Malware Analysis Report

2024-09-11 09:23

Sample ID 240523-sbtz7afa8t
Target Client-built.exe
SHA256 712a42256cf7c2f28f3830dc2f75ee733da382fbe9d5aa16c6d725e893309e5a
Tags
discordrat persistence rat rootkit stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

712a42256cf7c2f28f3830dc2f75ee733da382fbe9d5aa16c6d725e893309e5a

Threat Level: Known bad

The file Client-built.exe was found to be: Known bad.

Malicious Activity Summary

discordrat persistence rat rootkit stealer

Discord RAT

Discordrat family

Legitimate hosting services abused for malware hosting/C2

Unsigned PE

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-23 14:57

Signatures

Discordrat family

discordrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-23 14:57

Reported

2024-05-23 15:01

Platform

win10v2004-20240426-en

Max time kernel

206s

Max time network

209s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{FD5ED1B3-5D6F-47C1-9D63-82C238BC62C2} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client-built.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5616 wrote to memory of 5460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 5460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Client-built.exe

"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa529146f8,0x7ffa52914708,0x7ffa52914718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5244 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4980 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,8407260296538517649,9869932941308711651,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.130.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 g.bing.com udp
US 162.159.128.233:443 discord.com tcp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 234.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 geolocation-db.com udp
DE 159.89.102.253:443 geolocation-db.com tcp
BE 88.221.83.178:443 www.bing.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
BE 88.221.83.178:443 www.bing.com tcp
US 8.8.8.8:53 178.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 253.102.89.159.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp
BE 88.221.83.193:443 www.bing.com tcp
BE 88.221.83.193:443 www.bing.com tcp
BE 88.221.83.193:443 www.bing.com tcp
US 8.8.8.8:53 193.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
BE 88.221.83.250:443 th.bing.com tcp
BE 88.221.83.202:443 r.bing.com tcp
BE 88.221.83.202:443 r.bing.com tcp
BE 88.221.83.250:443 th.bing.com tcp
US 8.8.8.8:53 202.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 250.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.17.251.10:443 aefd.nelreports.net tcp
US 2.17.251.10:443 aefd.nelreports.net udp
US 8.8.8.8:53 10.251.17.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 login.microsoftonline.com udp
SE 40.126.53.17:443 login.microsoftonline.com tcp
US 8.8.8.8:53 17.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 global.localizecdn.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 assets-global.website-files.com udp
GB 172.217.169.10:443 ajax.googleapis.com tcp
GB 172.217.169.10:443 ajax.googleapis.com tcp
US 104.18.5.175:443 global.localizecdn.com tcp
PL 18.244.102.112:443 assets-global.website-files.com tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 2.17.107.235:80 apps.identrust.com tcp
US 8.8.8.8:53 d3e54v103j8qbb.cloudfront.net udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 175.5.18.104.in-addr.arpa udp
US 8.8.8.8:53 112.102.244.18.in-addr.arpa udp
US 8.8.8.8:53 235.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 90.102.244.18.in-addr.arpa udp
US 8.8.8.8:53 216.197.17.2.in-addr.arpa udp
PL 18.244.96.92:443 d3e54v103j8qbb.cloudfront.net tcp
US 8.8.8.8:53 uploads-ssl.webflow.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
PL 18.244.102.102:443 uploads-ssl.webflow.com tcp
PL 18.244.102.102:443 uploads-ssl.webflow.com tcp
PL 18.244.102.102:443 uploads-ssl.webflow.com tcp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 92.96.244.18.in-addr.arpa udp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 102.102.244.18.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
BE 88.221.83.250:443 th.bing.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
GB 172.217.169.10:443 ajax.googleapis.com udp
PL 18.244.102.102:443 uploads-ssl.webflow.com tcp
US 8.8.8.8:53 remote-auth-gateway.discord.gg udp
US 162.159.136.234:443 remote-auth-gateway.discord.gg tcp
US 8.8.8.8:53 234.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 www4.bing.com udp
BE 88.221.83.184:443 www4.bing.com tcp
BE 88.221.83.184:443 www4.bing.com tcp
US 8.8.8.8:53 184.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 temp-mail.org udp
US 104.26.7.95:443 temp-mail.org tcp
US 104.26.7.95:443 temp-mail.org tcp
US 8.8.8.8:53 95.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdn.paddle.com udp
US 8.8.8.8:53 cdn4.buysellads.net udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 172.66.43.196:443 cdn.paddle.com tcp
GB 159.65.211.77:443 cdn4.buysellads.net tcp
US 8.8.8.8:53 web2.temp-mail.org udp
US 104.26.6.95:443 web2.temp-mail.org tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 104.22.74.216:443 btloader.com tcp
PL 18.244.149.66:443 c.amazon-adsystem.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 196.43.66.172.in-addr.arpa udp
US 8.8.8.8:53 77.211.65.159.in-addr.arpa udp
US 8.8.8.8:53 95.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
PL 18.66.233.115:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 130.211.23.194:443 api.btloader.com udp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
PL 18.244.146.68:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 srv.buysellads.com udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 152.42.150.143:443 srv.buysellads.com tcp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 rt.marphezis.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 pbjs.e-planning.net udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
FR 51.178.195.209:443 prg.smartadserver.com tcp
FR 51.178.195.209:443 prg.smartadserver.com tcp
FR 51.178.195.209:443 prg.smartadserver.com tcp
FR 51.178.195.209:443 prg.smartadserver.com tcp
FR 51.178.195.209:443 prg.smartadserver.com tcp
FR 51.178.195.209:443 prg.smartadserver.com tcp
US 172.67.75.241:443 script.4dex.io tcp
DE 51.75.86.98:443 onetag-sys.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
US 34.120.63.153:443 prebid.media.net tcp
PL 18.244.148.36:443 aax.amazon-adsystem.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
DE 37.252.171.52:443 ib.adnxs.com tcp
US 178.128.135.204:443 rt.marphezis.com tcp
PL 18.244.102.54:443 hb.yellowblue.io tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 c.4dex.io udp
US 178.128.135.204:443 rt.marphezis.com tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 66.149.244.18.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 115.233.66.18.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 110.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 153.161.49.23.in-addr.arpa udp
US 8.8.8.8:53 68.146.244.18.in-addr.arpa udp
US 8.8.8.8:53 143.150.42.152.in-addr.arpa udp
US 8.8.8.8:53 241.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 178.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 209.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 98.86.75.51.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 157.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 36.148.244.18.in-addr.arpa udp
US 8.8.8.8:53 52.171.252.37.in-addr.arpa udp
IE 54.220.158.112:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 3.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 54.102.244.18.in-addr.arpa udp
US 172.67.75.241:443 script.4dex.io tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 104.22.4.69:443 a.ad.gt tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.117:443 id5-sync.com tcp
DE 141.95.98.64:443 id5-sync.com tcp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 112.158.220.54.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 4be89b8b66b27f43610bf43103257c53.safeframe.googlesyndication.com udp
GB 172.217.169.65:443 4be89b8b66b27f43610bf43103257c53.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
NL 185.89.210.244:443 secure.adnxs.com tcp
NL 185.89.210.244:443 secure.adnxs.com tcp
US 35.241.34.106:443 c.4dex.io udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 106.34.241.35.in-addr.arpa udp
US 8.8.8.8:53 204.135.128.178.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 244.210.89.185.in-addr.arpa udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 qsearch-a.akamaihd.net udp
US 8.8.8.8:53 warp.media.net udp
NL 178.250.1.11:443 gum.criteo.com tcp
CZ 2.23.8.24:443 contextual.media.net tcp
GB 2.21.188.27:443 warp.media.net tcp
US 2.17.251.115:443 qsearch-a.akamaihd.net tcp
US 2.17.251.115:443 qsearch-a.akamaihd.net tcp
US 2.17.251.115:443 qsearch-a.akamaihd.net tcp
US 2.17.251.115:443 qsearch-a.akamaihd.net tcp
US 8.8.8.8:53 hblg.media.net udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
NL 178.250.1.11:443 dnacdn.net tcp
FR 185.235.86.65:443 ag.gbc.criteo.com tcp
FR 185.235.86.78:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 lg3.media.net udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 24.8.23.2.in-addr.arpa udp
US 8.8.8.8:53 27.188.21.2.in-addr.arpa udp
US 8.8.8.8:53 115.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 65.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 78.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 mybestsearches.com udp
US 8.8.8.8:53 media.net udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 eb2.3lift.com udp
DE 51.75.86.98:443 onetag-sys.com udp
GB 2.21.188.239:443 ads.pubmatic.com tcp
CZ 2.23.9.250:443 eus.rubiconproject.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 151.101.1.108:443 acdn.adnxs.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 239.188.21.2.in-addr.arpa udp
US 8.8.8.8:53 250.9.23.2.in-addr.arpa udp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 image6.pubmatic.com udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 gum.aidemsrv.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 104.17.44.93:443 gum.aidemsrv.com tcp
DE 23.48.23.48:443 player.aniview.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
CZ 104.64.126.246:443 secure-assets.rubiconproject.com tcp
US 67.202.105.22:443 ssc-cms.33across.com tcp
CZ 104.64.126.246:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
NL 81.17.55.122:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
NL 185.184.8.90:443 creativecdn.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 sync.aniview.com udp
PL 18.244.102.105:443 api-2-0.spot.im tcp
IE 34.240.216.83:443 match.prod.bidr.io tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 50.31.142.255:443 b1sync.zemanta.com tcp
US 50.31.142.255:443 b1sync.zemanta.com tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 52.73.192.158:443 sync.srv.stackadapt.com tcp
US 54.227.161.137:443 cs-server-s2s.yellowblue.io tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
IE 99.80.184.135:443 ap.lijit.com tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
DE 18.157.153.25:443 rtb.mfadsrvr.com tcp
IE 54.74.38.144:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 192.132.33.68:443 bttrack.com tcp
US 8.8.8.8:53 78.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 93.44.17.104.in-addr.arpa udp
US 8.8.8.8:53 48.23.48.23.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 246.126.64.104.in-addr.arpa udp
US 8.8.8.8:53 122.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 79.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 83.216.240.34.in-addr.arpa udp
US 8.8.8.8:53 105.102.244.18.in-addr.arpa udp
US 8.8.8.8:53 255.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 158.192.73.52.in-addr.arpa udp
US 8.8.8.8:53 135.184.80.99.in-addr.arpa udp
US 8.8.8.8:53 137.161.227.54.in-addr.arpa udp
US 8.8.8.8:53 25.153.157.18.in-addr.arpa udp
US 8.8.8.8:53 144.38.74.54.in-addr.arpa udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
US 8.8.8.8:53 sync.search.spotxchange.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 161.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 2.17.251.10:443 aefd.nelreports.net udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.230.21:443 js.hcaptcha.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 21.230.19.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.17.251.10:443 aefd.nelreports.net udp
DE 51.75.86.98:443 onetag-sys.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 178.128.135.204:443 rt.marphezis.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 37.252.171.52:443 ib.adnxs.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 8.8.8.8:53 prg.smartadserver.com udp
NL 178.250.1.8:443 bidder.criteo.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
NL 89.149.192.240:443 prg.smartadserver.com tcp
NL 89.149.192.240:443 prg.smartadserver.com tcp
NL 89.149.192.240:443 prg.smartadserver.com tcp
NL 89.149.192.240:443 prg.smartadserver.com tcp
US 178.128.135.204:443 rt.marphezis.com tcp
US 35.241.34.106:443 c.4dex.io udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 240.192.149.89.in-addr.arpa udp
US 152.42.150.143:443 srv.buysellads.com tcp
US 8.8.8.8:53 contextual.media.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 mybestsearches.com udp
US 8.8.8.8:53 media.net udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 89.149.192.240:443 prg.smartadserver.com tcp
NL 89.149.192.240:443 prg.smartadserver.com tcp
NL 89.149.192.240:443 prg.smartadserver.com tcp
NL 89.149.192.240:443 prg.smartadserver.com tcp
US 34.120.63.153:443 prebid.media.net udp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
DE 37.252.171.52:443 ib.adnxs.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp

Files

memory/4736-1-0x00000144E80C0000-0x00000144E80D8000-memory.dmp

memory/4736-0-0x00007FFA58B13000-0x00007FFA58B15000-memory.dmp

memory/4736-2-0x00000144EA900000-0x00000144EAAC2000-memory.dmp

memory/4736-3-0x00007FFA58B10000-0x00007FFA595D1000-memory.dmp

memory/4736-4-0x00000144EB000000-0x00000144EB528000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b167567021ccb1a9fdf073fa9112ef0
SHA1 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA256 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

\??\pipe\LOCAL\crashpad_5616_YYWKNQSPBZOEUWJW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 537815e7cc5c694912ac0308147852e4
SHA1 2ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256 b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA512 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5d067b7013ff57451f81209c6cb63029
SHA1 8215d9c728506b889692b41a8a50528efd1987fd
SHA256 c3d3c461409045814e3339a63b95e1d2086fef92843c93983fa97046ff44bd3e
SHA512 c8be827f0c8c3a82a8cceb0c81a66e00e4e174264bf212454004391632f963c1fc6c512e5e341cbf9df77264a2cb277548c818171e3263196ceae7173a666501

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 24a79550b3e2680bb08ee963d8db05bc
SHA1 b967c19e9b6f54f9daa564a53090fe52d0c9e1bc
SHA256 d46f5ed1f4053946321dc3c8ed163b39fdda68c36f101a72f51cd775dc48fdb0
SHA512 1b2bca12369915d5192f9a835dbf1fea4293df3151d8b1a26ea29ab6f4dfd7986aaf50d39d6e79f578af99412696e1d43c6337daa84f1fa3ed6066df18575aaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 baa826e95e7f4de68af94cca5830a0e0
SHA1 e8db10135da00edff022ed3d82511338830502bc
SHA256 8cd9697f5fd417424ba59d4e73a92b78f60ca960491e3eaa68dccad1490efbef
SHA512 cd2f3e4951a4044048c82bfb7bef8f145cf4182d21be9b576836ee82f1946471e023d8aa1eb878dfa326146fa54177951e27b313ac8424a0a0c2d12d9ad013a7

memory/4736-203-0x00007FFA58B13000-0x00007FFA58B15000-memory.dmp

memory/4736-256-0x00007FFA58B10000-0x00007FFA595D1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 0ea3c40e1faf37122a20a202e9b52714
SHA1 ac0d594878e4160c112d7f70b5c680523dcee1a4
SHA256 ad3eac09f7aaaed3059ec039ea0477af10919a4a9be9a8865dce7fd34776c8b0
SHA512 e19363456375a8b1a0887af217befabf3dfa5c6944b9b4b62a04d20ce6e5649af4309b86ecfaf061ebcf243011eef123c3f75ebf2dba32d18ce28140adbca52d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 aac57f6f587f163486628b8860aa3637
SHA1 b1b51e14672caae2361f0e2c54b72d1107cfce54
SHA256 0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486
SHA512 0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 81a63a086d1c0fb065b12ebecf8cd7f8
SHA1 4ae54a6f2a83df9c901b196a6c29c3436b3a3f0b
SHA256 706678b4abec74ac3221737a9c70bab8ea40cf26ee6a89cb321e6c1503fee0ce
SHA512 2d33384744684bb31c7a30b263d6d2a1fe7bdd3dbaca9867ec6955795e23e7ab5996137210c651c608c22b1d9800bc1a29ef933958fb57dcac2482e8d3922877

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aa9268e10583d4503b399ae9c818196e
SHA1 4a7014072bde1434ff060370723ea00183294fd1
SHA256 a14ae69995ab75be925c4578254c40f3641431a0483117a5a166f0dc32f48ada
SHA512 05a7be7b941cf175c280e0289627bd69a0b6f7fbf1882194a4863b808dcedb2e5b0415662691f16f781c90c2e45cc69781e475df9a6226b505ec4e0c7022005b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 19d756c975f2b9b550874191fb8ac2d7
SHA1 c06fa3ea2d3db0c881ec5d0f7eb6d74bc3639efc
SHA256 ddca80fde8275fee3ca037196577deaff3cccc59170781fe85a6373007ffbf59
SHA512 acc75421e883bf0dde9d18f58aa833f988582e047cdbd256ef6f65c4b92a07f87186529b49fc43838d3d5a99a408b62c8420fc452a77cae27b5cff1132f84d3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c023.TMP

MD5 ada1cb421b2fd98531979942481f2b56
SHA1 b90436b39e8e64a107cd7a6879108d6ad3670ebc
SHA256 22f8430b6dad79c8dfdef8bce4aed79225492e35a596368e9971454e1ba7f745
SHA512 ee3bfc36624a6652f3e13de9a925b85dba8b5f0648bfc65bce1eb356b6ccf3489b5a9da429ef64db4d60c8992be54940c5c594891bd4a7d79ad0084fa062aa72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2204de6b195a912cde2762a7fff4285a
SHA1 aac1485b625eb021ab4875cf49562761df5d379a
SHA256 e14b9a093dee64bdf86fbb8fc5eacc18924c5929e8c7dd90645e1d2878070c56
SHA512 d6187cbe2f7f4b930a9cec38e27f21658ad3b6fbaaf12c8a1d113a469d23b39a134434da899d454d22128f917e7dce12ea2210a89c62dd6fd85905c1cb0d0e2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\091992996635d2f4_0

MD5 dc21f6bbde05195cf920cfb43a779063
SHA1 d8caeb6e2ab497573b52f7c167bc5f9a7b950657
SHA256 7455acbfaddbc8e1363309f02e6864c3ceca92302c665d32ba08723e96b1f5be
SHA512 5addb4794a029156b1e575b378c5b57569b92b8fd283a51b3249d0ef9c201b4e824310e223c93bd88489a50c6f7699a99e7e5ee76b0bafba68ce3ab43d1446e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 49e312f6faeafbe49fc28f2a5345a127
SHA1 69028a8a2f7dd4e185ca53ddc8b08e8083851798
SHA256 0c91c52faf82d6f657f59d54d0f9884345e98320e24ea84602ac72072d4246e6
SHA512 ff28e0204712ec17e3f7192a8017c376714372f41690a7406ff346a7999e1cb2e2201c6cf8351f29d1bba2774b7da5ede538697b9184ae45b35993c2562e4302

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7b4b1f29cb1f86a4947a9ff4605bdb11
SHA1 30d770f425840556417d8c05db856e2771fccbed
SHA256 704f853121b920c95b8bf3f5d189b5f5348555c4f4f7ffcde165b843f3b70449
SHA512 6094376bb70846675177db4441d52efb6c03049f74b0458b9ec095c262c4c6e8489e8835c7293ab7f9c454ffefba3f2a30ad6b0e81187b8afcc5e90f71b35fdc

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e4f4d5d62a1ed871acb38a562c793010
SHA1 5089e8117ee992749d222606fe48e4b959370de0
SHA256 f3a630769958ded5cec82ac4d2242d4810be343a88642a9d229645c71e5751a5
SHA512 12724b20708fab3a34d1bd5672d7856a967301cb082abdde50c424dcc7bc5abf82723ce0bd2170a7484df64eb7c1365d21ce1cb001655dbc33ede53b93755bc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 aa16aa124823bf5b0ee8f37af3373d58
SHA1 86ad5769003dc238563a35897561963106b13f06
SHA256 adda4af490b12dc0783fe929773339f9d4d18e6674c1e7b678bd0eb8756e8d70
SHA512 8076806b16f3a8b5af0aefb875ab8f559fc545bc0ffe58e1476dc3eacb17f5a053497d82d7258a841fda3d1b3384a78b90fa0bb59c9882893f0b9016d7346bc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7b0718cf36f292af213204c49dd7540f
SHA1 9829d6dcabec3f7fc8226106e973b9f041104d26
SHA256 9e8cf39d49aa86cebe3fcfef379a181f99eb9e3f295159d70a05106e18fd84f0
SHA512 eae78e768b367915fe37e77def05b0fb2817128f9064405f241bb86f398c6666630d3059559c2ffd0636020b81150598f0df3278c23e92d55b8826871b4f268f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c84a1dcf-c379-4b3a-8215-80e4712a10db.tmp

MD5 1f6863bbe8325ccabad110a529e1493a
SHA1 d78fc6a388a00272c5e743c50d748237f3ab2ce5
SHA256 4d818dd65f916b67a925f6d959c5d7967a5c4ecbc643fbd3f597be9959fb2c3d
SHA512 be1512e7e0651651234eb70228591b6e24496ce05181e86dc3fbf52772f8fd31f32a88635d0b4650f5a72f25c2a7b90d68b8be49d68b82fe237e33a6ca8f18e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f4ab91be116c1ac1d573343b13f1326f
SHA1 e44b2883a163a514b1bcb80e8094f315d37ac40f
SHA256 8618813c3a15390f58be56b8c4208312388eb7a26a7fc6b4e99be1848687245d
SHA512 e3deadcb43fc3ba377891478802685a465598646c4da05c1a3f2b491749d1eebc02d13adc615855b261256dab41dd66e1f0915fca0d4d4d32f6f983916e779d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dd218d47c65510e610d08b960440af11
SHA1 446aae9eb028f98d8c903359d1fc9355030d4ce4
SHA256 74e37fb914001abcb8e54f0a37bdcb3d7cf6ce489e705e3625f0fb5f484f57d4
SHA512 bf2bc8dad8eb41acee45c24e19624f466f4ff87c1970d7cccabbcd8a1abd4e2e01996c9801b788848c396aa358cf44da3e69e3f8009971c6d808bcdd00573cbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 007533bb5aa1d9fe9387f17bab14227a
SHA1 a372c8f09c2dacb0bdd7e65c77299a5f72152987
SHA256 8604c83199fe248ba4369c6b1b7b1b8caaeff660a424513e5a2627086056346d
SHA512 95c1ca863779d464e412195a77a9809558da2d297ce4915e55b6f8ea0cfd6f78f185e9d4ae29dab3214c83f06e6df3bc933d8c49ad9b08b1c6ec7efc689e311e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 62d748dc8c0d81ab4327c7480b749b43
SHA1 aad8a807d8f73d498f7f7f1ed3671d79bfc9a893
SHA256 8161e852344c3290baf58f038ff3c23070dd3e35096f9d9466e8ce3870bb4dd7
SHA512 d04eabe2126b6b1e9c61b2984f57a5dd8bdb884566743914587150d58ec542a735897e36b728fe189b898a5a46c642e0ad1e5ccb77e403c7a8e000ff53a1c90c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e5514ec97c36a128b2462bb5d125d446
SHA1 d205f47350141d9f1deb79c0e5237abb494607d2
SHA256 28d19a614f3b9eff82fc1e44b321780fe5691045052497fc83a6e73471415fa4
SHA512 47ba537e2e6628036036e3db393ff4b04e65566f8bec9e01c80e87af066b0f3f12e35790732ae3eaffab44ff8c21f20ff2ec615293f1966c305428b288be61d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 009a0fba66767a0b8e1539b30242d21e
SHA1 97e0941704858bf02bc962cb5abd5cdb2b4cf3ed
SHA256 94b93e140508fd7a4b59b9f3b2d40bf2901952e7150864c5e376db76aa294035
SHA512 a2d8419d352783d07c13520f882f70c2c86aa857d466c4f33ff70a24d590dbb44a4792e90895a685d36864da34895a71b9775324e89522c30b557dc15590fad7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 89dee8054017591f723cd1773d7e28b9
SHA1 99cdfb966c8feace63935c7be32f442fa52f7721
SHA256 a7d86c02c237a75c98d3e1199b9b77ce836e388c480d508e1351ef6d9b0f454f
SHA512 ca050fd4e84684de504b8bf7570e5ec07c9b03274d59eda26abbaefda87f5ddfe81d26042bc70ac26517405789f18968dad34f7155e631d4065f76c9ac066940

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 198f6ce19374f13e265cdc8844617ee2
SHA1 cea6f60f9f7754f731be9696c6fa75ea871905b2
SHA256 ace82ee2a24ee3d9d4cf4a2a99c5a2feb2dcc7f97d48b92fc2093f23d7f8c704
SHA512 f1658485ec7fa0508d66ef7c4d77271c252b64c60074ec668501ede55fdd915b228211267e5d6e2b0a751976e5d3214327c15297c368fd3022ffbfa6cb4b1073

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ed6c8a54cf5276680bc29d52180c5a48
SHA1 91ac3b41c7b41ee930e68c831676c917d146344e
SHA256 4181ab0ee98f97a64d943c228548987bd37e789b63c1ee32371839297506fa08
SHA512 abfc019856ca3908ec9f7221a7954220b03e5e42a87c285ccbd00fd9bc0e524f69748010962973cc0b53de0bdf432d9f89f56776f769cbea17768b5f918192cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0e4876bbb34aad35f541c3ae2fc20058
SHA1 0a748cf16aafb893c46826794dc5f3dcd2c38679
SHA256 a1dee7388e438731a8a87f3ce0d4ecdb6b3b343fa5e9b8dddc4a5dac71e159fd
SHA512 68aee8b72d320226c0c299dea25d223ad33fb3790f5fc9acdffd457c20521281c3c6518b5027d6fe3de0636ebb16114f6a60dbc5dec4ec419ebc4a4cd0080877

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 edc3099229aa5e98f5a858c5c42de333
SHA1 5baa907c91b6bfb0f855457e7ac2d6e65a3131f2
SHA256 dd05969bb0764b60bcefe8805de1bac312a39c10df5d7b07a8455d83eacaa98e
SHA512 a1bde2f3504050e605a81bb90da712a3174d70534c7dfaa34b118055321852dcf5a1242ec4f5ba99612fe6081025c49a2e69352734472d36352974c07212a8d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b732a571ad13e939133a15105f8fba09
SHA1 eda987cf383b008bfe9b0a92e9cd285b91647ef6
SHA256 ba2125627d5cef45525dac16b9806231d53bbbf41ee985b439d1a29af6be6c67
SHA512 92526a4db15c45c1f9bc7fcbf19551d88166911d3d43200e9429536a270a341cb5d209024d34ffec056cbe21e53f89bbe0cca86aa253a04cdd198bf01ea6de2f

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-23 14:57

Reported

2024-05-23 14:57

Platform

win7-20240508-en

Max time kernel

0s

Max time network

0s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2140 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\Client-built.exe C:\Windows\system32\WerFault.exe
PID 2140 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\Client-built.exe C:\Windows\system32\WerFault.exe
PID 2140 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\Client-built.exe C:\Windows\system32\WerFault.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Client-built.exe

"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2140 -s 596

Network

N/A

Files

memory/2140-0-0x000007FEF54A3000-0x000007FEF54A4000-memory.dmp

memory/2140-1-0x000000013F320000-0x000000013F338000-memory.dmp

memory/2140-2-0x000007FEF54A0000-0x000007FEF5E8C000-memory.dmp