Analysis Overview
Threat Level: Likely malicious
The file https://file.io/ZoeSsaHh09if was found to be: Likely malicious.
Malicious Activity Summary
Enumerates VirtualBox DLL files
Downloads MZ/PE file
Command and Scripting Interpreter: PowerShell
UPX packed file
Loads dropped DLL
Executes dropped EXE
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Detects Pyinstaller
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
NTFS ADS
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-19 02:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 02:46
Reported
2024-06-19 02:48
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Enumerates VirtualBox DLL files
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\Downloads\blackstar_start.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\Downloads\blackstar_start.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\Notorious\NotoriousPRIVATE.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\Notorious\NotoriousPRIVATE.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\blackstar_start.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\blackstar_start.exe | N/A |
| N/A | N/A | C:\Users\Admin\Notorious\NotoriousPRIVATE.exe | N/A |
| N/A | N/A | C:\Users\Admin\Notorious\NotoriousPRIVATE.exe | N/A |
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Notorious = "C:\\Users\\Admin\\Notorious\\NotoriousPRIVATE.exe" | C:\Users\Admin\Downloads\blackstar_start.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 717869.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Notorious\NotoriousPRIVATE.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\blackstar_start.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Notorious\NotoriousPRIVATE.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Notorious\NotoriousPRIVATE.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/ZoeSsaHh09if
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1c0c46f8,0x7ffd1c0c4708,0x7ffd1c0c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6496 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x244 0x308
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
C:\Users\Admin\Downloads\blackstar_start.exe
"C:\Users\Admin\Downloads\blackstar_start.exe"
C:\Users\Admin\Downloads\blackstar_start.exe
"C:\Users\Admin\Downloads\blackstar_start.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Notorious\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Notorious\activate.bat
C:\Users\Admin\Notorious\NotoriousPRIVATE.exe
"NotoriousPRIVATE.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im "blackstar_start.exe"
C:\Users\Admin\Notorious\NotoriousPRIVATE.exe
"NotoriousPRIVATE.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Notorious\""
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | file.io | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | 24.107.55.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| BE | 2.17.107.105:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| DE | 108.138.36.82:443 | www.file.io | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 89.192.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.36.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hb.vntsm.com | udp |
| US | 151.101.195.42:443 | hb.vntsm.com | tcp |
| US | 151.101.195.42:443 | hb.vntsm.com | tcp |
| US | 8.8.8.8:53 | 42.195.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hb.vntsm.io | udp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 151.101.65.194:443 | hb-vntsm-com.global.ssl.fastly.net | tcp |
| US | 104.22.46.142:443 | hb.vntsm.io | tcp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 194.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.46.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.exelator.com | udp |
| DE | 18.173.187.49:443 | cdn.exelator.com | tcp |
| DE | 108.138.32.75:443 | c.amazon-adsystem.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | mydmp.exelator.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| IE | 34.254.143.3:443 | mydmp.exelator.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| DE | 108.138.36.78:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 104.22.52.173:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | onsite-tag-logs.apps.nielsen.com | udp |
| US | 8.8.8.8:53 | load77.exelator.com | udp |
| US | 18.232.190.181:443 | onsite-tag-logs.apps.nielsen.com | tcp |
| GB | 195.181.164.17:443 | load77.exelator.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 2.17.107.226:80 | apps.identrust.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.187.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.32.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.143.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.36.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.190.232.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| NL | 89.207.16.210:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | 210.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| IE | 99.81.158.184:443 | p.cpx.to | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| DE | 91.228.74.166:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| US | 52.85.65.156:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cdn.edkt.io | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| IE | 52.17.245.47:443 | track.venatusmedia.com | tcp |
| US | 54.230.228.98:443 | rules.quantcount.com | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 34.120.111.33:443 | cdn.edkt.io | tcp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | apex.go.sonobi.com | udp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| DE | 52.28.206.233:443 | btlr.sharethrough.com | tcp |
| DE | 52.28.206.233:443 | btlr.sharethrough.com | tcp |
| DE | 52.28.206.233:443 | btlr.sharethrough.com | tcp |
| DE | 52.28.206.233:443 | btlr.sharethrough.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| US | 104.18.43.178:443 | elb.the-ozone-project.com | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| IE | 99.81.158.184:443 | s.cpx.to | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | api.edkt.io | udp |
| IE | 54.239.33.158:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 34.120.111.33:443 | api.edkt.io | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| GB | 172.217.16.226:443 | cm.g.doubleclick.net | tcp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.158.81.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.69.95.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.245.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.65.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.228.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.111.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.43.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.206.28.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.168.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.33.239.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ab4e895c341c3578732f03f928be4218.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tg1.aniview.com | udp |
| GB | 172.217.169.65:443 | ab4e895c341c3578732f03f928be4218.safeframe.googlesyndication.com | tcp |
| SE | 23.34.233.243:443 | tg1.aniview.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | ib.3lift.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | cdn1.vntsm.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| FR | 185.93.2.248:443 | cdn1.vntsm.com | tcp |
| DE | 108.138.36.58:443 | ib.3lift.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | player.avplayer.com | udp |
| US | 8.8.8.8:53 | feed.avplayer.com | udp |
| US | 8.8.8.8:53 | track4.aniview.com | udp |
| US | 8.8.8.8:53 | img.3lift.com | udp |
| BE | 88.221.83.187:443 | www.bing.com | tcp |
| BE | 88.221.83.187:443 | www.bing.com | tcp |
| US | 96.46.186.186:443 | track4.aniview.com | tcp |
| DE | 108.138.36.86:443 | img.3lift.com | tcp |
| NL | 2.17.112.34:443 | feed.avplayer.com | tcp |
| SE | 184.31.15.75:443 | player.avplayer.com | tcp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.36.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.2.93.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uploads-ssl.webflow.com | udp |
| DE | 18.173.187.77:443 | uploads-ssl.webflow.com | tcp |
| DE | 18.173.187.77:443 | uploads-ssl.webflow.com | tcp |
| DE | 18.173.187.77:443 | uploads-ssl.webflow.com | tcp |
| SE | 184.31.15.75:443 | player.avplayer.com | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | play.aniview.com | udp |
| SE | 184.31.15.75:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | content1.avplayer.com | udp |
| SE | 23.34.233.243:443 | play.aniview.com | tcp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| US | 8.8.8.8:53 | 86.36.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.112.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.187.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | go1.aniview.com | udp |
| US | 172.240.45.81:443 | go1.aniview.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.213.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | 81.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| SE | 23.34.232.193:443 | ads.pubmatic.com | tcp |
| US | 151.101.129.108:443 | acdn.adnxs.com | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 52.86.229.235:443 | sync.srv.stackadapt.com | tcp |
| US | 74.121.140.211:443 | sync.mathtag.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | i.liadm.com | udp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 34.230.102.114:443 | i.liadm.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 34.230.102.114:443 | i.liadm.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| DE | 3.120.213.138:443 | match.sharethrough.com | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 69.166.1.35:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | ssp.disqus.com | udp |
| IE | 18.202.148.8:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| US | 52.204.22.109:443 | ssp.disqus.com | tcp |
| DK | 37.157.5.132:443 | c1.adform.net | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| FR | 178.32.210.230:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | cs.krushmedia.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| SE | 184.31.15.75:443 | content1.avplayer.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 64.74.236.223:443 | b1sync.zemanta.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| BE | 23.55.98.169:443 | eus.rubiconproject.com | tcp |
| DE | 108.138.36.111:443 | s.ad.smaato.net | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.232.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.229.86.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.140.121.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.102.230.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.213.120.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.148.202.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.5.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.210.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.22.204.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s2s.aniview.com | udp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | delivery.redpineapplemedia.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| FR | 149.202.238.104:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 104.22.50.98:443 | spl.zeotap.com | tcp |
| DE | 18.192.161.231:443 | rtb.mfadsrvr.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| US | 172.240.45.70:443 | s2s.aniview.com | tcp |
| IE | 34.242.124.109:443 | delivery.redpineapplemedia.com | tcp |
| IE | 34.242.124.109:443 | delivery.redpineapplemedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| NL | 89.149.193.101:443 | ssbsync-global.smartadserver.com | tcp |
| US | 172.240.45.70:443 | s2s.aniview.com | tcp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| IE | 18.202.254.222:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| US | 8.8.8.8:53 | targeting.unrulymedia.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 54.230.228.100:443 | hb.yellowblue.io | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| FR | 149.202.238.104:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | tcp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | 169.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.36.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.238.202.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.50.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.161.192.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.124.242.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.254.202.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.228.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 64.74.236.223:443 | b1sync.zemanta.com | tcp |
| US | 54.230.228.53:443 | api-2-0.spot.im | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| IE | 34.251.183.115:443 | match.prod.bidr.io | tcp |
| US | 54.161.232.244:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | ms-cookie-sync.presage.io | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | udp |
| IE | 34.246.11.117:443 | ms-cookie-sync.presage.io | tcp |
| FR | 149.202.238.104:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 91.130.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.43.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.183.251.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.232.161.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.11.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | track1.avplayer.com | udp |
| US | 96.46.186.15:443 | track1.avplayer.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| CL | 142.251.0.94:443 | csi.gstatic.com | tcp |
| CL | 142.251.0.94:443 | csi.gstatic.com | tcp |
| CL | 142.251.0.94:443 | csi.gstatic.com | tcp |
| CL | 142.251.0.94:443 | csi.gstatic.com | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | udp |
| CL | 142.251.0.94:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.186.46.96.in-addr.arpa | udp |
| CL | 142.251.0.94:443 | csi.gstatic.com | udp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | 94.0.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.eu.criteo.com | udp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | widget.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | cat.nl3.eu.criteo.com | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.6:443 | cat.nl3.eu.criteo.com | tcp |
| NL | 178.250.1.9:443 | widget.nl3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | sync.adotmob.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 151.101.130.49:443 | sync-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | imageproxy.eu.criteo.net | udp |
| US | 8.8.8.8:53 | csm.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | 17.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.176.137.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:64602 | tcp | |
| N/A | 127.0.0.1:64605 | tcp | |
| US | 52.111.227.11:443 | tcp | |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| NL | 89.149.192.193:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 193.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| NL | 89.149.192.193:443 | prg.smartadserver.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| NL | 89.149.192.193:443 | prg.smartadserver.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 89.149.192.193:443 | prg.smartadserver.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_3576_VGZCURFDSXFKOUTC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | da3e546b3837890a7a3676dd7f10b0aa |
| SHA1 | 86e141483cb303eb3b2c103b061273f8eea7dd8c |
| SHA256 | 24e75a62374c3ebe0de7bded73dd5e32e098ebf94766e78ad656e95782f46299 |
| SHA512 | 1a334ff8fb98aa6d182bd46cebb2465458877639b06d4087a87fc8a5994ad777cce9371e9e42113a0f1f005b895935de6b0b440fb9d40d1bbb2345269fe949e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1475a79138479ec61c1345972823a6f3 |
| SHA1 | 51b543cc563029e9566c50ba1fbe04688ecf96a3 |
| SHA256 | 33aa3459008747e578726ac7c79134ca9b43a5607c6e8f77d3aaf741dcc6e893 |
| SHA512 | 6b6b3c187ae327c650ff9c49965e8a1060f7a5b31d4763adfffeb10fdef442ce0b75145717eeef3d349cd6054db05a54878e1b9f9a18455c1be810184efbcb88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f81335a9b0f87e37fe35f50a07e28643 |
| SHA1 | c2ce632d955deddf2a3d872ebc6e077e8437060a |
| SHA256 | 400db8295ea5974e71f7d40dc4d35c5b7519c808d87941287d10f659ce886541 |
| SHA512 | 64ce023b5c1c8d7f0315f756accdef6da8cad5e05230e02b2cc9582efc7dbf8060bb1b031285580779eb39185316ce887cc98deedac8a4b116e0eb8fe6e58bd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 4322f0449af173fb3994d2bef7ecb2e4 |
| SHA1 | b6ee5c6f76b8eee448f6b4b2b56fa1ec39653934 |
| SHA256 | 0502e6e2f3fc54a30dea0eb07eb19a395c7ea6fc273321a49a4cc977a59b7cc9 |
| SHA512 | d8bae6131a5a8a1fcabb2d7efebc6cdbba27955fb77484a5d87dbce7a237c0cd5e19b74b4dad28312929ad732d3b80cf3d7f15f059c88438d0bc6ff9535ceeef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | ff2f5ca154017b946b0fb41fb689f4d8 |
| SHA1 | c8734581728346d0f3faeeea89fc589cfdbc8cae |
| SHA256 | acd5afb29d1b87e2dcb15e518283c3f8311aa3d74c3452a1c88837ffeb3c3199 |
| SHA512 | 8c23296846a123c8a9e1c07443ebe620a288c9936e18ba4643b8b1047f3fbf58dd133ad9d2edfa57a4989bafd3481a5bb36cd266d8f2fa1ce7a4e2f05633a39e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | df83944b830309f5896590ca4ef1dac3 |
| SHA1 | 8e79dc6404f165191df899ee6ce554c8caee31b5 |
| SHA256 | d58fb51a43614a6cc8a60dfa05e8a47f92f47619da9dada2dd7d09d55cfd9717 |
| SHA512 | 071768ad61163f50b7c325c5a2e5905ecc7bda7e20c99071967447e81d41e8d72d0f6218220b7806178369cbd95c47726cbd1b8cfcd00f330810bbda231e2df6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57980a.TMP
| MD5 | bd9e2d28cdcefa02e84b42c8146ebd40 |
| SHA1 | 487f71339c81d065957706f510db4753895f1f6d |
| SHA256 | 087d32277ac92ac8c281879b10358dcba03553c00f8075a639811b7182a12823 |
| SHA512 | 80b155f097deefb77651495cdd7df80049dbe95d5fc8d1e9554549e5028d2e5eb71f0706a9f19e56dd7ccabbc105b4a6e941609231c53058529e6c1fe37b82a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fe18a8fb289ed204bc5fb06573999b5c |
| SHA1 | 87c7db9c54867efe98b3092ed037dc6cf79a4775 |
| SHA256 | bf948261965566eeb59943d75de906f04066090486d49e1a5fa5bb80093d1819 |
| SHA512 | 55319f0d421d0bce058bb8ae3125d264301c2da854b623c1b6f1ec95962d3a4041f2d4cbba95390da0566b735752f272e4dc1c227733fc31859c2c6c31e5fe42 |
C:\Users\Admin\Downloads\Unconfirmed 345250.crdownload
| MD5 | fe8e90d9f4f02701c2de747d6a5d8915 |
| SHA1 | db1cdec62475664eaf364c790b7cd13bba740c15 |
| SHA256 | 849cbc1c2971fb5daec296fec29d2d4684ae919b16f0a1796a0caa2887d7456b |
| SHA512 | 90a7d42478cfed3f0e5cf4a939405a5ddb28300ba36e5f4aad8d0e7a5511a787cc69955bafa16119db36f959126fb10939bdf84608457062ba73409c2db63be9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5cbbc187aacb2ba74a2e35a1831540d0 |
| SHA1 | 6ce6a6c0bb14b94e3300689fa3459638facc2a70 |
| SHA256 | 27c150b1ea0dbbaf80e9ca3a2bef6171b12c768773711e6fad3ee2ba02767406 |
| SHA512 | c50225fa1f6695bd18d395d5727933abf22fad204d2a6c33f4ba3a31df67040e59480d4a7cb85ac55d2660343bf6a0bd6597fc0d326dc47beb78c79d69bfe3ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5e42077b85df235_0
| MD5 | c98e916ad3c483be47cb0f6b7ed47660 |
| SHA1 | 0d7403e0442dfb1d4125896fbfbd704d72cf83d0 |
| SHA256 | 850631cdc619db82616e3674d408475915f410d9aa7e5cc60da88edd545f5893 |
| SHA512 | 923f038dfb9808b3d7ccab62eefee60f2557af19fbf65e4df91dcb308e0c5af794007ab3d9d605ad1398e8624712cdfe5d041e46558b5b70121b286d53ca356e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | adadafee4d1a92f4080bebae05384ce2 |
| SHA1 | 6118ebe9d933d1ce668eb13967b424f854b2366a |
| SHA256 | 8b9948c0fd8a362e9f85543537666e6ad3c3133cbef2f8785e49ef87988ca196 |
| SHA512 | 8841f10e9de63512a81cb607fbf84a29c3eda6b79760f556463fd280336250762da88d4b5545a17aa01ed3e211314c048eafcc3b9ef8048d33d6691ff957bb33 |
C:\Users\Admin\AppData\Local\Temp\_MEI50402\python310.dll
| MD5 | 178a0f45fde7db40c238f1340a0c0ec0 |
| SHA1 | dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe |
| SHA256 | 9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed |
| SHA512 | 4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee |
C:\Users\Admin\AppData\Local\Temp\_MEI50402\VCRUNTIME140.dll
| MD5 | 870fea4e961e2fbd00110d3783e529be |
| SHA1 | a948e65c6f73d7da4ffde4e8533c098a00cc7311 |
| SHA256 | 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644 |
| SHA512 | 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88 |
memory/6976-1682-0x00007FFD074E0000-0x00007FFD0794E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI50402\base_library.zip
| MD5 | 6d649e03da81ff46a818ab6ee74e27e2 |
| SHA1 | 90abc7195d2d98bac836dcc05daab68747770a49 |
| SHA256 | afede0c40e05ce5a50ff541b074d878b07753b7c1b21d15f69d17f66101ba8fd |
| SHA512 | e39621c9a63c9c72616ae1f960e928ad4e7bad57bfb5172b296a7cc49e8b8e873be44247a475e7e1ded6bc7e17aa351397cdeb40841258e75193586f4649d737 |
C:\Users\Admin\AppData\Local\Temp\_MEI50402\_ctypes.pyd
| MD5 | 813fc3981cae89a4f93bf7336d3dc5ef |
| SHA1 | daff28bcd155a84e55d2603be07ca57e3934a0de |
| SHA256 | 4ac7fb7b354069e71ebf7fcc193c0f99af559010a0ad82a03b49a92deb0f4d06 |
| SHA512 | ce93f21b315d96fde96517a7e13f66aa840d4ad1c6e69e68389e235e43581ad543095582ebcb9d2c6dda11c17851b88f5b1ed1d59d354578fe27e7299bbea1cc |
C:\Users\Admin\AppData\Local\Temp\_MEI50402\python3.DLL
| MD5 | c17b7a4b853827f538576f4c3521c653 |
| SHA1 | 6115047d02fbbad4ff32afb4ebd439f5d529485a |
| SHA256 | d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68 |
| SHA512 | 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7 |
C:\Users\Admin\AppData\Local\Temp\_MEI50402\libffi-7.dll
| MD5 | 6f818913fafe8e4df7fedc46131f201f |
| SHA1 | bbb7ba3edbd4783f7f973d97b0b568cc69cadac5 |
| SHA256 | 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56 |
| SHA512 | 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639 |
memory/6976-1692-0x00007FFD1BE90000-0x00007FFD1BE9F000-memory.dmp
memory/6976-1691-0x00007FFD0AFC0000-0x00007FFD0AFE4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI50402\_bz2.pyd
| MD5 | 93fe6d3a67b46370565db12a9969d776 |
| SHA1 | ff520df8c24ed8aa6567dd0141ef65c4ea00903b |
| SHA256 | 92ec61ca9ac5742e0848a6bbb9b6b4cda8e039e12ab0f17fb9342d082dde471b |
| SHA512 | 5c91b56198a8295086c61b4f4e9f16900a7ec43ca4b84e793bc8a3fc8676048cab576e936515bf2971318c7847f1314674b3336fe83b1734f9f70d09615519ac |
memory/6976-1696-0x00007FFD0AF90000-0x00007FFD0AFBD000-memory.dmp
memory/6976-1695-0x00007FFD0B1C0000-0x00007FFD0B1D9000-memory.dmp
memory/6976-1697-0x00007FFD0AF70000-0x00007FFD0AF84000-memory.dmp
memory/6976-1698-0x00007FFD07160000-0x00007FFD074D5000-memory.dmp
memory/6976-1699-0x00007FFD08F90000-0x00007FFD08FA9000-memory.dmp
memory/6976-1700-0x00007FFD1BCC0000-0x00007FFD1BCCD000-memory.dmp
memory/6976-1702-0x00007FFD07070000-0x00007FFD07128000-memory.dmp
memory/6976-1701-0x00007FFD07130000-0x00007FFD0715E000-memory.dmp
memory/6976-1707-0x00007FFD1B3C0000-0x00007FFD1B3CB000-memory.dmp
memory/6976-1706-0x00007FFD06F20000-0x00007FFD07038000-memory.dmp
memory/6976-1705-0x00007FFD07040000-0x00007FFD07063000-memory.dmp
memory/6976-1704-0x00007FFD1BB30000-0x00007FFD1BB3D000-memory.dmp
memory/6976-1703-0x00007FFD074E0000-0x00007FFD0794E000-memory.dmp
memory/6976-1708-0x00007FFD0AFC0000-0x00007FFD0AFE4000-memory.dmp
memory/6976-1711-0x00007FFD15300000-0x00007FFD1530B000-memory.dmp
memory/6976-1710-0x00007FFD1B320000-0x00007FFD1B32B000-memory.dmp
memory/6976-1709-0x00007FFD06EE0000-0x00007FFD06F18000-memory.dmp
memory/6976-1714-0x00007FFD0D6A0000-0x00007FFD0D6AB000-memory.dmp
memory/6976-1713-0x00007FFD0AF90000-0x00007FFD0AFBD000-memory.dmp
memory/6976-1718-0x00007FFD0A8B0000-0x00007FFD0A8BC000-memory.dmp
memory/6976-1717-0x00007FFD0AC20000-0x00007FFD0AC2B000-memory.dmp
memory/6976-1716-0x00007FFD0AF60000-0x00007FFD0AF6C000-memory.dmp
memory/6976-1715-0x00007FFD0AF70000-0x00007FFD0AF84000-memory.dmp
memory/6976-1712-0x00007FFD0D8B0000-0x00007FFD0D8BC000-memory.dmp
memory/6976-1728-0x00007FFD06E80000-0x00007FFD06E8B000-memory.dmp
memory/6976-1727-0x00007FFD06E70000-0x00007FFD06E7C000-memory.dmp
memory/6976-1726-0x00007FFD07070000-0x00007FFD07128000-memory.dmp
memory/6976-1725-0x00007FFD06E90000-0x00007FFD06E9B000-memory.dmp
memory/6976-1724-0x00007FFD08F90000-0x00007FFD08FA9000-memory.dmp
memory/6976-1723-0x00007FFD06EC0000-0x00007FFD06ECE000-memory.dmp
memory/6976-1722-0x00007FFD06EA0000-0x00007FFD06EAC000-memory.dmp
memory/6976-1721-0x00007FFD06EB0000-0x00007FFD06EBC000-memory.dmp
memory/6976-1720-0x00007FFD06ED0000-0x00007FFD06EDD000-memory.dmp
memory/6976-1719-0x00007FFD07160000-0x00007FFD074D5000-memory.dmp
memory/6976-1730-0x00007FFD06E60000-0x00007FFD06E6C000-memory.dmp
memory/6976-1736-0x00007FFD07040000-0x00007FFD07063000-memory.dmp
memory/6976-1738-0x00007FFD06DE0000-0x00007FFD06DF4000-memory.dmp
memory/6976-1737-0x00007FFD06F20000-0x00007FFD07038000-memory.dmp
memory/6976-1735-0x00007FFD06E00000-0x00007FFD06E10000-memory.dmp
memory/6976-1734-0x00007FFD06E10000-0x00007FFD06E25000-memory.dmp
memory/6976-1733-0x00007FFD06E30000-0x00007FFD06E3C000-memory.dmp
memory/6976-1732-0x00007FFD06E40000-0x00007FFD06E52000-memory.dmp
memory/6976-1731-0x00007FFD21A40000-0x00007FFD21A4D000-memory.dmp
memory/6976-1729-0x00007FFD07130000-0x00007FFD0715E000-memory.dmp
memory/6976-1740-0x00007FFD06DC0000-0x00007FFD06DDC000-memory.dmp
memory/6976-1739-0x00007FFD06EE0000-0x00007FFD06F18000-memory.dmp
memory/6976-1741-0x00007FFD06DA0000-0x00007FFD06DB3000-memory.dmp
memory/6976-1744-0x00007FFD06D20000-0x00007FFD06D2E000-memory.dmp
memory/6976-1743-0x00007FFD06D30000-0x00007FFD06D71000-memory.dmp
memory/6976-1742-0x00007FFD06D80000-0x00007FFD06D95000-memory.dmp
memory/6976-1745-0x00007FFD06D10000-0x00007FFD06D1A000-memory.dmp
memory/6976-1746-0x00007FFD06CF0000-0x00007FFD06D0C000-memory.dmp
memory/6976-1748-0x00007FFD06C90000-0x00007FFD06CED000-memory.dmp
memory/6976-1747-0x00007FFD06E70000-0x00007FFD06E7C000-memory.dmp
memory/6976-1749-0x00007FFD06C60000-0x00007FFD06C89000-memory.dmp
memory/6976-1750-0x00007FFD06C30000-0x00007FFD06C5E000-memory.dmp
memory/6976-1752-0x00007FFD06A80000-0x00007FFD06BF1000-memory.dmp
memory/6976-1751-0x00007FFD06C00000-0x00007FFD06C1F000-memory.dmp
memory/6976-1759-0x00007FFD06A10000-0x00007FFD06A1C000-memory.dmp
memory/6976-1768-0x00007FFD06990000-0x00007FFD0699B000-memory.dmp
memory/6976-1772-0x00007FFD06960000-0x00007FFD0696D000-memory.dmp
memory/6976-1771-0x00007FFD06970000-0x00007FFD0697C000-memory.dmp
memory/6976-1774-0x00007FFD06930000-0x00007FFD0693C000-memory.dmp
memory/6976-1775-0x00007FFD06C90000-0x00007FFD06CED000-memory.dmp
memory/6976-1776-0x00007FFD068F0000-0x00007FFD06924000-memory.dmp
memory/6976-1773-0x00007FFD06940000-0x00007FFD06952000-memory.dmp
memory/6976-1770-0x00007FFD06D30000-0x00007FFD06D71000-memory.dmp
memory/6976-1769-0x00007FFD06980000-0x00007FFD0698C000-memory.dmp
memory/6976-1767-0x00007FFD069A0000-0x00007FFD069AB000-memory.dmp
memory/6976-1766-0x00007FFD069B0000-0x00007FFD069BC000-memory.dmp
memory/6976-1765-0x00007FFD069C0000-0x00007FFD069CC000-memory.dmp
memory/6976-1764-0x00007FFD069D0000-0x00007FFD069DE000-memory.dmp
memory/6976-1763-0x00007FFD069E0000-0x00007FFD069ED000-memory.dmp
memory/6976-1762-0x00007FFD069F0000-0x00007FFD069FC000-memory.dmp
memory/6976-1761-0x00007FFD06A00000-0x00007FFD06A0B000-memory.dmp
memory/6976-1760-0x00007FFD06DA0000-0x00007FFD06DB3000-memory.dmp
memory/6976-1758-0x00007FFD06DC0000-0x00007FFD06DDC000-memory.dmp
memory/6976-1757-0x00007FFD06A20000-0x00007FFD06A2B000-memory.dmp
memory/6976-1756-0x00007FFD06A30000-0x00007FFD06A3C000-memory.dmp
memory/6976-1755-0x00007FFD06A40000-0x00007FFD06A4B000-memory.dmp
memory/6976-1754-0x00007FFD06A50000-0x00007FFD06A5B000-memory.dmp
memory/6976-1753-0x00007FFD06A60000-0x00007FFD06A7C000-memory.dmp
memory/6976-1778-0x00007FFD06830000-0x00007FFD068EC000-memory.dmp
memory/6976-1777-0x00007FFD06C60000-0x00007FFD06C89000-memory.dmp
memory/6976-1779-0x00007FFD06C30000-0x00007FFD06C5E000-memory.dmp
memory/6976-1780-0x00007FFD06800000-0x00007FFD0682B000-memory.dmp
memory/6976-1785-0x00007FFD065A0000-0x00007FFD067F4000-memory.dmp
memory/6976-1784-0x00007FFD06A80000-0x00007FFD06BF1000-memory.dmp
memory/6976-1783-0x00007FFD06C00000-0x00007FFD06C1F000-memory.dmp
memory/6976-1795-0x00007FFD06540000-0x00007FFD06595000-memory.dmp
memory/6976-1796-0x00007FFD05E80000-0x00007FFD0615F000-memory.dmp
memory/6976-1797-0x00007FFD01960000-0x00007FFD03A53000-memory.dmp
memory/6976-1798-0x00007FFD06520000-0x00007FFD06537000-memory.dmp
memory/6404-1849-0x0000021426C30000-0x0000021426C31000-memory.dmp
memory/6404-1850-0x0000021426C30000-0x0000021426C31000-memory.dmp
memory/6404-1851-0x0000021426C30000-0x0000021426C31000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tciftwhk.rm1.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/6404-1861-0x0000021426C30000-0x0000021426C31000-memory.dmp
memory/6404-1860-0x0000021426C30000-0x0000021426C31000-memory.dmp
memory/6404-1859-0x0000021426C30000-0x0000021426C31000-memory.dmp
memory/6404-1858-0x0000021426C30000-0x0000021426C31000-memory.dmp
memory/6404-1857-0x0000021426C30000-0x0000021426C31000-memory.dmp
memory/6404-1856-0x0000021426C30000-0x0000021426C31000-memory.dmp
memory/6404-1855-0x0000021426C30000-0x0000021426C31000-memory.dmp
memory/6976-1882-0x00007FFD07040000-0x00007FFD07063000-memory.dmp
memory/6976-1884-0x00007FFD06EE0000-0x00007FFD06F18000-memory.dmp
memory/6976-1881-0x00007FFD1B3C0000-0x00007FFD1B3CB000-memory.dmp
memory/6976-1891-0x00007FFCFCD20000-0x00007FFCFCD95000-memory.dmp
memory/6976-1889-0x00007FFD06DA0000-0x00007FFD06DB3000-memory.dmp
memory/6976-1883-0x00007FFD06F20000-0x00007FFD07038000-memory.dmp
memory/6976-1887-0x00007FFD06DE0000-0x00007FFD06DF4000-memory.dmp
memory/6976-1886-0x00007FFD06E00000-0x00007FFD06E10000-memory.dmp
memory/6976-1885-0x00007FFD06E10000-0x00007FFD06E25000-memory.dmp
memory/6976-1879-0x00007FFD07070000-0x00007FFD07128000-memory.dmp
memory/6976-1880-0x00007FFD1BB30000-0x00007FFD1BB3D000-memory.dmp
memory/6976-1878-0x00007FFD07130000-0x00007FFD0715E000-memory.dmp
memory/6976-1877-0x00007FFD1BCC0000-0x00007FFD1BCCD000-memory.dmp
memory/6976-1876-0x00007FFD08F90000-0x00007FFD08FA9000-memory.dmp
memory/6976-1875-0x00007FFD07160000-0x00007FFD074D5000-memory.dmp
memory/6976-1869-0x00007FFD074E0000-0x00007FFD0794E000-memory.dmp
memory/6976-1888-0x00007FFD06DC0000-0x00007FFD06DDC000-memory.dmp
memory/6976-1890-0x00007FFD06D80000-0x00007FFD06D95000-memory.dmp
memory/6976-1874-0x00007FFD0AF70000-0x00007FFD0AF84000-memory.dmp
memory/6976-1872-0x00007FFD0B1C0000-0x00007FFD0B1D9000-memory.dmp
memory/6976-1871-0x00007FFD1BE90000-0x00007FFD1BE9F000-memory.dmp
memory/6976-1870-0x00007FFD0AFC0000-0x00007FFD0AFE4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 03023033b8e88a5b6bc9a5e85beee816 |
| SHA1 | b5f23e2c9c77adb860512d826a3eeae3faf0ca4e |
| SHA256 | d99743947e1472cec5d5640fbc980f2f31383d798ddefeb6bf984bb2e7a8c5f5 |
| SHA512 | fe6c30687561f9617791dc4da1a94e3922aa53e02505482b3f701f2d682df33e890180ebb7b682f1769381d13a42f9e228ce55f3ada02c066a38dd6ad777ac9f |
memory/6156-4305-0x00007FFD07320000-0x00007FFD0778E000-memory.dmp
memory/6156-4335-0x00007FFD06C80000-0x00007FFD06C8C000-memory.dmp
memory/6156-4334-0x00007FFD06C90000-0x00007FFD06C9C000-memory.dmp
memory/6156-4333-0x00007FFD06CA0000-0x00007FFD06CAB000-memory.dmp
memory/6156-4332-0x00007FFD06CB0000-0x00007FFD06CBB000-memory.dmp
memory/6156-4331-0x00007FFD06EE0000-0x00007FFD06EEC000-memory.dmp
memory/6156-4330-0x00007FFD06EF0000-0x00007FFD06EFC000-memory.dmp
memory/6156-4329-0x00007FFD0A8B0000-0x00007FFD0A8BE000-memory.dmp
memory/6156-4328-0x00007FFD0AC20000-0x00007FFD0AC2D000-memory.dmp
memory/6156-4327-0x00007FFD0AF60000-0x00007FFD0AF6C000-memory.dmp
memory/6156-4326-0x00007FFD0D6A0000-0x00007FFD0D6AB000-memory.dmp
memory/6156-4325-0x00007FFD0D8B0000-0x00007FFD0D8BC000-memory.dmp
memory/6156-4324-0x00007FFD15300000-0x00007FFD1530B000-memory.dmp
memory/6156-4323-0x00007FFD1B320000-0x00007FFD1B32C000-memory.dmp
memory/6156-4322-0x00007FFD1B3C0000-0x00007FFD1B3CB000-memory.dmp
memory/6156-4321-0x00007FFD1BB30000-0x00007FFD1BB3B000-memory.dmp
memory/6156-4320-0x00007FFD06F00000-0x00007FFD06F38000-memory.dmp
memory/6156-4319-0x00007FFD06CC0000-0x00007FFD06DD8000-memory.dmp
memory/6156-4318-0x00007FFD06F40000-0x00007FFD06F63000-memory.dmp
memory/6156-4317-0x00007FFD1BCC0000-0x00007FFD1BCCB000-memory.dmp
memory/6156-4316-0x00007FFD1BE90000-0x00007FFD1BE9D000-memory.dmp
memory/6156-4315-0x00007FFD06DE0000-0x00007FFD06E98000-memory.dmp
memory/6156-4314-0x00007FFD06F70000-0x00007FFD06F9E000-memory.dmp
memory/6156-4313-0x00007FFD21160000-0x00007FFD2116D000-memory.dmp
memory/6156-4312-0x00007FFD08F90000-0x00007FFD08FA9000-memory.dmp
memory/6156-4311-0x00007FFD06FA0000-0x00007FFD07315000-memory.dmp
memory/6156-4310-0x00007FFD0AF70000-0x00007FFD0AF84000-memory.dmp
memory/6156-4309-0x00007FFD0AF90000-0x00007FFD0AFBD000-memory.dmp
memory/6156-4308-0x00007FFD0B1C0000-0x00007FFD0B1D9000-memory.dmp
memory/6156-4307-0x00007FFD21A40000-0x00007FFD21A4F000-memory.dmp
memory/6156-4306-0x00007FFD0AFC0000-0x00007FFD0AFE4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | 099d8e1f3f8203715803f284eebd02a6 |
| SHA1 | 0275efc65797bcdbe502594f2938e215a7bfe80b |
| SHA256 | 1bfdab24a0f2ad3a40a43db5afc6ce4f97e4a4092d35768300399ab99fa07730 |
| SHA512 | bc57372f13e4f1aa456b0a77621790bfaebe35665e44bfbe5ee1fc22707ebc98c34fa0fd7679cbc793b520160dbd4c387523f645bda5e6a90edbdbc20e61c7b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2f47c06f038539a09cc3c7d7aa57f7ae |
| SHA1 | 15dc48ad2f5ad70188cb5ef2dd0464e681afc442 |
| SHA256 | 2339c5064ab89cca66d2edc616cc4da10546b7a41cebe343caceec1dbf53f91e |
| SHA512 | 64467b013be0907ed3b703a580b7247891f235e8df3a93bf7d2856f756c55a791b9772bdfc51a2071e83a88550cdb132fe812a633b44e94ebab51915b672b51f |