Malware Analysis Report

2024-11-30 11:35

Sample ID 240221-wwd19ada2y
Target https://file.io/fgXDCar918Wx
Tags
lockbit ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://file.io/fgXDCar918Wx was found to be: Known bad.

Malicious Activity Summary

lockbit ransomware

Lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-21 18:15

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-21 18:15

Reported

2024-02-21 18:48

Platform

win10v2004-20240221-en

Max time kernel

1793s

Max time network

1800s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/fgXDCar918Wx

Signatures

Lockbit

ransomware lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3820 wrote to memory of 2608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 2608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/fgXDCar918Wx

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f30646f8,0x7ff9f3064708,0x7ff9f3064718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5572 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x518 0x33c

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8620 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9144 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build.bat" "

C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\keygen.exe

keygen -path C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build -pubkey pub.key -privkey priv.key

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8676 /prefetch:2

C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe

builder -type dec -privkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\priv.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3Decryptor.exe

C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe

builder -type enc -exe -pubkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3.exe

C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe

builder -type enc -exe -pass -pubkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3_pass.exe

C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe

builder -type enc -dll -pubkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3_Rundll32.dll

C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe

builder -type enc -dll -pass -pubkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3_Rundll32_pass.dll

C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe

builder -type enc -ref -pubkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3_ReflectiveDll_DllMain.dll

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\LockBit3000.7z"

C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe

"C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 file.io udp
US 45.55.107.24:443 file.io tcp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 82.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 24.107.55.45.in-addr.arpa udp
US 8.8.8.8:53 www.file.io udp
CZ 65.9.95.72:443 www.file.io tcp
US 8.8.8.8:53 72.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 13.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 hb.vntsm.com udp
GB 143.244.38.136:443 hb.vntsm.com tcp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
GB 143.244.38.136:443 hb.vntsm.com tcp
US 8.8.8.8:53 hb.vntsm.io udp
US 172.67.36.131:443 hb.vntsm.io tcp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 131.36.67.172.in-addr.arpa udp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 142.250.179.226:443 securepubads.g.doubleclick.net tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
BE 74.125.206.155:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
BE 74.125.206.155:443 stats.g.doubleclick.net tcp
GB 142.250.179.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 155.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.exelator.com udp
US 8.8.8.8:53 cmp.quantcast.com udp
CZ 65.9.98.75:443 c.amazon-adsystem.com tcp
CZ 65.9.95.67:443 cdn.exelator.com tcp
DE 18.195.142.17:443 cmp.quantcast.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 cmp.inmobi.com udp
CZ 65.9.95.38:443 cmp.inmobi.com tcp
CZ 65.9.95.3:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 75.98.9.65.in-addr.arpa udp
US 8.8.8.8:53 17.142.195.18.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 67.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
GB 2.19.152.155:443 secure.cdn.fastclick.net tcp
GB 2.19.152.155:443 secure.cdn.fastclick.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
NL 89.207.16.210:443 proc.ad.cpe.dotomi.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 52.28.79.158:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 38.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 3.95.9.65.in-addr.arpa udp
US 104.22.4.69:443 a.ad.gt tcp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 155.152.19.2.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 210.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 158.79.28.52.in-addr.arpa udp
US 8.8.8.8:53 cadmus.script.ac udp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 i.clean.gg udp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
CZ 65.9.92.124:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 cdn.edkt.io udp
US 34.95.69.49:443 i.clean.gg udp
US 34.120.111.33:443 cdn.edkt.io tcp
IE 52.214.248.106:443 track.venatusmedia.com tcp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 124.92.9.65.in-addr.arpa udp
US 8.8.8.8:53 33.111.120.34.in-addr.arpa udp
US 8.8.8.8:53 106.248.214.52.in-addr.arpa udp
US 8.8.8.8:53 script.4dex.io udp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 apex.go.sonobi.com udp
US 8.8.8.8:53 169.9.26.104.in-addr.arpa udp
NL 145.40.97.66:443 prebid.a-mo.net tcp
DE 35.156.118.157:443 btlr.sharethrough.com tcp
DE 35.156.118.157:443 btlr.sharethrough.com tcp
DE 35.156.118.157:443 btlr.sharethrough.com tcp
DE 35.156.118.157:443 btlr.sharethrough.com tcp
NL 89.149.192.192:443 prg.smartadserver.com tcp
NL 89.149.192.192:443 prg.smartadserver.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 172.64.144.78:443 elb.the-ozone-project.com tcp
DE 52.28.96.32:443 tlx.3lift.com tcp
DE 37.252.172.123:443 ib.adnxs-simple.com tcp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 tg1.aniview.com udp
GB 2.18.109.247:443 tg1.aniview.com tcp
US 8.8.8.8:53 feed.avplayer.com udp
US 8.8.8.8:53 track4.aniview.com udp
US 8.8.8.8:53 player.avplayer.com udp
US 8.8.8.8:53 66.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 78.144.64.172.in-addr.arpa udp
US 8.8.8.8:53 192.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 157.118.156.35.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 32.96.28.52.in-addr.arpa udp
US 8.8.8.8:53 123.172.252.37.in-addr.arpa udp
US 8.8.8.8:53 8.1.166.69.in-addr.arpa udp
US 96.46.186.186:443 track4.aniview.com tcp
GB 104.77.160.15:443 player.avplayer.com tcp
GB 92.123.26.162:443 feed.avplayer.com tcp
GB 104.77.160.15:443 player.avplayer.com tcp
US 8.8.8.8:53 247.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 15.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 162.26.123.92.in-addr.arpa udp
US 8.8.8.8:53 186.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 play.aniview.com udp
US 8.8.8.8:53 content1.avplayer.com udp
GB 104.77.160.15:443 content1.avplayer.com tcp
GB 104.77.160.15:443 content1.avplayer.com tcp
GB 2.18.109.247:443 play.aniview.com tcp
US 8.8.8.8:53 go1.aniview.com udp
US 173.0.146.6:443 go1.aniview.com tcp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 match.adsrvr.org udp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 54.152.154.216:443 sync.srv.stackadapt.com tcp
NL 98.98.134.243:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 6.146.0.173.in-addr.arpa udp
NL 193.0.160.131:443 p.rfihub.com tcp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 69.166.1.66:443 sync.go.sonobi.com tcp
GB 216.58.201.98:443 cm.g.doubleclick.net tcp
US 69.166.1.66:443 sync.go.sonobi.com tcp
GB 216.58.201.98:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 192.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 243.134.98.98.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 216.154.152.54.in-addr.arpa udp
US 8.8.8.8:53 101.56.16.104.in-addr.arpa udp
US 8.8.8.8:53 66.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 track1.avplayer.com udp
US 96.46.186.15:443 track1.avplayer.com tcp
US 8.8.8.8:53 15.186.46.96.in-addr.arpa udp
DE 37.252.172.123:443 ib.adnxs-simple.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 89.149.192.192:443 prg.smartadserver.com tcp
DE 35.156.118.157:443 btlr.sharethrough.com tcp
NL 89.149.192.192:443 prg.smartadserver.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 37.252.172.123:443 ib.adnxs-simple.com tcp
US 8.8.8.8:53 5.179.17.96.in-addr.arpa udp
NL 89.149.192.192:443 prg.smartadserver.com tcp
DE 35.156.118.157:443 btlr.sharethrough.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
DE 37.252.172.123:443 ib.adnxs-simple.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
GB 216.58.201.98:443 cm.g.doubleclick.net udp
US 69.166.1.66:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 18.194.115.222:443 api.cmp.inmobi.com tcp
GB 142.250.179.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 06d4280af294bfef10b151f3bb96c535.safeframe.googlesyndication.com udp
US 8.8.8.8:53 www.file.io udp
GB 216.58.204.65:443 06d4280af294bfef10b151f3bb96c535.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 222.115.194.18.in-addr.arpa udp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 p.ad.gt udp
US 172.67.23.234:443 p.ad.gt tcp
US 173.0.146.6:443 go1.aniview.com tcp
US 8.8.8.8:53 api.edkt.io udp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 104.22.4.69:443 ids.ad.gt tcp
US 104.22.4.69:443 ids.ad.gt tcp
NL 185.89.210.180:443 secure.adnxs.com tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
US 151.101.1.44:443 trc.taboola.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
NL 213.19.162.90:443 token.rubiconproject.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 34.120.111.33:443 api.edkt.io udp
IE 34.252.143.149:443 match.prod.bidr.io tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 180.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 90.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 149.143.252.34.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 45.55.107.24:443 file.io tcp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 cdn1.vntsm.com udp
FR 185.93.2.244:443 cdn1.vntsm.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 ap.lijit.com udp
FR 217.182.178.229:443 ssbsync.smartadserver.com tcp
IE 52.214.40.59:443 ap.lijit.com tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
NL 154.57.158.26:443 ads.stickyadstv.com tcp
NL 154.57.158.26:443 ads.stickyadstv.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 ssp.disqus.com udp
US 8.8.8.8:53 244.2.93.185.in-addr.arpa udp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 44.205.40.56:443 ssp.disqus.com tcp
US 8.8.8.8:53 cs.krushmedia.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 onetag-sys.com udp
NL 98.98.134.243:443 pixel-sync.sitescout.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
US 34.98.64.218:443 u.openx.net tcp
DE 51.89.9.253:443 onetag-sys.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 229.178.182.217.in-addr.arpa udp
US 8.8.8.8:53 59.40.214.52.in-addr.arpa udp
US 8.8.8.8:53 26.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 56.40.205.44.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 253.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 134.110.2.8.in-addr.arpa udp
US 96.46.186.182:443 sync.aniview.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 34.98.64.218:443 u.openx.net udp
US 96.46.186.182:443 sync.aniview.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
DE 3.123.117.110:443 match.sharethrough.com tcp
NL 81.17.55.117:443 rtb-csync.smartadserver.com tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
GB 2.17.5.216:443 eus.rubiconproject.com tcp
NL 81.17.55.117:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 onsite-tag-logs.apps.nielsen.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 35.171.241.123:443 onsite-tag-logs.apps.nielsen.com tcp
US 8.8.8.8:53 wt.rqtrk.eu udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 117.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 110.117.123.3.in-addr.arpa udp
DE 57.129.18.105:443 wt.rqtrk.eu tcp
US 8.8.8.8:53 93.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 216.5.17.2.in-addr.arpa udp
DE 18.195.192.19:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 216.200.232.253:443 sync.mathtag.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 cs.admanmedia.com udp
DE 51.89.9.253:443 onetag-sys.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 80.77.87.161:443 cs.admanmedia.com tcp
US 8.8.8.8:53 image8.pubmatic.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 player.aniview.com udp
GB 216.58.212.225:443 tpc.googlesyndication.com tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
GB 104.77.160.15:443 player.aniview.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
GB 104.77.160.15:443 player.aniview.com tcp
GB 104.77.160.15:443 player.aniview.com tcp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 105.18.129.57.in-addr.arpa udp
US 8.8.8.8:53 123.241.171.35.in-addr.arpa udp
US 8.8.8.8:53 19.192.195.18.in-addr.arpa udp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 253.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 161.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 225.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 104.22.4.69:443 ids.ad.gt tcp
US 172.67.23.234:443 ids.ad.gt tcp
US 8.8.8.8:53 s2s.aniview.com udp
US 96.46.186.176:443 s2s.aniview.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 185.86.138.121:443 prg.smartadserver.com tcp
US 8.8.8.8:53 161.182.54.209.in-addr.arpa udp
US 8.8.8.8:53 176.186.46.96.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 96.46.186.176:443 s2s.aniview.com tcp
US 8.8.8.8:53 121.138.86.185.in-addr.arpa udp
US 8.8.8.8:53 cmp.quantcast.com udp
DE 18.195.142.17:443 cmp.quantcast.com tcp
BE 74.125.206.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 p.cpx.to udp
IE 54.72.93.19:443 p.cpx.to tcp
US 8.8.8.8:53 secure.quantserve.com udp
DE 91.228.74.206:443 secure.quantserve.com tcp
US 8.8.8.8:53 19.93.72.54.in-addr.arpa udp
US 8.8.8.8:53 206.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 i.clean.gg udp
NL 185.89.210.82:443 ib.adnxs.com tcp
US 34.95.69.49:443 i.clean.gg udp
US 8.8.8.8:53 rules.quantcount.com udp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
CZ 65.9.95.80:443 rules.quantcount.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
DE 18.195.128.63:443 btlr.sharethrough.com tcp
FR 185.86.138.121:443 prg.smartadserver.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 82.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 s.cpx.to udp
IE 63.34.229.163:443 s.cpx.to tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.228.202:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 80.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 63.128.195.18.in-addr.arpa udp
US 8.8.8.8:53 163.229.34.63.in-addr.arpa udp
US 8.8.8.8:53 b5876c89d25825bd7233b8c6ab944cd0.safeframe.googlesyndication.com udp
US 8.8.8.8:53 dpm.demdex.net udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 sync.smartadserver.com udp
NL 208.93.169.131:443 bh.contextweb.com tcp
IE 52.19.228.126:443 dpm.demdex.net tcp
NL 81.17.55.172:443 sync.smartadserver.com tcp
IE 54.194.25.32:443 ad.360yield.com tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 prod.tahoe-analytics.publishers.advertising.a2z.com udp
US 44.240.99.74:443 prod.tahoe-analytics.publishers.advertising.a2z.com tcp
US 44.240.99.74:443 prod.tahoe-analytics.publishers.advertising.a2z.com tcp
US 8.8.8.8:53 pixel.quantserve.com udp
DE 162.19.138.83:443 id5-sync.com tcp
DE 162.19.138.83:443 id5-sync.com tcp
US 8.8.8.8:53 202.228.220.67.in-addr.arpa udp
US 8.8.8.8:53 172.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 126.228.19.52.in-addr.arpa udp
US 8.8.8.8:53 32.25.194.54.in-addr.arpa udp
US 8.8.8.8:53 74.99.240.44.in-addr.arpa udp
US 8.8.8.8:53 83.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 ib.3lift.com udp
US 8.8.8.8:53 pixels.ad.gt udp
CZ 65.9.95.23:443 ib.3lift.com tcp
US 172.67.23.234:443 pixels.ad.gt tcp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 23.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
NL 145.40.97.67:443 sync.a-mo.net tcp
GB 2.18.108.180:443 acdn.adnxs.com tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 img.3lift.com udp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 api.rlcdn.com udp
GB 92.123.128.144:443 www.bing.com tcp
GB 92.123.128.144:443 www.bing.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 35.244.193.51:443 lexicon.33across.com tcp
CZ 65.9.95.85:443 img.3lift.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 180.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 144.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 85.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 assets.a-mo.net udp
US 104.19.159.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 19.159.19.104.in-addr.arpa udp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 ow.pubmatic.com udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
DK 37.157.5.133:443 cm.adform.net tcp
NL 131.153.158.209:443 id.a-mx.com tcp
NL 131.153.158.209:443 id.a-mx.com tcp
GB 185.64.190.84:443 ow.pubmatic.com tcp
NL 213.19.162.71:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 c3.a-mo.net udp
US 8.8.8.8:53 ssum.casalemedia.com udp
NL 131.153.158.209:443 c3.a-mo.net tcp
US 8.8.8.8:53 id.rtb.mx udp
NL 131.153.158.209:443 id.rtb.mx tcp
NL 98.98.134.243:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 cms.quantserve.com udp
US 52.72.28.150:443 sync.srv.stackadapt.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 133.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 84.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 209.158.153.131.in-addr.arpa udp
US 8.8.8.8:53 71.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 dnacdn.net udp
US 69.166.1.66:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 ads.avct.cloud udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 150.28.72.52.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 go1.aniview.com udp
US 173.0.146.6:443 go1.aniview.com tcp
US 8.8.8.8:53 rtb.openx.net udp
US 35.227.252.103:443 rtb.openx.net tcp
US 35.227.252.103:443 rtb.openx.net udp
FR 178.32.197.52:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 hb.vntsm.com udp
US 8.8.8.8:53 mydmp.exelator.com udp
IE 34.254.143.3:443 mydmp.exelator.com tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.212.225:443 tpc.googlesyndication.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 load77.exelator.com udp
GB 89.187.167.9:443 load77.exelator.com tcp
US 8.8.8.8:53 52.197.32.178.in-addr.arpa udp
US 8.8.8.8:53 3.143.254.34.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.167.187.89.in-addr.arpa udp
FR 185.86.138.121:443 prg.smartadserver.com tcp
NL 185.89.210.82:443 ib.adnxs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 185.86.138.121:443 prg.smartadserver.com tcp
GB 142.250.179.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 216.58.212.225:443 tpc.googlesyndication.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.179.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 track1.avplayer.com udp
US 96.46.186.15:443 track1.avplayer.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6fbbaffc5a50295d007ab405b0885ab5
SHA1 518e87df81db1dded184c3e4e3f129cca15baba1
SHA256 b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6
SHA512 011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

\??\pipe\LOCAL\crashpad_3820_WWFQUHJXNMTGKUZF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 360dd5debf8bf7b89c4d88d29e38446c
SHA1 65afff8c78aeb12c577a523cb77cd58d401b0f82
SHA256 3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef
SHA512 0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 46f7c7656dbc22da5ea9d38064b2ea6e
SHA1 95c8bb646f2b1b981d83d148811418dd10d1e631
SHA256 6d1c29d0d3c72db8cad01ef2faa369adc307c6ad948003909ba3cfd9eeff13bb
SHA512 86c16c8865bb25556d8c9c049eaa9764b09737317e9a750a649e61eda78a6b9321e9849bb8ef30af506847ee15c88bde5c8f6a60d6fc100dbfbbe147e38a30aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\43db46cd-46b6-4b3a-b3b2-e2fd2ea7a40a.tmp

MD5 d68c46f09c4d88f7d309c93cb71af6c3
SHA1 55d89421402d536e9eb3472919ea07c8e7594636
SHA256 f7d0b62fe5c25bd7db6c1d0e54ee423ba3b89a8ba717b81a4e6d98a499f292d6
SHA512 7e9224895047a09181dc6610d5639ff62fe293997538013e5826ff2ee2ce0abb9a2e37a7d37a83fdef8153c2b2713a291fd4f99dcd8a38ebc1c623ac4a9bcc66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e0916eaf75d86a7e9d041c62c2d0f6b
SHA1 b7e3baba107718cec40f59c155fcd6ffe4491964
SHA256 d4c131315a1bb4f73252616e75f2054e4db4daa787babfb6f10d834bfef9eb6d
SHA512 3fc36ba060cead7f0225235f0f21d203720c3ec4a95008f6d719473084868a1f4c430b87c745146864b6cd747448b9b5c7942bab9072191053ca6d174962cfcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 81af74de3745678026a078995862efc3
SHA1 825aae9fad6a013181775dff4ae4741a0076dac5
SHA256 7679d913122be23fac272ed3102034e1d9360c4278d7a26b99160776077b0861
SHA512 a9e5ed555621bf6ae9555a1cfe8ecbdb7881f4aad1ec2a9f6b0fc38a4078697d76380f2b4e51a677a83788ed8652fe30d872efcb30da431d56d921a91da48c03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 182de97533495c02bdd936a57a8fd7d2
SHA1 faca3d4ce74b64da8648fbe0d58edf608de7dad0
SHA256 9c4515e1e8ee9f4d7a731db0ab7fa5f608eeb434ceaf5bfdf3c96ddfd18f7774
SHA512 c0e91f1c4232419ce40f45e2cd6261eb01684b5dc5797feb739ae15d5155430b2ab73a8558ab2c76b199582fa8aad215aea726c2a6fd935049c3f58f2d6dcda6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6a3bd6b783747f845e30bc949daf4b94
SHA1 80fc9622eee9eaf54c034e92e9724ec3f4af54e2
SHA256 455e4820b3b73fc58c965f38cdae1074e58238d1d1d13e1e5ff2e5602e8af45a
SHA512 a8b360d95d602a240ebf15ba177f3bd33df839d7cfa98ec2a278df1a256dfea6140bce09fe5b6bf93302d29acd0ce6c8c38c50157a2aeb2228bbe8c7f7bb1d10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ea7f9e01a0e99d09a44b643000da5283
SHA1 ac31d004fc3f8de2c4324f7f1d632ba4069cfeaf
SHA256 067f9ebfd9537aa577a1fbaad72263953fe2121d50fda47497dbc411f9a07db0
SHA512 99210fee25ba1edbcf7b22e737f02df7d3d61aaf82824117a687b9714cd8cc87b389431d11de4a80956a73f9218b3f5197acadf6a102acb51101e9b1ac532c3b

C:\Users\Admin\Downloads\lockbit.zip

MD5 e2119231341e7c4a9edce29d45880bcb
SHA1 5d17048983e7a756e826eb6ea4b716500e7e8bd1
SHA256 e90d3474c206d86ddc12b5d31886e726bceaed55f6a39b4a079089880a8105b1
SHA512 d2b818a7b7721f445c43795c6a4d1c363b6aa3f54b04a79853a35bd5181c63253e989627d6bc4c3369b3b416bdc48954b102dc4bb4025726d05354e7bf61e9a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 717ea9c367e03bfaf992d07cf4c667e7
SHA1 24eee16f69a9af796a2690dbe3c3933a2c7b43dc
SHA256 1d15ba6b30f8c26ce15724984ecfb95c89d0d1c8141b37957965b8be27f7f373
SHA512 12637cffdaa42b6982e3f61b365398c0f6b31610579b771bf4cbdb5e8ef73858c60cb1f80f32aad30764d9dc4e5624fc36bc726f3046f85bef595dc82c8f7d85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d172ac56d1b29e5e1f416d64a6b4a3ae
SHA1 820e97c7635dae69f86f7aa0666830549ad7d95d
SHA256 070f9755f93058d031a4f65fb0c1b690154eff9ba8e7e6120282e1d97ea36389
SHA512 dfa1e7bf3537c50d1576799a6df3215199a7ee276aa89d13c20289f0a35d7a15c0afc5cad2062ce166d779b9270cba3c306dca53a8141f2797e24c4d1a03832a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5973de.TMP

MD5 d46308fc32c548edfa21f51229f79d8f
SHA1 9bcdca9da3905212d165e7e22b4d439456e221de
SHA256 4879795f3d6bc3401fd3ea4dd5781aba21e6d64ba0e4c46e7ece19598ca5ba5d
SHA512 ac549e8d8208e76c8b185a0714e24f50665cc25f949a5da761e88a92538e4a45d651b05711ab12370563807d46b8fc346286f55659e1733522400d77873bf3ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9dff3aa97841ae68427f0cb672a3ca70
SHA1 52cc646bb0a72c11bc0bf109f21bfd6b74861afd
SHA256 6de77b0cc70aca8105b7ccd5f5b5ac5d519c4206a7213b6cef38058d8a70e973
SHA512 371fa12345cf35abcba0eff1edd26e90198b3ad42d1cdd7a828281d8a9fc26eca6ab841d42a05816c6c93d5839263692c8892450c490a6705a13afd737a644e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5e1a7c9420445845fd9399029abc8e66
SHA1 cbc21b6b5a04bc067f79f44206c6951ac93c6bba
SHA256 197b4156399a3ceb80ff5387f1ab51676852f70fd443d687302d13c32c01b672
SHA512 183299ac7251f5057ff248bbe34282d2efc99ac5e4e5f36c192ca503ac3f9a0900330e2b9040fbbc9515a3c44dea4519de66cba354b57e382922e736192fc8b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e28552e250a1fd25f2203e700dfdfd1e
SHA1 4cb0a142fc2f2c0177ec355ec1099999ec54d14b
SHA256 4b2f31dbcd0ae3ba8dc51f2bffdd298eb6edfacd1a003900902a54281c351768
SHA512 f4ed98dea4d7fa8920616fb62b38edc2581d641f32bb58a976367f6a95bab96980c5cf474e2b35ceb918f03d3afbccfd6b0bb2c8f62cb79dcff0532cf1962c17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 01f11385e5ae8aab13fa6c1a3e606a07
SHA1 66aa972a3c25e2c30183654a8a9d6ab04305283c
SHA256 31e39a4edcf261108f0d388b6c18708d33ab331f153d76753c35abff3e6637c4
SHA512 61945f7b9da21b795e89e9fb0d287fa54f52cac049fd431a6184a5d96abe845e1fe146bfeb16729067c539f7c8ccc11c03358b445e47ad9b3a7e39e68d77afcb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 42271aa221b97f1a58eee98c6ca0455c
SHA1 3222907e18c60a899990ca04d36a2880b18957d8
SHA256 0bde11174392a0b5276ac6b3ed1a86874eec746fc7c19833e4f2b9360506f6a2
SHA512 f78c5fb572ca178c7b48be43ead60fc15d0934da09584e7b14058328b3c890fb4a94241c65ce35fa88c806b2cddb57c69069c5516fdc7461a236164ab310e568

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f1ae34a543962c117e52677f926d926c
SHA1 f3858760162195a3907ef41474b94f282f5d8b64
SHA256 424e3abdffd306a70bf8ba7835fdf042bf8911c76d4bd637ef5f13992b4e3689
SHA512 c50492f8b1969a68a27d0adc249ec10298d83778fb0cee380823ffda313a54b2f1329fc3b4a53439e9df5cd3021e30ae13b53143add9f084381ad06171d5ea46

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-21 18:15

Reported

2024-02-21 18:48

Platform

win11-20240221-en

Max time kernel

900s

Max time network

1172s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/fgXDCar918Wx

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1184 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/fgXDCar918Wx

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xdc,0x118,0x7ffb48523cb8,0x7ffb48523cc8,0x7ffb48523cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5760 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004D8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 file.io udp
US 45.55.107.24:443 file.io tcp
CZ 65.9.95.21:443 www.file.io tcp
GB 143.244.38.136:443 hb.vntsm.com tcp
GB 143.244.38.136:443 hb.vntsm.com tcp
US 104.22.47.142:443 hb.vntsm.io tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 45.55.107.24:443 file.io tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 74.125.206.155:443 stats.g.doubleclick.net tcp
BE 74.125.206.155:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
DE 18.195.142.17:443 cmp.quantcast.com tcp
CZ 65.9.98.75:443 c.amazon-adsystem.com tcp
CZ 65.9.95.83:443 cdn.exelator.com tcp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 155.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
CZ 65.9.95.29:443 config.aps.amazon-adsystem.com tcp
CZ 65.9.95.50:443 cmp.inmobi.com tcp
GB 2.19.152.155:443 secure.cdn.fastclick.net tcp
GB 2.19.152.155:443 secure.cdn.fastclick.net tcp
US 18.211.56.8:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
IE 34.254.143.3:443 mydmp.exelator.com tcp
US 104.22.4.69:443 ids.ad.gt tcp
US 35.171.241.123:443 onsite-tag-logs.apps.nielsen.com tcp
GB 195.181.164.16:443 load77.exelator.com tcp
NL 63.215.202.178:443 proc.ad.cpe.dotomi.com tcp
DE 18.194.115.222:443 api.cmp.inmobi.com tcp
US 172.67.23.234:443 ids.ad.gt tcp
US 8.8.8.8:53 16.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 123.241.171.35.in-addr.arpa udp
US 8.8.8.8:53 178.202.215.63.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 104.18.22.145:443 cadmus.script.ac tcp
US 34.95.69.49:443 i.clean.gg tcp
CZ 65.9.92.124:443 aax.amazon-adsystem.com tcp
US 34.120.111.33:443 api.edkt.io tcp
IE 52.214.248.106:443 track.venatusmedia.com tcp
US 34.95.69.49:443 i.clean.gg udp
US 172.67.75.241:443 script.4dex.io tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 35.156.118.157:443 btlr.sharethrough.com tcp
DE 35.156.118.157:443 btlr.sharethrough.com tcp
DE 35.156.118.157:443 btlr.sharethrough.com tcp
DE 35.156.118.157:443 btlr.sharethrough.com tcp
NL 185.89.210.212:443 ib.adnxs-simple.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
FR 178.32.210.226:443 prg.smartadserver.com tcp
FR 178.32.210.226:443 prg.smartadserver.com tcp
US 104.18.43.178:443 elb.the-ozone-project.com tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
DE 52.58.102.25:443 tlx.3lift.com tcp
US 172.67.75.241:443 script.4dex.io tcp
GB 2.18.109.247:443 play.aniview.com tcp
GB 92.123.26.178:443 feed.avplayer.com tcp
US 96.46.186.186:443 track4.aniview.com tcp
GB 104.77.160.9:443 player.aniview.com tcp
US 8.8.8.8:53 247.109.18.2.in-addr.arpa udp
GB 104.77.160.9:443 player.aniview.com tcp
GB 2.18.109.247:443 play.aniview.com tcp
GB 104.77.160.15:443 player.aniview.com tcp
GB 104.77.160.15:443 player.aniview.com tcp
US 173.0.146.6:443 go1.aniview.com tcp
US 8.8.8.8:53 bh.contextweb.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 98.98.134.243:443 pixel-sync.sitescout.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 54.208.153.133:443 sync.srv.stackadapt.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 52.223.40.198:443 match.adsrvr.org tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
GB 172.217.169.2:443 cm.g.doubleclick.net tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
GB 172.217.169.2:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 101.56.16.104.in-addr.arpa udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.1.166.69.in-addr.arpa udp
US 96.46.186.15:443 track1.avplayer.com tcp
NL 185.89.210.212:443 ib.adnxs-simple.com tcp
FR 178.32.210.226:443 prg.smartadserver.com tcp
DE 35.156.118.157:443 btlr.sharethrough.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 178.32.210.226:443 prg.smartadserver.com tcp
NL 185.89.210.212:443 ib.adnxs-simple.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 185.89.210.212:443 ib.adnxs-simple.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
DE 35.156.118.157:443 btlr.sharethrough.com tcp
FR 178.32.210.226:443 prg.smartadserver.com tcp
IE 52.111.236.23:443 tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 178.32.210.226:443 prg.smartadserver.com tcp
NL 185.89.210.212:443 ib.adnxs-simple.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 185.89.210.212:443 ib.adnxs-simple.com tcp
FR 178.32.210.226:443 prg.smartadserver.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
DE 3.125.238.57:443 btlr.sharethrough.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 178.32.210.226:443 prg.smartadserver.com tcp
NL 185.89.210.212:443 ib.adnxs-simple.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 178.32.210.226:443 prg.smartadserver.com tcp
NL 185.89.210.212:443 ib.adnxs-simple.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
DE 3.125.238.57:443 btlr.sharethrough.com tcp
FR 178.32.210.226:443 prg.smartadserver.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 3.125.238.57:443 btlr.sharethrough.com tcp
FR 178.32.210.226:443 prg.smartadserver.com tcp
DE 3.125.238.57:443 btlr.sharethrough.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 217.182.178.224:443 prg.smartadserver.com tcp
DE 37.252.171.149:443 ib.adnxs-simple.com tcp
GB 172.217.169.2:443 cm.g.doubleclick.net udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
DE 52.28.79.158:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 trc.taboola.com udp
GB 216.58.204.65:443 c8f7f4be0f34b17fb72341dcfc509705.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 www.file.io udp
US 104.22.5.69:443 ids.ad.gt tcp
US 104.22.5.69:443 ids.ad.gt tcp
US 104.22.5.69:443 ids.ad.gt tcp
IE 52.211.227.29:443 match.prod.bidr.io tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
US 151.101.1.44:443 trc.taboola.com tcp
NL 213.19.162.80:443 token.rubiconproject.com tcp
US 34.120.111.33:443 api.edkt.io udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 104.22.5.69:443 ids.ad.gt tcp
US 151.101.1.44:443 trc.taboola.com tcp
US 104.22.5.69:443 ids.ad.gt tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 158.79.28.52.in-addr.arpa udp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 29.227.211.52.in-addr.arpa udp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
IE 18.202.6.206:443 track.venatusmedia.com tcp
US 8.8.8.8:53 track4.aniview.com udp
US 173.0.146.6:443 go1.aniview.com tcp
US 96.46.186.186:443 track4.aniview.com tcp
US 173.0.146.6:443 go1.aniview.com tcp
US 8.8.8.8:53 cdn1.vntsm.com udp
FR 185.93.2.251:443 cdn1.vntsm.com tcp
NL 185.89.210.122:443 secure.adnxs.com tcp
US 104.22.5.69:443 ids.ad.gt tcp
US 8.8.8.8:53 content1.avplayer.com udp
GB 104.77.160.15:443 content1.avplayer.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.212.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 206.6.202.18.in-addr.arpa udp
US 8.8.8.8:53 251.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 122.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 225.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 st.pubmatic.com udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 185.64.190.89:443 st.pubmatic.com tcp
GB 185.64.190.89:443 st.pubmatic.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
GB 142.250.179.230:443 s0.2mdn.net tcp
GB 142.250.179.230:443 s0.2mdn.net tcp
US 8.8.8.8:53 ads.stickyadstv.com udp
GB 142.250.200.2:443 googleads4.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 ssp.disqus.com udp
US 8.8.8.8:53 cs.krushmedia.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 secure.adnxs.com udp
NL 98.98.134.243:443 pixel-sync.sitescout.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 34.239.60.174:443 ssp.disqus.com tcp
GB 142.250.179.230:443 s0.2mdn.net tcp
IE 52.213.173.133:443 ap.lijit.com tcp
US 35.244.159.8:443 u.openx.net tcp
DE 51.89.9.252:443 onetag-sys.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
DE 51.89.9.252:443 onetag-sys.com tcp
US 35.244.159.8:443 u.openx.net udp
GB 104.77.160.9:443 player.aniview.com udp
US 8.8.8.8:53 sync.aniview.com udp
US 45.55.107.24:443 file.io tcp
US 45.55.107.24:443 file.io tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 8.8.8.8:53 s2s.aniview.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.212.225:443 tpc.googlesyndication.com udp
US 45.55.107.24:443 file.io tcp
US 96.46.186.176:443 s2s.aniview.com tcp
US 8.8.8.8:53 optimized-by.rubiconproject.com udp
GB 142.250.178.4:443 www.google.com tcp
US 172.67.23.234:443 ids.ad.gt tcp
US 104.22.5.69:443 ids.ad.gt tcp
US 8.8.8.8:53 pixels.ad.gt udp
GB 142.250.200.2:443 googleads4.g.doubleclick.net udp
DE 3.120.48.12:443 optimized-by.rubiconproject.com tcp
US 8.8.8.8:53 89.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 174.60.239.34.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 133.173.213.52.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 134.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 176.186.46.96.in-addr.arpa udp
US 104.22.5.69:443 pixels.ad.gt tcp
NL 213.19.162.71:443 prebid-server.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 96.46.186.176:443 s2s.aniview.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
BE 74.125.206.155:443 stats.g.doubleclick.net udp
DE 35.157.78.149:443 cmp.quantcast.com tcp
IE 34.254.143.3:443 mydmp.exelator.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 dpm.demdex.net udp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 8.8.8.8:53 p.cpx.to udp
US 8.8.8.8:53 secure.quantserve.com udp
US 8.8.8.8:53 i.clean.gg udp
US 104.18.36.155:443 ssum-sec.casalemedia.com tcp
NL 89.149.192.73:443 sync.smartadserver.com tcp
IE 3.250.252.63:443 dpm.demdex.net tcp
IE 54.73.193.1:443 ad.360yield.com tcp
IE 54.228.205.150:443 p.cpx.to tcp
DE 91.228.74.208:443 secure.quantserve.com tcp
US 34.95.69.49:443 i.clean.gg udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
DE 3.125.238.57:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
FR 217.182.178.224:443 prg.smartadserver.com tcp
FR 217.182.178.224:443 prg.smartadserver.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 149.78.157.35.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 73.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 1.193.73.54.in-addr.arpa udp
US 8.8.8.8:53 rules.quantcount.com udp
US 8.8.8.8:53 63.252.250.3.in-addr.arpa udp
US 8.8.8.8:53 150.205.228.54.in-addr.arpa udp
US 8.8.8.8:53 208.74.228.91.in-addr.arpa udp
CZ 65.9.95.126:443 rules.quantcount.com tcp
IE 54.217.4.188:443 s.cpx.to tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 pixel.quantserve.com udp
IE 67.220.224.144:443 aax-eu.amazon-adsystem.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
FR 91.134.110.132:443 ssbsync.smartadserver.com tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
FR 154.54.250.150:443 ads.stickyadstv.com tcp
FR 154.54.250.150:443 ads.stickyadstv.com tcp
FR 154.54.250.150:443 ads.stickyadstv.com tcp
DE 141.95.98.64:443 id5-sync.com tcp
US 8.8.8.8:53 cdn.edkt.io udp
US 34.120.111.33:443 cdn.edkt.io udp
US 8.8.8.8:53 bb9e2b4a2071cbaa5280977841cf68ba.safeframe.googlesyndication.com udp
US 8.8.8.8:53 onsite-tag-logs.apps.nielsen.com udp
US 44.219.183.120:443 onsite-tag-logs.apps.nielsen.com tcp
US 8.8.8.8:53 126.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 188.4.217.54.in-addr.arpa udp
US 8.8.8.8:53 144.224.220.67.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 90.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 132.110.134.91.in-addr.arpa udp
US 8.8.8.8:53 150.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 120.183.219.44.in-addr.arpa udp
US 173.0.146.6:443 go1.aniview.com tcp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 656bb397c72d15efa159441f116440a6
SHA1 5b57747d6fdd99160af6d3e580114dbbd351921f
SHA256 770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab
SHA512 5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

\??\pipe\LOCAL\crashpad_1184_DORQYTSYOHZKKXPN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d459a8c16562fb3f4b1d7cadaca620aa
SHA1 7810bf83e8c362e0c69298e8c16964ed48a90d3a
SHA256 fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a
SHA512 35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a7f4c792dfe551122b8289db226c759
SHA1 cade65b5a6aa62032130cfbbddd6753615b59530
SHA256 70c9a5a2c0a907ed6e606a768987cab63f2b4366f0907a1a92b8c5d825bb8275
SHA512 5bb44fa96cafb9ed1fc99bd072e6afa1085cc9bf2e006fe9f1b1f98528e65ca0719c1881826a70d698367283f1aa5114b88a0310c7271f1c257f2cb87575440e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 08681c3d4d811903e723bd38be014ffa
SHA1 43007e047b83ef40590a34f4a73e80f312e71b3d
SHA256 1bdae2235df60e3681a0786a47d60c07672f62dd0bb84d6ac5f7277181944827
SHA512 4b7c7cc5009d8f124f250a951b39e5fddc7b79328bec3d8186274ee1a1f904232fb85f4975f8d74bb4d331873b4eb242642a3687c3ba6fd58bd7fecc2e2fdd12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dc1f3723b5c6e970c72a6b3e5b70c007
SHA1 227efb4a8819b1abcb1972b988e3c847bda5b5fb
SHA256 252a5bbb7fbad4314bedc8cd56b2149421ffd156415d93b20c68ccae73a360d0
SHA512 4e270cf4fc35b1ee72ad1471dc137d03abf1480c4b18a17eec02ed5eb4cefa7f89ec56ac8515669845f2f11bc9fba83d0708aabadf6b67ce0f05ae8cce71f871

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 b66e21656d418ceb8ab7256950187aed
SHA1 2715141ac20347e5058f038b27f7037b85224cd2
SHA256 fdb45e13ba6f1166b1de2a61265add2f465d750ca30b922a07c723aae41ceb4a
SHA512 5411a869efee611ff320258dd9eb835ac85f3c155c2b83cb6b7927f196e008771a82640dbb6761a622b44ef045dc4443b7f0246bd8636f584d83be717ed765eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cdc325eea604229f0a54456a82f6b24b
SHA1 6ce24b9f956ee8c6d64b78932393c61a979b4329
SHA256 3ae87c356ac20c04d1e57e2f5d7120e6839ab9329418760424e578844fd03ce0
SHA512 6b50bd674c5223ed3cc28d41411a87cfc7e17ba1eaa6e8b57f3ca8af18a7de6edaa4f675d9ae415e865d2fd6aee17f3fabeacf227ab19867b6e2f6e21fdf3689

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0faafac5995c78aa7c6af639a3e9f128
SHA1 4ea1a39c58697b4b831cda8fb47d11536032300e
SHA256 b1fb32a51921f4f55ba8adb42925f5202bc99bc0d2ade2f10fab6b42a4cd6d95
SHA512 f62377c23dd392b127726696e66f5696095335849cca91e41ecafe45dde1ade438086f7df45cfd11f0a60dc807cbe68f3727ec23ca0204d141b50eb7bf1c66d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d4d1e8ad458878dbbfe31fb472d1b29e
SHA1 5b0d93cd5f5377b8afe207a14756bc93c8e1c89a
SHA256 42f302a7b632f58bfbf59b11fdfb16cc499829beb66fdcb47feb447846aea697
SHA512 1862bc6116c73b24bfc19819ea7af9b632dc605fec0fb5109f44f6a6814b93210bab0c0f99680640593dcff06cf4e736181a69fa1824b9615e66ae1ddbb50689

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9370e3361f237ae72952ef2246490fdf
SHA1 f737a1586d975168daf0bfd1c301218293ba675a
SHA256 af181c2d64a3f9180b6e9a7d41c711c0b453a83ed59da4502f91eb35a7dc1608
SHA512 607101c851312603ccd9ca99c53b6eb79e3f70bdf0d88fc1554bcbebe815c3bdbff400c646dc06097f88940266b0032bc99c770cdf6fb4a01199306e42f4dcd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6f890f88fddadde1e410eb27c99394fd
SHA1 96530557db40b627fa8df921d712fcea6316bf74
SHA256 5c590fff976ace0508f73010df69ffbd715dcf44ece8a66211b3436690f63f03
SHA512 c21d820f08a5a0b1e9bc116ad4ca8d7bdeac1cfe202397ebca045584b9c46517da3202310febd3a2b544be59cdc25de7e2ca21871be6b94afb81bc5e81aa1450

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fa141e43f854767cbc339f63dc766155
SHA1 935db1494402d5433141237e5d2f3e6d47c1616b
SHA256 de58dd350c9afd957b41f781358563c1d94f385b55d87f8f03927823130c467c
SHA512 bc1a3bd4b8b72c801c0f4a0a9a1bc8ff422f13574c45118e5be21d5e160f8a5765a0967207b9d30f7be89a0f8ef7e595f8bc49bf0b04d3cf02974534aebb0c7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59bf01.TMP

MD5 e5c0019f987263102120d9c3d77724f3
SHA1 d8bd475d7398f97c80d6d3b735cd656cb03223dd
SHA256 dd287e6b68884c0d064ed82d438ac059edae7bb17f7204ad7eb9ed808b7e78c8
SHA512 bbfaf07ff723da1663e49859487964423bd5aaa11898e2931adadeb5178fd0ab3c5683dafa27ef902d7ac4b31c3be0057112f6231664829c1117ae1a58c7e9f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1595298b9a246623bd1a47bb2353f1a7
SHA1 1147b965139a48cb776153baee11c6b65517c77b
SHA256 18221a0e4057c9ff3f11616c465c26c5bdb7f321070dc7811171911642f29761
SHA512 cc6e9d47587c521fedd78f9ecdc380321e19744f6db372947066e53df492445bdbb45feabe5d17b9854bd9b99928f4cf4b91d9466e754b15482a2a02d393fff8