Analysis Overview
Threat Level: Known bad
The file https://file.io/CvXNt2ZDzqBV was found to be: Known bad.
Malicious Activity Summary
XenorRat
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Scheduled Task/Job: Scheduled Task
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-23 09:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-23 09:58
Reported
2024-06-23 10:07
Platform
win10v2004-20240508-en
Max time kernel
569s
Max time network
570s
Command Line
Signatures
XenorRat
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Fn_external.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\XenoManager\Fn_external.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Fn_external.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Fn_external.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Fn_external.exe | N/A |
Reads user/profile data of web browsers
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 = 5000310000000000a858985a100041646d696e003c0009000400efbea858bc53d758444f2e00000076e1010000000100000000000000000000000000000043dd8100410064006d0069006e00000014000000 | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 000000000200000001000000ffffffff | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 7800310000000000a858bc531100557365727300640009000400efbe874f7748d758444f2e000000c70500000000010000000000000000003a0000000000070de60055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 = 7e00310000000000d758594f11004465736b746f7000680009000400efbea858bc53d758594f2e00000080e101000000010000000000000000003e0000000000255257004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000 | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\NodeSlot = "3" | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\MRUListEx = ffffffff | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Fn_external.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Fn_external.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Fn_external.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\1\xeno rat server.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Fn_external.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/CvXNt2ZDzqBV
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9cb046f8,0x7fff9cb04708,0x7fff9cb04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8688 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8688 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8400 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\1\xeno rat server.exe
"C:\Users\Admin\Desktop\1\xeno rat server.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14472286735251931522,5456086560849977899,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7196 /prefetch:2
C:\Users\Admin\Desktop\Fn_external.exe
"C:\Users\Admin\Desktop\Fn_external.exe"
C:\Users\Admin\AppData\Roaming\XenoManager\Fn_external.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Fn_external.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "svhost" /XML "C:\Users\Admin\AppData\Local\Temp\tmpB185.tmp" /F
C:\Users\Admin\AppData\Roaming\XenoManager\Fn_external.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Fn_external.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "svhost" /XML "C:\Users\Admin\AppData\Local\Temp\tmp36CD.tmp" /F
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | file.io | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.107.55.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| DE | 18.245.86.5:443 | www.file.io | tcp |
| US | 8.8.8.8:53 | 5.86.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.82.161.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hb.vntsm.com | udp |
| US | 151.101.195.42:443 | hb.vntsm.com | tcp |
| US | 151.101.195.42:443 | hb.vntsm.com | tcp |
| US | 8.8.8.8:53 | hb.vntsm.io | udp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 151.101.1.194:443 | hb-vntsm-com.global.ssl.fastly.net | tcp |
| US | 104.22.46.142:443 | hb.vntsm.io | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | 42.195.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.46.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.exelator.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| DE | 108.138.6.136:443 | c.amazon-adsystem.com | tcp |
| US | 13.35.58.66:443 | cdn.exelator.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| DE | 99.86.4.39:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.6.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.58.35.13.in-addr.arpa | udp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| NL | 89.207.16.146:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | mydmp.exelator.com | udp |
| IE | 34.254.143.3:443 | mydmp.exelator.com | tcp |
| US | 8.8.8.8:53 | onsite-tag-logs.apps.nielsen.com | udp |
| US | 8.8.8.8:53 | load77.exelator.com | udp |
| US | 52.7.199.139:443 | onsite-tag-logs.apps.nielsen.com | tcp |
| GB | 195.181.164.19:443 | load77.exelator.com | tcp |
| US | 8.8.8.8:53 | 39.4.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.143.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| IE | 34.250.146.95:443 | p.cpx.to | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| DE | 91.228.74.244:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| DE | 18.66.102.15:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.edkt.io | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| US | 34.120.111.33:443 | cdn.edkt.io | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| IE | 3.255.45.104:443 | s.cpx.to | tcp |
| US | 8.8.8.8:53 | apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 13.33.173.196:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 69.166.1.9:443 | apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| DE | 3.72.200.123:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.200.123:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.200.123:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.200.123:443 | btlr.sharethrough.com | tcp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| US | 172.64.144.78:443 | elb.the-ozone-project.com | tcp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| FR | 149.202.238.97:443 | prg.smartadserver.com | tcp |
| FR | 149.202.238.97:443 | prg.smartadserver.com | tcp |
| IE | 52.17.245.47:443 | track.venatusmedia.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| GB | 142.250.187.226:443 | cm.g.doubleclick.net | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| NL | 185.89.210.141:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | 19.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.199.7.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.146.250.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.69.95.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.102.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.111.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.45.255.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.173.33.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.144.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.200.72.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.238.202.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edkt.io | udp |
| US | 34.120.111.33:443 | api.edkt.io | tcp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| US | 8.8.8.8:53 | c3474485c6f0a88e7448e177fa1d823f.safeframe.googlesyndication.com | udp |
| GB | 172.217.169.65:443 | c3474485c6f0a88e7448e177fa1d823f.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 67.220.228.203:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ib.3lift.com | udp |
| US | 18.172.112.100:443 | ib.3lift.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | cdn1.vntsm.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| FR | 185.93.2.251:443 | cdn1.vntsm.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 47.245.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.228.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.112.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.2.93.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img.3lift.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 18.173.205.24:443 | img.3lift.com | tcp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.205.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.213.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| IE | 52.51.2.157:443 | ad.360yield.com | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| DK | 37.157.5.132:443 | c1.adform.net | tcp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| DE | 18.196.133.194:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 2.20.12.70:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.2.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.5.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.133.196.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.43.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| ES | 23.60.223.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| BE | 104.90.26.20:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| NL | 81.17.55.108:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 74.121.140.211:443 | sync.mathtag.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| NL | 89.149.192.197:443 | ssbsync-global.smartadserver.com | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| DE | 18.245.31.16:443 | api-2-0.spot.im | tcp |
| US | 34.230.93.105:443 | cs-server-s2s.yellowblue.io | tcp |
| IE | 52.212.235.85:443 | match.prod.bidr.io | tcp |
| US | 52.86.229.235:443 | sync.srv.stackadapt.com | tcp |
| US | 64.202.112.95:443 | b1sync.zemanta.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| IE | 18.200.209.150:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| GB | 142.250.187.226:443 | cm.g.doubleclick.net | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 172.67.40.173:443 | spl.zeotap.com | tcp |
| US | 8.8.8.8:53 | 70.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.223.60.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.26.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.140.121.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.31.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.235.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.112.202.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.93.230.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.229.86.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.209.200.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.40.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| FR | 5.196.111.72:443 | rtb-csync.smartadserver.com | tcp |
| FR | 5.196.111.72:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 209.54.182.161:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.111.196.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.182.54.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 114.66.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| FR | 149.202.238.97:443 | prg.smartadserver.com | tcp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| DE | 3.72.200.123:443 | btlr.sharethrough.com | tcp |
| US | 69.166.1.9:443 | apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | ads.eu.criteo.com | udp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | widget.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | cat.nl3.eu.criteo.com | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.9:443 | widget.nl3.eu.criteo.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.1.250.178.in-addr.arpa | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | imageproxy.eu.criteo.net | udp |
| US | 8.8.8.8:53 | csm.eu.criteo.net | udp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp | |
| N/A | 127.0.0.1:4444 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_1140_PYXKMBYKBTXYQECA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7fc61f4dde064716dc8fe935b6e92234 |
| SHA1 | b9270d2f303c7476c0bdef23325e4c3654db0c26 |
| SHA256 | 6236a9641c7489c49c42714df3ac1a0b952b1e1fceec132d7f6e341d138b233b |
| SHA512 | b510abdd2016adedc94a396746542dc05ba20d2e914df120d1fc5d5fe34f82bd75090506eda83f2a34c647af9ddedd0edc4c4953c99654fbf7de9af3bfb2ca61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dd58322e487d5a0906427bfeba63d847 |
| SHA1 | 26af4450e036d1b65e7366730c8f4adbb98b1550 |
| SHA256 | ae04008f1d2bf0acd98e7a2ba7550fdeea48a3e0a2fd2705c7b1735335e8aaca |
| SHA512 | fedb1f601fe529d9b20710167cb7bb9ea2b4cc25a19e1ce6a20575cddb1fede17f185e3dbd852763a7ed42aa9f33a03ed90e4c352a835e44d5638c0b894bea59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf7779376216e44fbdd01eb2a7b0ef87 |
| SHA1 | 27b850411225ab0fc86b78a57fb43f17291b2ee3 |
| SHA256 | e24324505add2670c13caf4f34f5281311dfdc1d72d3d8d1919ff8af3e4984de |
| SHA512 | 45047dda489ca870afe0d3103bc52219ed3d248532ec427e40a26b64c5747eca999905b17405568b35902dcb9497b140df2a41d2b754d55fda6af22c39bf2108 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\Unconfirmed 107236.crdownload
| MD5 | dd9b0d0432b4d536edca205b80910cae |
| SHA1 | 2b5b16fd916029c5956f5bca9d5b50c0c157f8a3 |
| SHA256 | 66183f9ade19371ec4146b09ef35bd524c9e3fb1304fe39a9bf087a0b7f05368 |
| SHA512 | 4d38589c00e28a17af6463f4f1e6a94f1b5504af06d75c2f4f66fcc11c02439742c383d366d7d7f1d83ac7f9c5082b5f3ccd788bba4828d6a8e686c13b47eded |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 664e74a71e829c27cf5880809868e07f |
| SHA1 | e4a28deaa5dd81a659ab7d3ba3aeedb04d4e1af0 |
| SHA256 | fe4fa4443c34a13618cb5c9fd64c7cd51c2373bbc52eb049b36cbf82e2828e39 |
| SHA512 | b15b94a3c25ac78d3da1e0577f1a94643902d207b6884493116ddbf035c715ffcc19657ce9d9ccd9b59e0508ac7ad1b62a6dde3c6942caf52db7c5c2a0e15fbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21fd502cb0613affd25aed00cee293e1 |
| SHA1 | 12271858c5105e018e49ec7fcaa5e507de78683e |
| SHA256 | f6bc7adfa96adad6997367c4d1859d41df7e2f9d1430e862edca03d88d4740b3 |
| SHA512 | 4aecfd3a62236092a8ee191492d20c5b06cf73ce814d72fe5475cfa2db32b4cae917729a8a54f2c6e8ae83030ad2bfc12a1b81d2aebd2c3e3295524f7633e41c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c1dab6d8104130ff1d6c7e6b8f93a0fa |
| SHA1 | 0dd0d3d28df490c0836f8d243c52171bc7751958 |
| SHA256 | 84e07697f291ab6096c4749e6d879ac48a8bb13a13106403293c5c8b65b29885 |
| SHA512 | ace8c40830622f12c9c45387ec88e093ab24502df9c969e11409dd4d8921ad1e7852b388a62fc54ca1706982780e8dddadab81e837bd7eb2ddef941feda58c42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c1f8.TMP
| MD5 | 8b771628ac47ebc55806c817198cad73 |
| SHA1 | 26dd21467f211ad5ed1e4b6fa5ddcf834a1ac4d2 |
| SHA256 | 6bf47344fc27e74cd00a166f82c3afcdf6ff5523c7582265f5437ba1eb4b5970 |
| SHA512 | acec1c756ec013d4af843d0ceb60280142e1b8f8d7f94591d6508f92f860df6eb44c846bb31c7e2beea329f818dbca492b23905c996ebfcc72221638ab249cb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 52ba583ae8619698ff603445dd636998 |
| SHA1 | 560970fe60e337fa96627839ea4f224841c4912f |
| SHA256 | cdc52562aa51e0cc254faa8eb81600b98372f24f2ac761328766febdf8177691 |
| SHA512 | b387aa9ee0b49f6d1f0865a44578f26795fb6b13d56af71e2f62b56159391c59364099bff5157630c4c4c62bdf86d45be03d32f34babe05558ace2da4d4f5f05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0545f25289971994725e5996222d99d1 |
| SHA1 | dedee5131ba56425865db737bf43e4b5da2ed1f7 |
| SHA256 | d3924f24095f6240b54480e3d49c9804a45e662813b7e5856ce9a2d30b7d6879 |
| SHA512 | 429a7d21944b568c281075733eac7a51d9e3a49324c20a50fc1cd7ff6221b78b9c08e3cdcd9426a56643dc2e3c441476dcad7ef25a3a503d1eabb49b7237ea0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e307d8db94f6b331ed7af77b15e5c894 |
| SHA1 | 9c712a9fabcb02e1464ef67adf56f55cd8fcb147 |
| SHA256 | 3612f7b43340ecf29c8346f0d1cc2f2c688efb3081624234208927825ab4ab10 |
| SHA512 | 548c81da7c43f9ef33fef3f3ff7d664ad31bb653a12c6b7d368ac224079f3e876c61f26cd9a139ec1fa0ad843ee366cfb59cbae9963b8bca4eeb965913a9ace7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8a002cc23ef461fd6330e835baa31f1e |
| SHA1 | 534e5f65bf64e0feae366e72f29a67e573ed6cc6 |
| SHA256 | 819567fcfb0996c30dea7eaaf7d3a8944425cda147b959aeea9591cc4c7a27df |
| SHA512 | 87e49bb5b412f88f4b3eb9e44ccce1d32a6de63de775e6381b2b5f1fe3d1b2181995e2cc987dedcdb0e1a947a03ee23b3149ad12f85170c8ded6509527e35df9 |
memory/6568-308-0x0000000000BD0000-0x0000000000DD2000-memory.dmp
memory/6568-309-0x0000000005DE0000-0x0000000006384000-memory.dmp
memory/6568-310-0x0000000005830000-0x00000000058C2000-memory.dmp
memory/6568-311-0x00000000057F0000-0x00000000057FA000-memory.dmp
memory/6568-312-0x00000000081E0000-0x00000000081F4000-memory.dmp
memory/6568-313-0x00000000082A0000-0x00000000082BA000-memory.dmp
memory/6568-314-0x00000000082D0000-0x00000000082E2000-memory.dmp
memory/6568-315-0x000000000A1D0000-0x000000000A1F2000-memory.dmp
memory/6568-330-0x0000000008330000-0x00000000083E2000-memory.dmp
memory/6568-331-0x0000000008400000-0x0000000008754000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4fa00d4b04e9db10859ff96067071dce |
| SHA1 | 67387c35a02174287bcb3bdca734249d35f3a29a |
| SHA256 | 08a93ad5aee3a8b022ad308e5b9f8559f9afe5cdfe804ee42b94d8b5c91fb060 |
| SHA512 | 92176f11d4cad0b81c41e7d5fa99be57031a668be754a2f2545c4cca697ddda6131ab061f7d5366fc6b2fecb128afafb15c843a1386d997f9a660fa3b7960f68 |
memory/6568-391-0x00000000012E0000-0x0000000001404000-memory.dmp
memory/6568-392-0x0000000001420000-0x000000000143A000-memory.dmp
C:\Users\Admin\Desktop\Fn_external.exe
| MD5 | 270d021669c690f3fabb5ea0f6a56708 |
| SHA1 | 468bfd1567d662555496fe3b2f150c37085b83e5 |
| SHA256 | 81a930e51300872f737fa46b95ca34f5bc81a87f4ba19cbcf4d45947e7229960 |
| SHA512 | 81f0c12fef3261f3b38d19ad02067496492a47b418ad93bc01ed07f2253fcce3ab7010bc858b51d3ac4db148a3c68fc735877da35ef749706ea4b9e17befcbc6 |
memory/6488-406-0x0000000000D40000-0x0000000000D52000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Fn_external.exe.log
| MD5 | 916851e072fbabc4796d8916c5131092 |
| SHA1 | d48a602229a690c512d5fdaf4c8d77547a88e7a2 |
| SHA256 | 7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d |
| SHA512 | 07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521 |
C:\Users\Admin\AppData\Local\Temp\tmpB185.tmp
| MD5 | 04dce4057e5ae45a8b1fed6597599e37 |
| SHA1 | d293cd66c2e1a33398ead7197af43b52693fd59e |
| SHA256 | ea23d2136d781f34823740903be7830e80bdff971e0720c15c98bb4dac960b5a |
| SHA512 | 9c4489f53a2607e5132242f83b8b6ed4342e57e456c41e45a80510fe03280bc404d0e8d26b648f22df3062d3b4f0b7aee10e3300c482fe9d47cb7fc6d08186cd |
memory/3604-422-0x0000000005420000-0x0000000005486000-memory.dmp
memory/6568-423-0x0000000009680000-0x0000000009692000-memory.dmp
memory/3604-424-0x0000000005A10000-0x0000000005B0A000-memory.dmp
memory/3604-425-0x0000000005CE0000-0x0000000005EA2000-memory.dmp
memory/3604-426-0x0000000005B80000-0x0000000005BD0000-memory.dmp
memory/3604-427-0x0000000005C50000-0x0000000005CC6000-memory.dmp
memory/3604-428-0x00000000063E0000-0x000000000690C000-memory.dmp
memory/3604-429-0x0000000005F20000-0x0000000005F3E000-memory.dmp
memory/3604-431-0x0000000005FE0000-0x000000000607C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5dc12dd7dbed1ea2fc623a2e9d3dc5ca |
| SHA1 | 508ac075fcf68634454d50ca763275782d465aef |
| SHA256 | c28b25106e057ffe7193e8b193d5f2d4d897b6376d2948bcb30af2f63bf47b4d |
| SHA512 | 6cfae4c0d64e5bc0d48bc8cb85f6dcd22ce05bc84770e778c0bdf31b25b6a76abbdf42c2bee23dd276e09fb2a0439f75fea5d69e9446db7f3e6ba3a03c19ba26 |
memory/3604-447-0x0000000005790000-0x000000000579A000-memory.dmp
memory/3604-448-0x0000000004CD0000-0x0000000004CDA000-memory.dmp
memory/3604-449-0x00000000008F0000-0x00000000008FC000-memory.dmp
memory/6296-453-0x0000000005D10000-0x0000000005D1A000-memory.dmp
memory/6296-454-0x0000000006000000-0x000000000600A000-memory.dmp
memory/6296-455-0x0000000004E00000-0x0000000004E0A000-memory.dmp