Malware Analysis Report

2025-03-15 04:14

Sample ID 240825-2ayfnazfrp
Target https://file.io/h5Uhqk3g8uxH
Tags
discovery motw phishing
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

Threat Level: Shows suspicious behavior

The file https://file.io/h5Uhqk3g8uxH was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery motw phishing

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 22:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 22:23

Reported

2024-08-25 22:24

Platform

win11-20240802-en

Max time kernel

38s

Max time network

40s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/h5Uhqk3g8uxH

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4784 wrote to memory of 804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/h5Uhqk3g8uxH

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9177b3cb8,0x7ff9177b3cc8,0x7ff9177b3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1828 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7794548201950870519,17523514738301771837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8164 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 file.io udp
US 45.55.107.24:443 file.io tcp
PL 108.138.51.18:443 www.file.io tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 18.51.138.108.in-addr.arpa udp
US 8.8.8.8:53 24.107.55.45.in-addr.arpa udp
US 151.101.131.42:443 hb.vntsm.com tcp
US 151.101.131.42:443 hb.vntsm.com tcp
US 151.101.131.42:443 hb.vntsm.com tcp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 8.8.8.8:53 hb.vntsm.io udp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
FR 142.250.201.163:443 www.google.co.uk tcp
US 151.101.1.194:443 hb-vntsm-com.global.ssl.fastly.net tcp
US 104.22.47.142:443 hb.vntsm.io tcp
US 151.101.1.194:443 hb-vntsm-com.global.ssl.fastly.net tcp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 104.26.3.70:443 ad-delivery.net tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
PL 108.138.51.69:443 cdn.exelator.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
PL 108.138.51.69:443 cdn.exelator.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
IE 34.254.143.3:443 mydmp.exelator.com tcp
US 104.18.22.145:443 cadmus.script.ac tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
FR 216.58.215.46:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 script.4dex.io udp
US 3.224.96.103:443 onsite-tag-logs.apps.nielsen.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
GB 89.187.167.39:443 load77.exelator.com tcp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 apps.identrust.com udp
GB 92.123.143.169:80 apps.identrust.com tcp
US 3.224.96.103:443 onsite-tag-logs.apps.nielsen.com tcp
GB 89.187.167.39:443 load77.exelator.com tcp
US 104.26.9.169:443 script.4dex.io tcp
US 34.95.69.49:443 i.clean.gg tcp
US 104.26.9.169:443 script.4dex.io tcp
FR 216.58.215.46:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 169.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 169.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 103.96.224.3.in-addr.arpa udp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 104.26.9.169:443 script.4dex.io tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
DE 3.121.186.27:443 btlr.sharethrough.com tcp
DE 3.121.186.27:443 btlr.sharethrough.com tcp
DE 3.121.186.27:443 btlr.sharethrough.com tcp
DE 3.121.186.27:443 btlr.sharethrough.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
IE 3.248.98.103:443 track.venatusmedia.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
NL 147.75.34.179:443 prebid.a-mo.net tcp
US 172.64.153.66:443 elb.the-ozone-project.com tcp
NL 89.149.193.97:443 prg.smartadserver.com tcp
NL 89.149.193.97:443 prg.smartadserver.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
US 34.95.69.49:443 i.clean.gg udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
PL 18.66.233.115:443 config.aps.amazon-adsystem.com tcp
US 13.227.146.154:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 179.34.75.147.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 66.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 97.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 103.98.248.3.in-addr.arpa udp
US 8.8.8.8:53 27.186.121.3.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 32.1.166.69.in-addr.arpa udp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 172.67.36.110:443 cdn.hadronid.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
NL 89.207.16.210:443 proc.ad.cpe.dotomi.com tcp
US 34.120.111.33:443 cdn.edkt.io tcp
US 34.120.111.33:443 cdn.edkt.io tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 76.223.111.18:443 eb2.3lift.com tcp
GB 92.123.142.195:443 acdn.adnxs.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 35.244.193.51:443 lexicon.33across.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 74.121.140.211:443 sync.mathtag.com tcp
US 52.7.6.179:443 sync.srv.stackadapt.com tcp
US 35.71.131.137:443 match.adsrvr.org tcp
US 35.71.131.137:443 match.adsrvr.org tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 35.186.253.211:443 rtb.openx.net tcp
FR 142.250.74.226:443 cm.g.doubleclick.net tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
PL 18.66.233.67:443 eu-west-1-cs-rtb.openwebmp.com tcp
US 104.17.43.93:443 gum.aidemsrv.com tcp
IE 52.16.250.207:443 ap.lijit.com tcp
FR 142.250.74.226:443 cm.g.doubleclick.net udp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 92.123.143.216:443 player.aniview.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 3.209.126.202:443 cs-server-s2s.yellowblue.io tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 67.202.105.21:443 ssc-cms.33across.com tcp
FR 217.182.178.228:443 ssbsync.smartadserver.com tcp
DE 37.252.171.53:443 secure.adnxs.com tcp
DE 37.252.171.53:443 secure.adnxs.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 178.250.1.9:443 dis.criteo.com tcp
DE 168.119.146.39:443 sync.richaudience.com tcp
US 3.222.152.35:443 api-2-0.spot.im tcp
IE 52.212.66.79:443 match.prod.bidr.io tcp
US 50.31.142.95:443 b1sync.zemanta.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 50.31.142.95:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 179.6.7.52.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 211.140.121.74.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 93.43.17.104.in-addr.arpa udp
US 8.8.8.8:53 226.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.233.66.18.in-addr.arpa udp
US 8.8.8.8:53 35.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 207.250.16.52.in-addr.arpa udp
US 8.8.8.8:53 249.129.214.23.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 216.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 251.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 251.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 25.234.195.18.in-addr.arpa udp
US 8.8.8.8:53 202.126.209.3.in-addr.arpa udp
US 8.8.8.8:53 228.178.182.217.in-addr.arpa udp
US 8.8.8.8:53 21.105.202.67.in-addr.arpa udp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 172.111.38.86:443 tracker.open-adsyield.com tcp
IE 63.35.37.71:443 jadserve.postrelease.com tcp
US 172.240.45.78:443 sync.aniview.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
DE 168.119.146.39:443 sync.richaudience.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 192.132.33.68:443 bttrack.com tcp
GB 2.18.108.20:443 hbx.media.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
DK 37.157.2.233:443 cm.adform.net tcp
US 8.8.8.8:53 95.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 86.38.111.172.in-addr.arpa udp
US 8.8.8.8:53 78.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
IE 52.16.171.36:443 ads.yieldmo.com tcp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 20.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 233.2.157.37.in-addr.arpa udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
DE 51.89.9.251:443 onetag-sys.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 172.64.151.101:443 ssum.casalemedia.com tcp
GB 23.214.142.107:443 play.aniview.com tcp
US 172.240.45.75:443 track4.aniview.com tcp
GB 92.123.140.19:443 content1.avplayer.com tcp
GB 2.17.209.148:443 feed.avplayer.com tcp
GB 92.123.140.19:443 content1.avplayer.com tcp
GB 92.123.143.216:443 content1.avplayer.com udp
GB 23.214.142.107:443 play.aniview.com tcp
US 172.240.45.81:443 go1.aniview.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
US 44.195.166.39:443 ssp.disqus.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
US 35.244.159.8:443 u.openx.net tcp
US 44.195.166.39:443 ssp.disqus.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
FR 142.250.179.65:443 36f8a2c7e16f7d11f1a8137d320fbdd7.safeframe.googlesyndication.com tcp
US 34.120.111.33:443 api.edkt.io tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
GB 18.245.143.118:443 tags.crwdcntrl.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
FR 142.250.179.66:443 ep1.adtrafficquality.google tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 34.120.111.33:443 api.edkt.io udp
NL 77.245.57.72:443 sync.adkernel.com tcp
IE 54.75.251.201:443 bcp.crwdcntrl.net tcp
US 34.120.111.33:443 api.edkt.io udp
NL 77.245.57.72:443 sync.adkernel.com tcp
NL 89.149.193.97:443 prg.smartadserver.com tcp
PL 108.138.51.14:443 hb.yellowblue.io tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
FR 185.93.2.246:443 cdn1.vntsm.com tcp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 72.57.245.77.in-addr.arpa udp
US 8.8.8.8:53 115.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 246.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 66.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
FR 142.250.178.138:443 imasdk.googleapis.com tcp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.66:443 ep1.adtrafficquality.google udp
FR 142.250.178.138:443 imasdk.googleapis.com udp
FR 142.250.178.138:443 imasdk.googleapis.com udp
FR 142.250.178.134:443 s0.2mdn.net tcp
DE 18.195.234.25:443 match.sharethrough.com tcp
NL 89.149.193.104:443 rtb-csync.smartadserver.com tcp
DE 91.228.74.244:443 cms.quantserve.com tcp
IE 52.19.71.28:443 ms-cookie-sync.presage.io tcp
DE 57.129.18.113:443 wt.rqtrk.eu tcp
US 172.240.45.70:443 s2s.aniview.com tcp
FR 142.250.75.226:443 pubads.g.doubleclick.net tcp
FR 142.250.75.226:443 pubads.g.doubleclick.net tcp
IE 172.253.116.94:443 csi.gstatic.com tcp
IE 172.253.116.94:443 csi.gstatic.com tcp
FR 142.250.75.226:443 pubads.g.doubleclick.net udp
US 172.240.45.76:443 track1.avplayer.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
IE 172.253.116.94:443 csi.gstatic.com udp
NL 185.89.210.180:443 ib.adnxs.com tcp
US 69.166.1.32:443 apex.go.sonobi.com tcp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 216.239.32.36:443 region1.analytics.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 03a56f81ee69dd9727832df26709a1c9
SHA1 ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b
SHA256 65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53
SHA512 e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

\??\pipe\LOCAL\crashpad_4784_ADVFIGMGBNWETWYE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d30a5618854b9da7bcfc03aeb0a594c4
SHA1 7f37105d7e5b1ecb270726915956c2271116eab7
SHA256 3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8
SHA512 efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 735bdc92346b9e14b4aba71871b027b5
SHA1 02b3c4a9b6a36342b7ec3e227bb65f82fbb3b05a
SHA256 47fde6ca30a8dec1540fb4b1b3b3e0f16c36658feb81a12d7050f599fdd7a9b6
SHA512 c80272044ef8bb603145dcc396d3e1c8e1deaac24e44788574a7773cc6fd56cbdcb6cf88faa977f1bfb896377f5a404afa5fbc9a9837428903458ab77fd99fd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7cd5d5338c72d6ff168bd67b5fd4f317
SHA1 e9d37b3b01a8b8e65aa652e3ad5fb57cc24aa69c
SHA256 33ebb6f5928cbd2e978306833e8b25f138c234bee845c6e93866ff1597fdd280
SHA512 e52aa40543f4f806bd25f05d5151f71cd1ed73d8ef4fc0feb63c5ac59eac8886db5d3bf1713582f915f2dfd00838431110f27dc9565eafb64752c301641367fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cce816603517b28bee9b53608630e2c7
SHA1 9b3d5d3251c9aecdc42da9517fead8b4fef0f745
SHA256 1b262298a2c6c866fe9a4f8396826cdd2ea7ec7af69f698e139e9a54d556a81e
SHA512 1495a18473ccb27c167aa526095377d4f07d71f407842321cb485bae114d185a9f826cc7a73360774622870515f4c4ba3ac1de500bfc61eaf17ef68d954ce8e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2cff7ac2399e3bc2cde0b379ef67e6a6
SHA1 bcc0224bfe93df0c163e7c5842a3c176b9a87278
SHA256 f423a814575d82fca67c4ecd8a0298579d2b054a5247ff0cafc9844abee1c8f5
SHA512 caee5f20d7840bfff9e687c10f7a9cbab1dc6ed1c2d31496dc68193269f9d5eff2a8d1f96009fb5a7dbf2ed673982bd303374467e2a900bd62172a5895cad7a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580318.TMP

MD5 64f9b0edb06b09e547a489a21c2f5760
SHA1 72a3e417efd948bc403b10c390d1b1417bcb80d6
SHA256 21683eb80a7704e3404b81969031aa5398b304c940e9b5a7c48b544366ebcb49
SHA512 c9c70f37c51904e87b9279af2a580506ba9672730554a213898b309ee28ad109e13f36ccf1dc0344e64479604ac05d3b33f8cb632ce043f56e43538c01ebb242

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 759eca8f89c3095a05a41b4d7cc21201
SHA1 059790e0a2dc509a18551b7f01acc239c5c4dbd0
SHA256 8550d22e182a409a3ac9227e221d2e1edfc5c0f0762cd2e9fb75528f8c3b8185
SHA512 f03cb2386404db4c3071b9b511e4c6c06f8886ad5aafab49d431031b13a5e47f2705b0967d9a7b47176fad45863f1eebbee9cd3e4af636d3b9dc375e27f47bb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 deb04fe2a35d2981313f891baaa32654
SHA1 69e5aaef4a2f447878824d905832a08a9c596d83
SHA256 93dedb17602e315ba495c99be747f3d5717b4f49306c55326f4570b43c9bc1c8
SHA512 8c32d572a8f108079263b9ab5230467b454518b60932db7a2cc855a350130d93db5b8f2cc5c82a9b3011e572d80d67e23c777145fd45e6467b0b2caafe92378a