetag-sys.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
NL 35.214.136.108:443 x.bidswitch.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 104.19.158.19:443 assets.a-mo.net tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 8.8.8.8:53 odr.mookie1.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
GB 142.250.179.226:443 cm.g.doubleclick.net tcp
FR 217.182.178.229:443 ssbsync-global.smartadserver.com tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
DE 116.202.167.133:443 inv-nets.admixer.net tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
US 34.160.236.64:443 odr.mookie1.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
DE 116.202.167.133:443 inv-nets.admixer.net tcp
US 8.8.8.8:53 s2s.aniview.com udp
US 8.8.8.8:53 cs.ingage.tech udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 103.140.200.18.in-addr.arpa udp
US 8.8.8.8:53 96.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 sync.a-mo.net udp
US 34.195.202.207:443 cs.ingage.tech tcp
US 172.240.45.70:443 s2s.aniview.com tcp
US 172.240.45.70:443 s2s.aniview.com tcp
GB 2.20.12.69:443 acdn.adnxs.com tcp
US 34.195.202.207:443 cs.ingage.tech tcp
US 34.195.202.207:443 cs.ingage.tech tcp
US 34.195.202.207:443 cs.ingage.tech tcp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 optimized-by.rubiconproject.com udp
US 8.8.8.8:53 delivery.redpineapplemedia.com udp
FR 163.5.194.34:443 sync.a-mo.net tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
DE 52.58.43.76:443 optimized-by.rubiconproject.com tcp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 251.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
US 8.8.8.8:53 98.86.75.51.in-addr.arpa udp
US 8.8.8.8:53 254.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 216.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 174.30.197.18.in-addr.arpa udp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 64.236.160.34.in-addr.arpa udp
US 8.8.8.8:53 229.178.182.217.in-addr.arpa udp
US 8.8.8.8:53 89.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 133.167.202.116.in-addr.arpa udp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
IE 52.18.189.240:443 delivery.redpineapplemedia.com tcp
IE 52.18.189.240:443 delivery.redpineapplemedia.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
DE 79.127.216.47:443 id.a-mx.com tcp
DE 79.127.216.47:443 id.a-mx.com tcp
US 74.121.140.211:443 sync.mathtag.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 52.204.245.185:443 sync.srv.stackadapt.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 104.18.6.198:443 gum.aidemsrv.com tcp
GB 142.250.179.226:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 67.202.105.23:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 52.204.245.185:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 bc-sync.com udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 69.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 70.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 207.202.195.34.in-addr.arpa udp
US 8.8.8.8:53 34.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 76.43.58.52.in-addr.arpa udp
US 8.8.8.8:53 240.189.18.52.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.2.108.175:443 bc-sync.com tcp
US 54.147.159.241:443 cs-server-s2s.yellowblue.io tcp
US 8.2.108.175:443 bc-sync.com tcp
US 8.8.8.8:53 211.140.121.74.in-addr.arpa udp
US 8.8.8.8:53 185.245.204.52.in-addr.arpa udp
US 8.8.8.8:53 198.6.18.104.in-addr.arpa udp
IE 54.155.94.181:443 jadserve.postrelease.com tcp
US 50.31.142.31:443 b1sync.zemanta.com tcp
US 50.31.142.31:443 b1sync.zemanta.com tcp
US 98.82.156.207:443 s.amazon-adsystem.com tcp
US 54.83.39.146:443 api-2-0.spot.im tcp
DE 148.251.40.147:443 sync.richaudience.com tcp
NL 35.214.130.46:443 csync.loopme.me tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 track1.avplayer.com udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 172.240.45.76:443 track1.avplayer.com tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 sync-service.net udp
US 8.8.8.8:53 targeting.unrulymedia.com udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 204.62.12.209:443 sync-service.net tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
FR 18.244.28.8:443 hb.yellowblue.io tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
GB 216.58.213.10:443 imasdk.googleapis.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 cacerts.geotrust.com udp
SE 192.229.221.95:80 cacerts.geotrust.com tcp
US 8.8.8.8:53 bttrack.com udp
US 192.132.33.67:443 bttrack.com tcp
US 8.8.8.8:53 b36d3910ccb1f3b25b4b77bb91670520.safeframe.googlesyndication.com udp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
GB 216.58.213.10:443 imasdk.googleapis.com udp
US 8.8.8.8:53 23.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 241.159.147.54.in-addr.arpa udp
US 8.8.8.8:53 181.94.155.54.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 46.130.214.35.in-addr.arpa udp
US 8.8.8.8:53 147.40.251.148.in-addr.arpa udp
US 8.8.8.8:53 207.156.82.98.in-addr.arpa udp
US 8.8.8.8:53 146.39.83.54.in-addr.arpa udp
US 8.8.8.8:53 31.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 76.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 35.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 115.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 8.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 209.12.62.204.in-addr.arpa udp
US 8.8.8.8:53 67.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 id.rlcdn.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
GB 142.250.187.230:443 s0.2mdn.net tcp
GB 142.250.178.2:443 pubads.g.doubleclick.net tcp
GB 142.250.178.2:443 pubads.g.doubleclick.net tcp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 csi.gstatic.com udp
US 209.85.144.120:443 csi.gstatic.com tcp
US 209.85.144.120:443 csi.gstatic.com tcp
US 34.96.71.22:443 s.company-target.com udp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 dsp-cookie.adfarm1.adition.com udp
US 8.8.8.8:53 eu-u.openx.net udp
GB 142.250.178.2:443 pubads.g.doubleclick.net udp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
DE 80.82.210.217:443 dsp-cookie.adfarm1.adition.com tcp
DE 91.228.74.166:443 cms.quantserve.com tcp
US 8.8.8.8:53 equativ-match.dotomi.com udp
NL 64.158.223.140:443 equativ-match.dotomi.com tcp
US 98.82.156.207:443 s.amazon-adsystem.com tcp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
US 209.85.144.120:443 csi.gstatic.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 69.166.1.64:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 120.144.85.209.in-addr.arpa udp
US 8.8.8.8:53 217.210.82.80.in-addr.arpa udp
US 8.8.8.8:53 166.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 140.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 52.94.223.37:443 aax-eu.amazon-adsystem.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 id.rtb.mx udp
US 8.8.8.8:53 prebid.adnxs.com udp
US 8.8.8.8:53 ow.pubmatic.com udp
DE 79.127.216.47:443 id.rtb.mx tcp
DE 79.127.216.47:443 id.rtb.mx tcp
DE 79.127.216.47:443 id.rtb.mx tcp
NL 185.89.208.11:443 prebid.adnxs.com tcp
NL 185.89.208.11:443 prebid.adnxs.com tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
US 8.8.8.8:53 37.223.94.52.in-addr.arpa udp
US 8.8.8.8:53 11.208.89.185.in-addr.arpa udp
US 8.8.8.8:53 116.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.179.225:443 cdn.ampproject.org tcp
GB 142.250.179.225:443 cdn.ampproject.org tcp
GB 142.250.179.225:443 cdn.ampproject.org tcp
GB 142.250.179.225:443 cdn.ampproject.org tcp
GB 142.250.179.225:443 cdn.ampproject.org tcp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
GB 216.58.201.100:443 www.google.com udp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
DE 37.252.171.85:443 secure.adnxs.com tcp
US 69.166.1.64:443 apex.go.sonobi.com tcp
NL 81.17.55.99:443 prg.smartadserver.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 ib.3lift.com udp
FR 18.244.28.84:443 ib.3lift.com tcp
US 8.8.8.8:53 84.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 img.3lift.com udp
GB 95.101.143.201:443 www.bing.com tcp
FR 52.222.149.104:443 img.3lift.com tcp
US 8.8.8.8:53 822a2c7459a3bcdb501861ec9e1ccd80.safeframe.googlesyndication.com udp
US 8.8.8.8:53 201.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 104.149.222.52.in-addr.arpa udp
NL 81.17.55.99:443 prg.smartadserver.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 69.166.1.64:443 apex.go.sonobi.com tcp
DE 37.252.171.85:443 secure.adnxs.com tcp
US 8.8.8.8:53 0c14be16f14188ce037010ecd5c242c8.safeframe.googlesyndication.com udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
GB 216.58.201.100:443 www.google.com udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
US 69.166.1.64:443 apex.go.sonobi.com tcp
NL 81.17.55.99:443 prg.smartadserver.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
DE 37.252.171.85:443 secure.adnxs.com tcp
US 8.8.8.8:53 adsdk.microsoft.com udp
US 13.107.246.64:443 adsdk.microsoft.com tcp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 cdn.adnxs-simple.com udp
GB 2.20.12.75:443 cdn.adnxs-simple.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 650827bef22a7d575156e41709681624.safeframe.googlesyndication.com udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 75.12.20.2.in-addr.arpa udp
US 69.166.1.64:443 apex.go.sonobi.com tcp
NL 81.17.55.99:443 prg.smartadserver.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
NL 185.89.210.180:443 ib.adnxs.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 180.210.89.185.in-addr.arpa udp
GB 142.250.200.3:443 www.google.co.uk udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 eb299b9a948f0f7598359caba18058ab.safeframe.googlesyndication.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
NL 81.17.55.99:443 prg.smartadserver.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 69.166.1.64:443 apex.go.sonobi.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
DE 18.156.199.224:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 224.199.156.18.in-addr.arpa udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 e0ed989efa1df22e92255d96c406f788.safeframe.googlesyndication.com udp

Files

memory/5056-0-0x00007FFB29E63000-0x00007FFB29E65000-memory.dmp

memory/5056-1-0x000001CD54680000-0x000001CD54C3E000-memory.dmp

memory/5056-2-0x000001CD6F140000-0x000001CD6F2BC000-memory.dmp

memory/5056-3-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

memory/5056-4-0x000001CD55070000-0x000001CD55080000-memory.dmp

memory/5056-5-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

memory/5056-6-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

memory/5056-7-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

memory/5056-8-0x00007FFB29E63000-0x00007FFB29E65000-memory.dmp

memory/5056-9-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

memory/5056-10-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

memory/5056-11-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

memory/5056-12-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

memory/5056-13-0x000001CD56A60000-0x000001CD56A6C000-memory.dmp

memory/5056-14-0x000001CD70020000-0x000001CD7003A000-memory.dmp

memory/5056-15-0x000001CD6F310000-0x000001CD6F318000-memory.dmp

memory/5056-16-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

memory/5056-19-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

memory/5056-21-0x00007FFB29E60000-0x00007FFB2A921000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e443ee4336fcf13c698b8ab5f3c173d0
SHA1 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA256 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512 cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

\??\pipe\LOCAL\crashpad_1780_OSUSZECNFYBTXKJP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56a4f78e21616a6e19da57228569489b
SHA1 21bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256 d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512 c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ff8d7f904cdc7691c4ec51c936e2fd92
SHA1 107fc057b0d4bb531cd1171601c43df7223c405d
SHA256 af80b363de392e7ad536676ee06fe3804e9bb32a12964bac955af4f12ba389c3
SHA512 950b8cb93a1db7f6d6529b18dd49bad50d91a84031168f668bc843e27573a1c7c9a43193b0bcc5faa23170d88401ca09a23ef4479bb82f512956165797e221ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 66e93bd30b849e5a0397e6be13c3d365
SHA1 042bd8cd6895929bc8b89f3318e9129cda673a74
SHA256 feff22b64307d00b7a9b0f3b69f182b06a7a8f5968524c697a5d16673bdda2ff
SHA512 76022668bf68e7517c1d2261a29002c468adf29786d403985188e59aabc53b09c0d714fb2167c9a2ce55d02724f19a5d385509aee0fb660a653f6329ee8d97fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 89017a4b7f48a008e02ad57f163ca058
SHA1 7419cd5fe2fb5f77f30cc1d96bafdea4a6a581b1
SHA256 1ac7f818795d85b059ef81408b5eade17886cd92f6de9c484e918e5dea9195f0
SHA512 36b1deca526bb77d2f19875fa3e36a6d6bf33a937cbc03c11f25460204093b60223e862293dee3a63a4de5f2f307420aa8572af130a99f8c27073727f8dbe03d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a5e8d2606827193ac4fd82ee4b3fc5a
SHA1 a9035cd61e40be873d2cc8b4a1d30ebee72f5005
SHA256 48b991e99093d8fab9390b3184a6e8a720e23cd73d71fa82e49f0b875c1a996e
SHA512 2f7c0ab744e419479db58224195782937c14d8276a55761425cdd5502ccaa548deed789f80cefa041c7a42f306f61313d8f7d762a932e62cabda509de62c496a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 722a5c8e9a28cf3220825f4e555176a3
SHA1 c662f0371ee534a0e20b1b9e6a5f49e4609fb86d
SHA256 21b7757220221262068a3943e4c7ac09e690e65c40403f3a20af4f58d1e5cf81
SHA512 0a9cc0a324b3bbc7046be76103ea9c909d6bce6017cfb7c409344d7610b8d720be6e115775ff56b4ade6e304e69cdd944482d5f2511865dd30bd60afd0282291

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 161c27855fd0e1806cc54f741d30998f
SHA1 54756901b6d434cfb78a0c191ead72421920ad25
SHA256 70a62ed293036ff32ad3a2a962d3236a410f366e472862d95a21be9453f371bb
SHA512 694940cede247919b3b405be8796df02876b7166afa644cd5e8525f5396a2f1c48c1c441b537f3e1d78a9958f7dc215c6faabe89f1e93ed1f064529511afa5c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59624a.TMP

MD5 24f3b77149b718fde960daaa6b48b1e5
SHA1 c62961abdf29259912ee80467061acc7ae94a2d3
SHA256 fd617a09aad2171489c9b0a8304f8437367192b87b60e0060c31280efc35b706
SHA512 f279864f49bbc51b2207d79094c7a93e048d0a29ccd80f9794a9fa904afdeac506eddf984669d7f1c195716b8698266fb5e9e78e87d85f4174a4c278473c7aeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 be48eea7381dd753b06d44b6964ada1e
SHA1 c86686bcce3f125a102f8678d38739ba155f1267
SHA256 d798db7e60e8eebca0b6640bda8deab1b43d868445704b6b8fc66a12e4aef569
SHA512 d3fa53e96d12d08b5e90ffc775bcd5a0e4f53ead662fc6b0d580a4ceae9929c31f7fb34eb0dd9d526f2b0dfb8ba8171fc28d4619d56b2a161f1447ea0cabda0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d19d965de05c62cdf84e672856b7413c
SHA1 0e8b411772fa54b39d5058ad75c30b35a57ac0f1
SHA256 2eebe19f49e396ac2750c9f2894481b2cc8e94371974560a3032ab09538b2055
SHA512 ff07ec25f10b1735f697ec5a758ecd46e4b659f252f035d0a88e08b7c8b12af5a91ff5299fd3025a59274b3c11827056372e7f591454fd23c2de054bfc23f92d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 2aca15e13367d6f3ae1f4279b0ad0865
SHA1 d861dee4c0530e5925f54fb1309b770a354a8e98
SHA256 fd9287b10ee0b5ad853ab0f13c5c10280ad2b1cd5fb6dc479cc25d9c143a750d
SHA512 9d8bdffc792861f46c60f0461f9c68696f534648af47aa195936d0ab2e045ed94684c642ea3be1802d9055a19a67e43d35cf077035be412b2d365943a7b2c488

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 a0c9ebf3249a327364d7f308a70be16d
SHA1 aa349f19c9a500e3491826a38fe3a35f3520b1b9
SHA256 51ef8ed7e5bd269770c46c4dd04253c0370c01dc95069da6f4558777e43ba902
SHA512 dc40dcbde2e0f0aa8eaa33faf7bf00094f2ad24691cd3bcd09d45de6a07be88878508562dd7fc1e6adafb8fc2231e18cc21a07daedb08fd9390fcaa9ff649dc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 db9832619d845c52663295d9263f5f5f
SHA1 a849772f84b6f933963c1f44819689f8d1355824
SHA256 96a06fce3693f4998fdaecf4d32b8fd99b9b643652b7b3960f8c4cd4daa738e8
SHA512 1424eb4bf5f803e41d59c4d7785a276eaea68fee2621958f20c127c50bed50bf1bd16a2b0e50fdeb1e7f6a5b8312f792bbd91f5f02ec49d7213d7bc9c1e45ea3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 2abd079be1223e68fdd6f520afe8fab7
SHA1 0f52ef825e632aa99b80724e2fc419fe1413ff39
SHA256 fc998bd9e644618ab3ece7ba644b58e43e6503e49b8ea2d19c6ee725c4676c75
SHA512 41d1bcc91961d70146f3434857c2265d2c1ec8cb81d388ddd187de5096e580bda69da20cf4ed56d72aac3d4e731f177b99daeec128e0ecd68dd37beedf4b3f70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fa2a66586ce2ead9365656a79012a5cc
SHA1 fdea9c73b2a53671e86ad9e9ea75b15389753189
SHA256 ec919b856ba29cc3c722bd53db66819b057ce698e969593ceca3f644512a78a2
SHA512 c6cd1e682f878bbcb52ce30afb89b201fd2d614881e5f18fc73e5bc2dcfad76945c250489f4a365b6e996e1e72917733db4fe303b5b254f25ec635bfc84abc58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dd0baf7887df1045a6fff84d6603a39d
SHA1 a9d16605eeaffdbc927f8cf8f3062cf28bf14e48
SHA256 1fe60c78c9aac20a6d1b72fd6aee41fc2c5dc790a9569d683d070bb658ac40e0
SHA512 b8ad0f50854e1a44f1eaaa00e2729e2c0e083459271ef3c7bcf245f5faefb88914a6b3f97a27749d76a8f3448e78d89352067c3ceab0611b491291fea5098855

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 f79882e12fe87d482fe216d30ef3c93a
SHA1 e3031f2d694529705d8634b397815cd907fec24d
SHA256 c95d79ddd197080d143fdbaf458ce6d653621088f2d16827b3037f4417a32f61
SHA512 075f20268aa1b46fd322da5220b1705e42076d6ee681417bc95d5e900c6ed9929eca102796757e5db387db56ed2e97937e074b5af75840e55b018623c0a845c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 c03ff64e7985603de96e7f84ec7dd438
SHA1 dfc067c6cb07b81281561fdfe995aca09c18d0e9
SHA256 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526
SHA512 bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\364fcb75f18341ab_0

MD5 3413596655d9c8a958054d4037bc5387
SHA1 7a534f98a00dfb0f9b16345714ffe7cc6655ec5a
SHA256 04f14bd1e83f725b80d3fab960757ce22b5130ced72fd083f6d1fb1dbf1b2ffa
SHA512 19d66b8edfd0411b4362f3015d0c003d6d553b05a4a51d93d479fa047d91e4a42ef27e136e5ab4c9421b36e5979658b98c60cb7da11f4e376fea2bbd0706f69a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5ad678fe92cf20c081bd7640926403b9
SHA1 18161dd611d804cd51e0a7c882bd08517aad4d95
SHA256 dfbde2c8f7cad9257622d0f296f555873c9270dd1dd3f45909f619d44948d574
SHA512 ea8485dfb15da322a59be70adbfe496376a6d3fefd6895fe108889e6f037fc93d546c8cb105ce7c72aa9579a99d1be726b610bdfc787756e19698d2c8788450b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6ad1a5bef090b736_0

MD5 a9533cf8b72775580a195292040ec092
SHA1 bbc1aaa0e4f1af4714f8d4e1cd48829606fcec65
SHA256 daebb2cc5c7a4ab06cfba284857b1a370a5c0949a441e306b5555c92758edf1c
SHA512 68ed392f003b09cd47dffb7c1dc87c0f04c0a909496d8667971dd0f8d99235137d8fbd6d91280431dd25a3dd86999086d468763f6e729368522294ea71c99ca9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c73ddd9a6378ff91b0896f373fc71459
SHA1 fd3c3da5c46a214d3065e268aa458349a909eb95
SHA256 2fb1e8db8a28961143eeb4cf063dbc26eeb6d96e93b2fcafedc225834fb050f9
SHA512 2886da318ccd07a312bf0eb800679e5733063edbfbba9e6429aa114092f6c4b42497e3075362d882bba023ef1e51681410c34935e9c50cc2524f39347d991d78