Analysis Overview
Threat Level: Known bad
The file https://file.io/fgXDCar918Wx was found to be: Known bad.
Malicious Activity Summary
Lockbit
Rule to detect Lockbit 3.0 ransomware Windows payload
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-21 18:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-21 18:15
Reported
2024-02-21 18:48
Platform
win10v2004-20240221-en
Max time kernel
1793s
Max time network
1800s
Command Line
Signatures
Lockbit
Rule to detect Lockbit 3.0 ransomware Windows payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/fgXDCar918Wx
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f30646f8,0x7ff9f3064708,0x7ff9f3064718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5572 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x33c
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9144 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build.bat" "
C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\keygen.exe
keygen -path C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build -pubkey pub.key -privkey priv.key
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8676 /prefetch:2
C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe
builder -type dec -privkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\priv.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3Decryptor.exe
C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe
builder -type enc -exe -pubkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3.exe
C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe
builder -type enc -exe -pass -pubkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3_pass.exe
C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe
builder -type enc -dll -pubkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3_Rundll32.dll
C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe
builder -type enc -dll -pass -pubkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3_Rundll32_pass.dll
C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe
builder -type enc -ref -pubkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3_ReflectiveDll_DllMain.dll
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\LockBit3000.7z"
C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe
"C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | file.io | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | 82.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.107.55.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| CZ | 65.9.95.72:443 | www.file.io | tcp |
| US | 8.8.8.8:53 | 72.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hb.vntsm.com | udp |
| GB | 143.244.38.136:443 | hb.vntsm.com | tcp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| GB | 143.244.38.136:443 | hb.vntsm.com | tcp |
| US | 8.8.8.8:53 | hb.vntsm.io | udp |
| US | 172.67.36.131:443 | hb.vntsm.io | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | 131.36.67.172.in-addr.arpa | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BE | 74.125.206.155:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| BE | 74.125.206.155:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.exelator.com | udp |
| US | 8.8.8.8:53 | cmp.quantcast.com | udp |
| CZ | 65.9.98.75:443 | c.amazon-adsystem.com | tcp |
| CZ | 65.9.95.67:443 | cdn.exelator.com | tcp |
| DE | 18.195.142.17:443 | cmp.quantcast.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| CZ | 65.9.95.38:443 | cmp.inmobi.com | tcp |
| CZ | 65.9.95.3:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 75.98.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.142.195.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| GB | 2.19.152.155:443 | secure.cdn.fastclick.net | tcp |
| GB | 2.19.152.155:443 | secure.cdn.fastclick.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 104.22.52.173:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| NL | 89.207.16.210:443 | proc.ad.cpe.dotomi.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| DE | 52.28.79.158:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | 38.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.95.9.65.in-addr.arpa | udp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | 173.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.152.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.79.28.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| CZ | 65.9.92.124:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | cdn.edkt.io | udp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 34.120.111.33:443 | cdn.edkt.io | tcp |
| IE | 52.214.248.106:443 | track.venatusmedia.com | tcp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.69.95.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.92.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.111.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.248.214.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | 169.9.26.104.in-addr.arpa | udp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| DE | 35.156.118.157:443 | btlr.sharethrough.com | tcp |
| DE | 35.156.118.157:443 | btlr.sharethrough.com | tcp |
| DE | 35.156.118.157:443 | btlr.sharethrough.com | tcp |
| DE | 35.156.118.157:443 | btlr.sharethrough.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| US | 172.64.144.78:443 | elb.the-ozone-project.com | tcp |
| DE | 52.28.96.32:443 | tlx.3lift.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs-simple.com | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | tg1.aniview.com | udp |
| GB | 2.18.109.247:443 | tg1.aniview.com | tcp |
| US | 8.8.8.8:53 | feed.avplayer.com | udp |
| US | 8.8.8.8:53 | track4.aniview.com | udp |
| US | 8.8.8.8:53 | player.avplayer.com | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.144.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.118.156.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.96.28.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.172.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.166.69.in-addr.arpa | udp |
| US | 96.46.186.186:443 | track4.aniview.com | tcp |
| GB | 104.77.160.15:443 | player.avplayer.com | tcp |
| GB | 92.123.26.162:443 | feed.avplayer.com | tcp |
| GB | 104.77.160.15:443 | player.avplayer.com | tcp |
| US | 8.8.8.8:53 | 247.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.26.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | play.aniview.com | udp |
| US | 8.8.8.8:53 | content1.avplayer.com | udp |
| GB | 104.77.160.15:443 | content1.avplayer.com | tcp |
| GB | 104.77.160.15:443 | content1.avplayer.com | tcp |
| GB | 2.18.109.247:443 | play.aniview.com | tcp |
| US | 8.8.8.8:53 | go1.aniview.com | udp |
| US | 173.0.146.6:443 | go1.aniview.com | tcp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 54.152.154.216:443 | sync.srv.stackadapt.com | tcp |
| NL | 98.98.134.243:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | 6.146.0.173.in-addr.arpa | udp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| GB | 216.58.201.98:443 | cm.g.doubleclick.net | tcp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| GB | 216.58.201.98:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 192.108.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.134.98.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.154.152.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.56.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track1.avplayer.com | udp |
| US | 96.46.186.15:443 | track1.avplayer.com | tcp |
| US | 8.8.8.8:53 | 15.186.46.96.in-addr.arpa | udp |
| DE | 37.252.172.123:443 | ib.adnxs-simple.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| DE | 35.156.118.157:443 | btlr.sharethrough.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs-simple.com | tcp |
| US | 8.8.8.8:53 | 5.179.17.96.in-addr.arpa | udp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| DE | 35.156.118.157:443 | btlr.sharethrough.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs-simple.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| GB | 216.58.201.98:443 | cm.g.doubleclick.net | udp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| DE | 18.194.115.222:443 | api.cmp.inmobi.com | tcp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 06d4280af294bfef10b151f3bb96c535.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| GB | 216.58.204.65:443 | 06d4280af294bfef10b151f3bb96c535.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 222.115.194.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p.ad.gt | udp |
| US | 172.67.23.234:443 | p.ad.gt | tcp |
| US | 173.0.146.6:443 | go1.aniview.com | tcp |
| US | 8.8.8.8:53 | api.edkt.io | udp |
| US | 8.8.8.8:53 | ids.ad.gt | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 104.22.4.69:443 | ids.ad.gt | tcp |
| US | 104.22.4.69:443 | ids.ad.gt | tcp |
| NL | 185.89.210.180:443 | secure.adnxs.com | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| IE | 34.252.143.149:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.143.252.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | cdn1.vntsm.com | udp |
| FR | 185.93.2.244:443 | cdn1.vntsm.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| FR | 217.182.178.229:443 | ssbsync.smartadserver.com | tcp |
| IE | 52.214.40.59:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| NL | 154.57.158.26:443 | ads.stickyadstv.com | tcp |
| NL | 154.57.158.26:443 | ads.stickyadstv.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | ssp.disqus.com | udp |
| US | 8.8.8.8:53 | 244.2.93.185.in-addr.arpa | udp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 44.205.40.56:443 | ssp.disqus.com | tcp |
| US | 8.8.8.8:53 | cs.krushmedia.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| NL | 98.98.134.243:443 | pixel-sync.sitescout.com | tcp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | 229.178.182.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.40.214.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.239.215.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.40.205.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.110.2.8.in-addr.arpa | udp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| DE | 3.123.117.110:443 | match.sharethrough.com | tcp |
| NL | 81.17.55.117:443 | rtb-csync.smartadserver.com | tcp |
| DE | 85.114.159.93:443 | dsp.adfarm1.adition.com | tcp |
| GB | 2.17.5.216:443 | eus.rubiconproject.com | tcp |
| NL | 81.17.55.117:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | onsite-tag-logs.apps.nielsen.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 35.171.241.123:443 | onsite-tag-logs.apps.nielsen.com | tcp |
| US | 8.8.8.8:53 | wt.rqtrk.eu | udp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.117.123.3.in-addr.arpa | udp |
| DE | 57.129.18.105:443 | wt.rqtrk.eu | tcp |
| US | 8.8.8.8:53 | 93.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.5.17.2.in-addr.arpa | udp |
| DE | 18.195.192.19:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 216.200.232.253:443 | sync.mathtag.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| DE | 51.89.9.253:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| GB | 104.77.160.15:443 | player.aniview.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| GB | 104.77.160.15:443 | player.aniview.com | tcp |
| GB | 104.77.160.15:443 | player.aniview.com | tcp |
| US | 209.54.182.161:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 105.18.129.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.241.171.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.192.195.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 104.22.4.69:443 | ids.ad.gt | tcp |
| US | 172.67.23.234:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | s2s.aniview.com | udp |
| US | 96.46.186.176:443 | s2s.aniview.com | tcp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| FR | 185.86.138.121:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 161.182.54.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.186.46.96.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 96.46.186.176:443 | s2s.aniview.com | tcp |
| US | 8.8.8.8:53 | 121.138.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cmp.quantcast.com | udp |
| DE | 18.195.142.17:443 | cmp.quantcast.com | tcp |
| BE | 74.125.206.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| IE | 54.72.93.19:443 | p.cpx.to | tcp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| DE | 91.228.74.206:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | 19.93.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| CZ | 65.9.95.80:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| DE | 18.195.128.63:443 | btlr.sharethrough.com | tcp |
| FR | 185.86.138.121:443 | prg.smartadserver.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | 82.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| IE | 63.34.229.163:443 | s.cpx.to | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 67.220.228.202:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 80.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.128.195.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.229.34.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b5876c89d25825bd7233b8c6ab944cd0.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| IE | 52.19.228.126:443 | dpm.demdex.net | tcp |
| NL | 81.17.55.172:443 | sync.smartadserver.com | tcp |
| IE | 54.194.25.32:443 | ad.360yield.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | prod.tahoe-analytics.publishers.advertising.a2z.com | udp |
| US | 44.240.99.74:443 | prod.tahoe-analytics.publishers.advertising.a2z.com | tcp |
| US | 44.240.99.74:443 | prod.tahoe-analytics.publishers.advertising.a2z.com | tcp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | 202.228.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.228.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.25.194.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.99.240.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ib.3lift.com | udp |
| US | 8.8.8.8:53 | pixels.ad.gt | udp |
| CZ | 65.9.95.23:443 | ib.3lift.com | tcp |
| US | 172.67.23.234:443 | pixels.ad.gt | tcp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| US | 8.8.8.8:53 | 23.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| NL | 145.40.97.67:443 | sync.a-mo.net | tcp |
| GB | 2.18.108.180:443 | acdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | img.3lift.com | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| GB | 92.123.128.144:443 | www.bing.com | tcp |
| GB | 92.123.128.144:443 | www.bing.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| CZ | 65.9.95.85:443 | img.3lift.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 8.8.8.8:53 | 67.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.108.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 8.8.8.8:53 | 19.159.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| DK | 37.157.5.133:443 | cm.adform.net | tcp |
| NL | 131.153.158.209:443 | id.a-mx.com | tcp |
| NL | 131.153.158.209:443 | id.a-mx.com | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| NL | 131.153.158.209:443 | c3.a-mo.net | tcp |
| US | 8.8.8.8:53 | id.rtb.mx | udp |
| NL | 131.153.158.209:443 | id.rtb.mx | tcp |
| NL | 98.98.134.243:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 52.72.28.150:443 | sync.srv.stackadapt.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | 133.5.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.158.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | ads.avct.cloud | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.28.72.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | go1.aniview.com | udp |
| US | 173.0.146.6:443 | go1.aniview.com | tcp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| FR | 178.32.197.52:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hb.vntsm.com | udp |
| US | 8.8.8.8:53 | mydmp.exelator.com | udp |
| IE | 34.254.143.3:443 | mydmp.exelator.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | load77.exelator.com | udp |
| GB | 89.187.167.9:443 | load77.exelator.com | tcp |
| US | 8.8.8.8:53 | 52.197.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.143.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.167.187.89.in-addr.arpa | udp |
| FR | 185.86.138.121:443 | prg.smartadserver.com | tcp |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| FR | 185.86.138.121:443 | prg.smartadserver.com | tcp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | track1.avplayer.com | udp |
| US | 96.46.186.15:443 | track1.avplayer.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6fbbaffc5a50295d007ab405b0885ab5 |
| SHA1 | 518e87df81db1dded184c3e4e3f129cca15baba1 |
| SHA256 | b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6 |
| SHA512 | 011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b |
\??\pipe\LOCAL\crashpad_3820_WWFQUHJXNMTGKUZF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 360dd5debf8bf7b89c4d88d29e38446c |
| SHA1 | 65afff8c78aeb12c577a523cb77cd58d401b0f82 |
| SHA256 | 3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef |
| SHA512 | 0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 46f7c7656dbc22da5ea9d38064b2ea6e |
| SHA1 | 95c8bb646f2b1b981d83d148811418dd10d1e631 |
| SHA256 | 6d1c29d0d3c72db8cad01ef2faa369adc307c6ad948003909ba3cfd9eeff13bb |
| SHA512 | 86c16c8865bb25556d8c9c049eaa9764b09737317e9a750a649e61eda78a6b9321e9849bb8ef30af506847ee15c88bde5c8f6a60d6fc100dbfbbe147e38a30aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\43db46cd-46b6-4b3a-b3b2-e2fd2ea7a40a.tmp
| MD5 | d68c46f09c4d88f7d309c93cb71af6c3 |
| SHA1 | 55d89421402d536e9eb3472919ea07c8e7594636 |
| SHA256 | f7d0b62fe5c25bd7db6c1d0e54ee423ba3b89a8ba717b81a4e6d98a499f292d6 |
| SHA512 | 7e9224895047a09181dc6610d5639ff62fe293997538013e5826ff2ee2ce0abb9a2e37a7d37a83fdef8153c2b2713a291fd4f99dcd8a38ebc1c623ac4a9bcc66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3e0916eaf75d86a7e9d041c62c2d0f6b |
| SHA1 | b7e3baba107718cec40f59c155fcd6ffe4491964 |
| SHA256 | d4c131315a1bb4f73252616e75f2054e4db4daa787babfb6f10d834bfef9eb6d |
| SHA512 | 3fc36ba060cead7f0225235f0f21d203720c3ec4a95008f6d719473084868a1f4c430b87c745146864b6cd747448b9b5c7942bab9072191053ca6d174962cfcf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 81af74de3745678026a078995862efc3 |
| SHA1 | 825aae9fad6a013181775dff4ae4741a0076dac5 |
| SHA256 | 7679d913122be23fac272ed3102034e1d9360c4278d7a26b99160776077b0861 |
| SHA512 | a9e5ed555621bf6ae9555a1cfe8ecbdb7881f4aad1ec2a9f6b0fc38a4078697d76380f2b4e51a677a83788ed8652fe30d872efcb30da431d56d921a91da48c03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 182de97533495c02bdd936a57a8fd7d2 |
| SHA1 | faca3d4ce74b64da8648fbe0d58edf608de7dad0 |
| SHA256 | 9c4515e1e8ee9f4d7a731db0ab7fa5f608eeb434ceaf5bfdf3c96ddfd18f7774 |
| SHA512 | c0e91f1c4232419ce40f45e2cd6261eb01684b5dc5797feb739ae15d5155430b2ab73a8558ab2c76b199582fa8aad215aea726c2a6fd935049c3f58f2d6dcda6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6a3bd6b783747f845e30bc949daf4b94 |
| SHA1 | 80fc9622eee9eaf54c034e92e9724ec3f4af54e2 |
| SHA256 | 455e4820b3b73fc58c965f38cdae1074e58238d1d1d13e1e5ff2e5602e8af45a |
| SHA512 | a8b360d95d602a240ebf15ba177f3bd33df839d7cfa98ec2a278df1a256dfea6140bce09fe5b6bf93302d29acd0ce6c8c38c50157a2aeb2228bbe8c7f7bb1d10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ea7f9e01a0e99d09a44b643000da5283 |
| SHA1 | ac31d004fc3f8de2c4324f7f1d632ba4069cfeaf |
| SHA256 | 067f9ebfd9537aa577a1fbaad72263953fe2121d50fda47497dbc411f9a07db0 |
| SHA512 | 99210fee25ba1edbcf7b22e737f02df7d3d61aaf82824117a687b9714cd8cc87b389431d11de4a80956a73f9218b3f5197acadf6a102acb51101e9b1ac532c3b |
C:\Users\Admin\Downloads\lockbit.zip
| MD5 | e2119231341e7c4a9edce29d45880bcb |
| SHA1 | 5d17048983e7a756e826eb6ea4b716500e7e8bd1 |
| SHA256 | e90d3474c206d86ddc12b5d31886e726bceaed55f6a39b4a079089880a8105b1 |
| SHA512 | d2b818a7b7721f445c43795c6a4d1c363b6aa3f54b04a79853a35bd5181c63253e989627d6bc4c3369b3b416bdc48954b102dc4bb4025726d05354e7bf61e9a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 717ea9c367e03bfaf992d07cf4c667e7 |
| SHA1 | 24eee16f69a9af796a2690dbe3c3933a2c7b43dc |
| SHA256 | 1d15ba6b30f8c26ce15724984ecfb95c89d0d1c8141b37957965b8be27f7f373 |
| SHA512 | 12637cffdaa42b6982e3f61b365398c0f6b31610579b771bf4cbdb5e8ef73858c60cb1f80f32aad30764d9dc4e5624fc36bc726f3046f85bef595dc82c8f7d85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d172ac56d1b29e5e1f416d64a6b4a3ae |
| SHA1 | 820e97c7635dae69f86f7aa0666830549ad7d95d |
| SHA256 | 070f9755f93058d031a4f65fb0c1b690154eff9ba8e7e6120282e1d97ea36389 |
| SHA512 | dfa1e7bf3537c50d1576799a6df3215199a7ee276aa89d13c20289f0a35d7a15c0afc5cad2062ce166d779b9270cba3c306dca53a8141f2797e24c4d1a03832a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5973de.TMP
| MD5 | d46308fc32c548edfa21f51229f79d8f |
| SHA1 | 9bcdca9da3905212d165e7e22b4d439456e221de |
| SHA256 | 4879795f3d6bc3401fd3ea4dd5781aba21e6d64ba0e4c46e7ece19598ca5ba5d |
| SHA512 | ac549e8d8208e76c8b185a0714e24f50665cc25f949a5da761e88a92538e4a45d651b05711ab12370563807d46b8fc346286f55659e1733522400d77873bf3ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9dff3aa97841ae68427f0cb672a3ca70 |
| SHA1 | 52cc646bb0a72c11bc0bf109f21bfd6b74861afd |
| SHA256 | 6de77b0cc70aca8105b7ccd5f5b5ac5d519c4206a7213b6cef38058d8a70e973 |
| SHA512 | 371fa12345cf35abcba0eff1edd26e90198b3ad42d1cdd7a828281d8a9fc26eca6ab841d42a05816c6c93d5839263692c8892450c490a6705a13afd737a644e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5e1a7c9420445845fd9399029abc8e66 |
| SHA1 | cbc21b6b5a04bc067f79f44206c6951ac93c6bba |
| SHA256 | 197b4156399a3ceb80ff5387f1ab51676852f70fd443d687302d13c32c01b672 |
| SHA512 | 183299ac7251f5057ff248bbe34282d2efc99ac5e4e5f36c192ca503ac3f9a0900330e2b9040fbbc9515a3c44dea4519de66cba354b57e382922e736192fc8b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e28552e250a1fd25f2203e700dfdfd1e |
| SHA1 | 4cb0a142fc2f2c0177ec355ec1099999ec54d14b |
| SHA256 | 4b2f31dbcd0ae3ba8dc51f2bffdd298eb6edfacd1a003900902a54281c351768 |
| SHA512 | f4ed98dea4d7fa8920616fb62b38edc2581d641f32bb58a976367f6a95bab96980c5cf474e2b35ceb918f03d3afbccfd6b0bb2c8f62cb79dcff0532cf1962c17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 01f11385e5ae8aab13fa6c1a3e606a07 |
| SHA1 | 66aa972a3c25e2c30183654a8a9d6ab04305283c |
| SHA256 | 31e39a4edcf261108f0d388b6c18708d33ab331f153d76753c35abff3e6637c4 |
| SHA512 | 61945f7b9da21b795e89e9fb0d287fa54f52cac049fd431a6184a5d96abe845e1fe146bfeb16729067c539f7c8ccc11c03358b445e47ad9b3a7e39e68d77afcb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 42271aa221b97f1a58eee98c6ca0455c |
| SHA1 | 3222907e18c60a899990ca04d36a2880b18957d8 |
| SHA256 | 0bde11174392a0b5276ac6b3ed1a86874eec746fc7c19833e4f2b9360506f6a2 |
| SHA512 | f78c5fb572ca178c7b48be43ead60fc15d0934da09584e7b14058328b3c890fb4a94241c65ce35fa88c806b2cddb57c69069c5516fdc7461a236164ab310e568 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f1ae34a543962c117e52677f926d926c |
| SHA1 | f3858760162195a3907ef41474b94f282f5d8b64 |
| SHA256 | 424e3abdffd306a70bf8ba7835fdf042bf8911c76d4bd637ef5f13992b4e3689 |
| SHA512 | c50492f8b1969a68a27d0adc249ec10298d83778fb0cee380823ffda313a54b2f1329fc3b4a53439e9df5cd3021e30ae13b53143add9f084381ad06171d5ea46 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-21 18:15
Reported
2024-02-21 18:48
Platform
win11-20240221-en
Max time kernel
900s
Max time network
1172s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/fgXDCar918Wx
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xdc,0x118,0x7ffb48523cb8,0x7ffb48523cc8,0x7ffb48523cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5760 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004D8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | file.io | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| CZ | 65.9.95.21:443 | www.file.io | tcp |
| GB | 143.244.38.136:443 | hb.vntsm.com | tcp |
| GB | 143.244.38.136:443 | hb.vntsm.com | tcp |
| US | 104.22.47.142:443 | hb.vntsm.io | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 74.125.206.155:443 | stats.g.doubleclick.net | tcp |
| BE | 74.125.206.155:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| DE | 18.195.142.17:443 | cmp.quantcast.com | tcp |
| CZ | 65.9.98.75:443 | c.amazon-adsystem.com | tcp |
| CZ | 65.9.95.83:443 | cdn.exelator.com | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 155.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| CZ | 65.9.95.29:443 | config.aps.amazon-adsystem.com | tcp |
| CZ | 65.9.95.50:443 | cmp.inmobi.com | tcp |
| GB | 2.19.152.155:443 | secure.cdn.fastclick.net | tcp |
| GB | 2.19.152.155:443 | secure.cdn.fastclick.net | tcp |
| US | 18.211.56.8:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| IE | 34.254.143.3:443 | mydmp.exelator.com | tcp |
| US | 104.22.4.69:443 | ids.ad.gt | tcp |
| US | 35.171.241.123:443 | onsite-tag-logs.apps.nielsen.com | tcp |
| GB | 195.181.164.16:443 | load77.exelator.com | tcp |
| NL | 63.215.202.178:443 | proc.ad.cpe.dotomi.com | tcp |
| DE | 18.194.115.222:443 | api.cmp.inmobi.com | tcp |
| US | 172.67.23.234:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | 16.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.241.171.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.202.215.63.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| CZ | 65.9.92.124:443 | aax.amazon-adsystem.com | tcp |
| US | 34.120.111.33:443 | api.edkt.io | tcp |
| IE | 52.214.248.106:443 | track.venatusmedia.com | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| DE | 35.156.118.157:443 | btlr.sharethrough.com | tcp |
| DE | 35.156.118.157:443 | btlr.sharethrough.com | tcp |
| DE | 35.156.118.157:443 | btlr.sharethrough.com | tcp |
| DE | 35.156.118.157:443 | btlr.sharethrough.com | tcp |
| NL | 185.89.210.212:443 | ib.adnxs-simple.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| FR | 178.32.210.226:443 | prg.smartadserver.com | tcp |
| FR | 178.32.210.226:443 | prg.smartadserver.com | tcp |
| US | 104.18.43.178:443 | elb.the-ozone-project.com | tcp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| DE | 52.58.102.25:443 | tlx.3lift.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| GB | 2.18.109.247:443 | play.aniview.com | tcp |
| GB | 92.123.26.178:443 | feed.avplayer.com | tcp |
| US | 96.46.186.186:443 | track4.aniview.com | tcp |
| GB | 104.77.160.9:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | 247.109.18.2.in-addr.arpa | udp |
| GB | 104.77.160.9:443 | player.aniview.com | tcp |
| GB | 2.18.109.247:443 | play.aniview.com | tcp |
| GB | 104.77.160.15:443 | player.aniview.com | tcp |
| GB | 104.77.160.15:443 | player.aniview.com | tcp |
| US | 173.0.146.6:443 | go1.aniview.com | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 98.98.134.243:443 | pixel-sync.sitescout.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 54.208.153.133:443 | sync.srv.stackadapt.com | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 69.166.1.35:443 | sync.go.sonobi.com | tcp |
| GB | 172.217.169.2:443 | cm.g.doubleclick.net | tcp |
| US | 69.166.1.35:443 | sync.go.sonobi.com | tcp |
| GB | 172.217.169.2:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 101.56.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.166.69.in-addr.arpa | udp |
| US | 96.46.186.15:443 | track1.avplayer.com | tcp |
| NL | 185.89.210.212:443 | ib.adnxs-simple.com | tcp |
| FR | 178.32.210.226:443 | prg.smartadserver.com | tcp |
| DE | 35.156.118.157:443 | btlr.sharethrough.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| FR | 178.32.210.226:443 | prg.smartadserver.com | tcp |
| NL | 185.89.210.212:443 | ib.adnxs-simple.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 185.89.210.212:443 | ib.adnxs-simple.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| DE | 35.156.118.157:443 | btlr.sharethrough.com | tcp |
| FR | 178.32.210.226:443 | prg.smartadserver.com | tcp |
| IE | 52.111.236.23:443 | tcp | |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| FR | 178.32.210.226:443 | prg.smartadserver.com | tcp |
| NL | 185.89.210.212:443 | ib.adnxs-simple.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 185.89.210.212:443 | ib.adnxs-simple.com | tcp |
| FR | 178.32.210.226:443 | prg.smartadserver.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| DE | 3.125.238.57:443 | btlr.sharethrough.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| FR | 178.32.210.226:443 | prg.smartadserver.com | tcp |
| NL | 185.89.210.212:443 | ib.adnxs-simple.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| FR | 178.32.210.226:443 | prg.smartadserver.com | tcp |
| NL | 185.89.210.212:443 | ib.adnxs-simple.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| DE | 3.125.238.57:443 | btlr.sharethrough.com | tcp |
| FR | 178.32.210.226:443 | prg.smartadserver.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| DE | 3.125.238.57:443 | btlr.sharethrough.com | tcp |
| FR | 178.32.210.226:443 | prg.smartadserver.com | tcp |
| DE | 3.125.238.57:443 | btlr.sharethrough.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| FR | 217.182.178.224:443 | prg.smartadserver.com | tcp |
| DE | 37.252.171.149:443 | ib.adnxs-simple.com | tcp |
| GB | 172.217.169.2:443 | cm.g.doubleclick.net | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 69.166.1.35:443 | sync.go.sonobi.com | tcp |
| DE | 52.28.79.158:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| GB | 216.58.204.65:443 | c8f7f4be0f34b17fb72341dcfc509705.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| IE | 52.211.227.29:443 | match.prod.bidr.io | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| NL | 213.19.162.80:443 | token.rubiconproject.com | tcp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | 158.79.28.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.227.211.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.1.101.151.in-addr.arpa | udp |
| IE | 18.202.6.206:443 | track.venatusmedia.com | tcp |
| US | 8.8.8.8:53 | track4.aniview.com | udp |
| US | 173.0.146.6:443 | go1.aniview.com | tcp |
| US | 96.46.186.186:443 | track4.aniview.com | tcp |
| US | 173.0.146.6:443 | go1.aniview.com | tcp |
| US | 8.8.8.8:53 | cdn1.vntsm.com | udp |
| FR | 185.93.2.251:443 | cdn1.vntsm.com | tcp |
| NL | 185.89.210.122:443 | secure.adnxs.com | tcp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | content1.avplayer.com | udp |
| GB | 104.77.160.15:443 | content1.avplayer.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 206.6.202.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.2.93.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | st.pubmatic.com | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 185.64.190.89:443 | st.pubmatic.com | tcp |
| GB | 185.64.190.89:443 | st.pubmatic.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| GB | 142.250.179.230:443 | s0.2mdn.net | tcp |
| GB | 142.250.179.230:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| GB | 142.250.200.2:443 | googleads4.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | ssp.disqus.com | udp |
| US | 8.8.8.8:53 | cs.krushmedia.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| NL | 98.98.134.243:443 | pixel-sync.sitescout.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 34.239.60.174:443 | ssp.disqus.com | tcp |
| GB | 142.250.179.230:443 | s0.2mdn.net | tcp |
| IE | 52.213.173.133:443 | ap.lijit.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| GB | 104.77.160.9:443 | player.aniview.com | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | s2s.aniview.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 96.46.186.176:443 | s2s.aniview.com | tcp |
| US | 8.8.8.8:53 | optimized-by.rubiconproject.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 172.67.23.234:443 | ids.ad.gt | tcp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | pixels.ad.gt | udp |
| GB | 142.250.200.2:443 | googleads4.g.doubleclick.net | udp |
| DE | 3.120.48.12:443 | optimized-by.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 89.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.60.239.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.173.213.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.186.46.96.in-addr.arpa | udp |
| US | 104.22.5.69:443 | pixels.ad.gt | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 96.46.186.176:443 | s2s.aniview.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| BE | 74.125.206.155:443 | stats.g.doubleclick.net | udp |
| DE | 35.157.78.149:443 | cmp.quantcast.com | tcp |
| IE | 34.254.143.3:443 | mydmp.exelator.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | tcp |
| NL | 89.149.192.73:443 | sync.smartadserver.com | tcp |
| IE | 3.250.252.63:443 | dpm.demdex.net | tcp |
| IE | 54.73.193.1:443 | ad.360yield.com | tcp |
| IE | 54.228.205.150:443 | p.cpx.to | tcp |
| DE | 91.228.74.208:443 | secure.quantserve.com | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| DE | 3.125.238.57:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| FR | 217.182.178.224:443 | prg.smartadserver.com | tcp |
| FR | 217.182.178.224:443 | prg.smartadserver.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | 149.78.157.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.193.73.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 8.8.8.8:53 | 63.252.250.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.205.228.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.74.228.91.in-addr.arpa | udp |
| CZ | 65.9.95.126:443 | rules.quantcount.com | tcp |
| IE | 54.217.4.188:443 | s.cpx.to | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| IE | 67.220.224.144:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| FR | 91.134.110.132:443 | ssbsync.smartadserver.com | tcp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| FR | 154.54.250.150:443 | ads.stickyadstv.com | tcp |
| FR | 154.54.250.150:443 | ads.stickyadstv.com | tcp |
| FR | 154.54.250.150:443 | ads.stickyadstv.com | tcp |
| DE | 141.95.98.64:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | cdn.edkt.io | udp |
| US | 34.120.111.33:443 | cdn.edkt.io | udp |
| US | 8.8.8.8:53 | bb9e2b4a2071cbaa5280977841cf68ba.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | onsite-tag-logs.apps.nielsen.com | udp |
| US | 44.219.183.120:443 | onsite-tag-logs.apps.nielsen.com | tcp |
| US | 8.8.8.8:53 | 126.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.4.217.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.224.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.239.215.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.110.134.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.183.219.44.in-addr.arpa | udp |
| US | 173.0.146.6:443 | go1.aniview.com | tcp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 656bb397c72d15efa159441f116440a6 |
| SHA1 | 5b57747d6fdd99160af6d3e580114dbbd351921f |
| SHA256 | 770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab |
| SHA512 | 5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c |
\??\pipe\LOCAL\crashpad_1184_DORQYTSYOHZKKXPN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d459a8c16562fb3f4b1d7cadaca620aa |
| SHA1 | 7810bf83e8c362e0c69298e8c16964ed48a90d3a |
| SHA256 | fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a |
| SHA512 | 35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9a7f4c792dfe551122b8289db226c759 |
| SHA1 | cade65b5a6aa62032130cfbbddd6753615b59530 |
| SHA256 | 70c9a5a2c0a907ed6e606a768987cab63f2b4366f0907a1a92b8c5d825bb8275 |
| SHA512 | 5bb44fa96cafb9ed1fc99bd072e6afa1085cc9bf2e006fe9f1b1f98528e65ca0719c1881826a70d698367283f1aa5114b88a0310c7271f1c257f2cb87575440e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 08681c3d4d811903e723bd38be014ffa |
| SHA1 | 43007e047b83ef40590a34f4a73e80f312e71b3d |
| SHA256 | 1bdae2235df60e3681a0786a47d60c07672f62dd0bb84d6ac5f7277181944827 |
| SHA512 | 4b7c7cc5009d8f124f250a951b39e5fddc7b79328bec3d8186274ee1a1f904232fb85f4975f8d74bb4d331873b4eb242642a3687c3ba6fd58bd7fecc2e2fdd12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc1f3723b5c6e970c72a6b3e5b70c007 |
| SHA1 | 227efb4a8819b1abcb1972b988e3c847bda5b5fb |
| SHA256 | 252a5bbb7fbad4314bedc8cd56b2149421ffd156415d93b20c68ccae73a360d0 |
| SHA512 | 4e270cf4fc35b1ee72ad1471dc137d03abf1480c4b18a17eec02ed5eb4cefa7f89ec56ac8515669845f2f11bc9fba83d0708aabadf6b67ce0f05ae8cce71f871 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | b66e21656d418ceb8ab7256950187aed |
| SHA1 | 2715141ac20347e5058f038b27f7037b85224cd2 |
| SHA256 | fdb45e13ba6f1166b1de2a61265add2f465d750ca30b922a07c723aae41ceb4a |
| SHA512 | 5411a869efee611ff320258dd9eb835ac85f3c155c2b83cb6b7927f196e008771a82640dbb6761a622b44ef045dc4443b7f0246bd8636f584d83be717ed765eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cdc325eea604229f0a54456a82f6b24b |
| SHA1 | 6ce24b9f956ee8c6d64b78932393c61a979b4329 |
| SHA256 | 3ae87c356ac20c04d1e57e2f5d7120e6839ab9329418760424e578844fd03ce0 |
| SHA512 | 6b50bd674c5223ed3cc28d41411a87cfc7e17ba1eaa6e8b57f3ca8af18a7de6edaa4f675d9ae415e865d2fd6aee17f3fabeacf227ab19867b6e2f6e21fdf3689 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0faafac5995c78aa7c6af639a3e9f128 |
| SHA1 | 4ea1a39c58697b4b831cda8fb47d11536032300e |
| SHA256 | b1fb32a51921f4f55ba8adb42925f5202bc99bc0d2ade2f10fab6b42a4cd6d95 |
| SHA512 | f62377c23dd392b127726696e66f5696095335849cca91e41ecafe45dde1ade438086f7df45cfd11f0a60dc807cbe68f3727ec23ca0204d141b50eb7bf1c66d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d4d1e8ad458878dbbfe31fb472d1b29e |
| SHA1 | 5b0d93cd5f5377b8afe207a14756bc93c8e1c89a |
| SHA256 | 42f302a7b632f58bfbf59b11fdfb16cc499829beb66fdcb47feb447846aea697 |
| SHA512 | 1862bc6116c73b24bfc19819ea7af9b632dc605fec0fb5109f44f6a6814b93210bab0c0f99680640593dcff06cf4e736181a69fa1824b9615e66ae1ddbb50689 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9370e3361f237ae72952ef2246490fdf |
| SHA1 | f737a1586d975168daf0bfd1c301218293ba675a |
| SHA256 | af181c2d64a3f9180b6e9a7d41c711c0b453a83ed59da4502f91eb35a7dc1608 |
| SHA512 | 607101c851312603ccd9ca99c53b6eb79e3f70bdf0d88fc1554bcbebe815c3bdbff400c646dc06097f88940266b0032bc99c770cdf6fb4a01199306e42f4dcd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6f890f88fddadde1e410eb27c99394fd |
| SHA1 | 96530557db40b627fa8df921d712fcea6316bf74 |
| SHA256 | 5c590fff976ace0508f73010df69ffbd715dcf44ece8a66211b3436690f63f03 |
| SHA512 | c21d820f08a5a0b1e9bc116ad4ca8d7bdeac1cfe202397ebca045584b9c46517da3202310febd3a2b544be59cdc25de7e2ca21871be6b94afb81bc5e81aa1450 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fa141e43f854767cbc339f63dc766155 |
| SHA1 | 935db1494402d5433141237e5d2f3e6d47c1616b |
| SHA256 | de58dd350c9afd957b41f781358563c1d94f385b55d87f8f03927823130c467c |
| SHA512 | bc1a3bd4b8b72c801c0f4a0a9a1bc8ff422f13574c45118e5be21d5e160f8a5765a0967207b9d30f7be89a0f8ef7e595f8bc49bf0b04d3cf02974534aebb0c7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59bf01.TMP
| MD5 | e5c0019f987263102120d9c3d77724f3 |
| SHA1 | d8bd475d7398f97c80d6d3b735cd656cb03223dd |
| SHA256 | dd287e6b68884c0d064ed82d438ac059edae7bb17f7204ad7eb9ed808b7e78c8 |
| SHA512 | bbfaf07ff723da1663e49859487964423bd5aaa11898e2931adadeb5178fd0ab3c5683dafa27ef902d7ac4b31c3be0057112f6231664829c1117ae1a58c7e9f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1595298b9a246623bd1a47bb2353f1a7 |
| SHA1 | 1147b965139a48cb776153baee11c6b65517c77b |
| SHA256 | 18221a0e4057c9ff3f11616c465c26c5bdb7f321070dc7811171911642f29761 |
| SHA512 | cc6e9d47587c521fedd78f9ecdc380321e19744f6db372947066e53df492445bdbb45feabe5d17b9854bd9b99928f4cf4b91d9466e754b15482a2a02d393fff8 |