Malware Analysis Report

2024-11-16 13:03

Sample ID 240911-v3arqstajn
Target https://file.io/6sMcezuQw9Mp
Tags
discordrat discovery persistence rat rootkit stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://file.io/6sMcezuQw9Mp was found to be: Known bad.

Malicious Activity Summary

discordrat discovery persistence rat rootkit stealer

Discord RAT

Executes dropped EXE

Browser Information Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies registry class

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-11 17:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-11 17:30

Reported

2024-09-11 17:35

Platform

win10v2004-20240802-en

Max time kernel

285s

Max time network

298s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/6sMcezuQw9Mp

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 174908.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\BootstrapperV1.18.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\BootstrapperV1.18.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\BootstrapperV1.18.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\BootstrapperV1.18.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4144 wrote to memory of 224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/6sMcezuQw9Mp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdffd46f8,0x7ffbdffd4708,0x7ffbdffd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8456 /prefetch:8

C:\Users\Admin\Downloads\BootstrapperV1.18.exe

"C:\Users\Admin\Downloads\BootstrapperV1.18.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\BootstrapperV1.18.exe

"C:\Users\Admin\Downloads\BootstrapperV1.18.exe"

C:\Users\Admin\Downloads\BootstrapperV1.18.exe

"C:\Users\Admin\Downloads\BootstrapperV1.18.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2931027461570173477,1456206997487966459,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2

C:\Users\Admin\Downloads\BootstrapperV1.18.exe

"C:\Users\Admin\Downloads\BootstrapperV1.18.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 file.io udp
US 45.55.107.24:443 file.io tcp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 24.107.55.45.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.file.io udp
FR 3.165.113.34:443 www.file.io tcp
US 8.8.8.8:53 34.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 38.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 hb.vntsm.com udp
GB 79.127.237.132:443 hb.vntsm.com tcp
US 8.8.8.8:53 132.237.127.79.in-addr.arpa udp
GB 79.127.237.132:443 hb.vntsm.com tcp
US 8.8.8.8:53 hb.vntsm.io udp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 151.101.65.194:443 hb-vntsm-com.global.ssl.fastly.net tcp
US 172.67.36.131:443 hb.vntsm.io tcp
US 8.8.8.8:53 232.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 131.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 45.55.107.24:443 file.io tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 216.58.201.99:443 www.google.co.uk tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 155.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.exelator.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
FR 13.249.9.13:443 cdn.exelator.com tcp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
GB 142.250.187.226:443 securepubads.g.doubleclick.net tcp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
FR 13.249.9.13:443 cdn.exelator.com tcp
GB 142.250.187.226:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
GB 142.250.187.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
FR 52.84.174.75:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 172.67.38.106:443 cdn.id5-sync.com tcp
NL 23.218.48.210:443 secure.cdn.fastclick.net tcp
NL 23.218.48.210:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 mydmp.exelator.com udp
US 104.22.52.173:443 cdn.hadronid.net tcp
IE 34.254.143.3:443 mydmp.exelator.com tcp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 122.194.245.18.in-addr.arpa udp
US 8.8.8.8:53 13.9.249.13.in-addr.arpa udp
US 8.8.8.8:53 90.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 75.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 104.22.4.69:443 id.hadron.ad.gt tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 onsite-tag-logs.apps.nielsen.com udp
US 8.8.8.8:53 load77.exelator.com udp
US 18.204.36.31:443 onsite-tag-logs.apps.nielsen.com tcp
GB 84.17.50.9:443 load77.exelator.com tcp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
NL 64.158.223.146:443 proc.ad.cpe.dotomi.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 a.ad.gt udp
US 172.67.23.234:443 a.ad.gt tcp
US 8.8.8.8:53 210.48.218.23.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.143.254.34.in-addr.arpa udp
US 8.8.8.8:53 9.50.17.84.in-addr.arpa udp
US 8.8.8.8:53 31.36.204.18.in-addr.arpa udp
US 8.8.8.8:53 146.223.158.64.in-addr.arpa udp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 cadmus.script.ac udp
US 104.18.22.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 i.clean.gg udp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 cdn.edkt.io udp
US 34.120.111.33:443 cdn.edkt.io tcp
FR 18.245.199.156:443 aax.amazon-adsystem.com tcp
IE 34.249.103.252:443 track.venatusmedia.com tcp
US 34.95.69.49:443 i.clean.gg udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 156.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 33.111.120.34.in-addr.arpa udp
US 8.8.8.8:53 252.103.249.34.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 api.edkt.io udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 apex.go.sonobi.com udp
US 34.102.146.192:443 oa.openxcdn.net tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
US 69.166.1.64:443 apex.go.sonobi.com tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
DE 18.199.220.232:443 btlr.sharethrough.com tcp
DE 18.199.220.232:443 btlr.sharethrough.com tcp
DE 18.199.220.232:443 btlr.sharethrough.com tcp
DE 18.199.220.232:443 btlr.sharethrough.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
FR 5.196.111.64:443 prg.smartadserver.com tcp
FR 5.196.111.64:443 prg.smartadserver.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 34.120.111.33:443 api.edkt.io tcp
FR 18.155.129.39:443 tags.crwdcntrl.net tcp
US 104.26.8.169:443 script.4dex.io tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
FR 163.5.194.31:443 prebid.a-mo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 104.26.8.169:443 script.4dex.io tcp
US 172.64.153.66:443 elb.the-ozone-project.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 69.166.1.64:443 apex.go.sonobi.com tcp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 104.26.8.169:443 script.4dex.io tcp
IE 34.255.251.67:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 64.111.196.5.in-addr.arpa udp
US 8.8.8.8:53 180.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 39.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 31.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 66.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 232.220.199.18.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 64.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 67.251.255.34.in-addr.arpa udp
US 8.8.8.8:53 4d0e05ee03e3b27992712f97feec369a.safeframe.googlesyndication.com udp
US 8.8.8.8:53 tg1.aniview.com udp
GB 142.250.178.1:443 4d0e05ee03e3b27992712f97feec369a.safeframe.googlesyndication.com tcp
GB 142.250.178.1:443 4d0e05ee03e3b27992712f97feec369a.safeframe.googlesyndication.com tcp
NL 23.51.73.55:443 tg1.aniview.com tcp
NL 23.51.73.55:443 tg1.aniview.com tcp
US 8.8.8.8:53 cdn1.vntsm.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
FR 185.93.2.246:443 cdn1.vntsm.com tcp
US 8.8.8.8:53 feed.avplayer.com udp
US 8.8.8.8:53 player.avplayer.com udp
US 8.8.8.8:53 track4.aniview.com udp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
US 172.240.45.75:443 track4.aniview.com tcp
GB 88.221.134.51:443 player.avplayer.com tcp
US 34.120.111.33:443 api.edkt.io udp
GB 95.101.143.233:443 feed.avplayer.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 55.73.51.23.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 246.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 51.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 233.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 172.240.45.75:443 track4.aniview.com tcp
GB 142.250.178.4:443 www.google.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
NL 185.235.87.210:443 gem.gbc.criteo.com tcp
NL 185.235.87.213:443 gem.gbc.criteo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
NL 185.235.87.213:443 gem.gbc.criteo.com tcp
NL 185.235.87.210:443 gem.gbc.criteo.com tcp
GB 88.221.134.51:443 player.avplayer.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 210.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 213.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 75.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 play.aniview.com udp
US 8.8.8.8:53 content1.avplayer.com udp
NL 23.51.73.55:443 play.aniview.com tcp
GB 88.221.134.51:443 content1.avplayer.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 34.120.133.55:443 api.rlcdn.com tcp
US 35.71.131.137:443 match.adsrvr.org tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 35.71.131.137:443 match.adsrvr.org tcp
US 8.8.8.8:53 acdn.adnxs.com udp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 35.71.131.137:443 match.adsrvr.org tcp
US 8.8.8.8:53 p.rfihub.com udp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 bh.contextweb.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
DE 91.228.74.166:443 cms.quantserve.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 151.101.65.108:443 acdn.adnxs.com tcp
US 54.146.100.139:443 sync.srv.stackadapt.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 151.101.65.108:443 acdn.adnxs.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
US 54.146.100.139:443 sync.srv.stackadapt.com tcp
DE 91.228.74.166:443 cms.quantserve.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 216.200.232.249:443 sync.mathtag.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
GB 23.194.15.107:443 secure-assets.rubiconproject.com tcp
GB 88.221.134.51:443 content1.avplayer.com udp
US 35.172.11.223:443 cs-server-s2s.yellowblue.io tcp
NL 35.214.136.108:443 x.bidswitch.net udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
FR 149.202.238.100:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 sync.richaudience.com udp
US 104.17.43.93:443 gum.aidemsrv.com tcp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
DE 51.89.9.251:443 onetag-sys.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 a.sportradarserving.com udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
NL 35.214.174.141:443 a.sportradarserving.com tcp
DE 18.184.119.72:443 match.sharethrough.com tcp
IE 52.212.67.126:443 match.prod.bidr.io tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
GB 142.250.178.2:443 cm.g.doubleclick.net tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 18.213.23.44:443 api-2-0.spot.im tcp
DE 138.201.8.249:443 sync.richaudience.com tcp
US 70.42.32.159:443 b1sync.zemanta.com tcp
US 70.42.32.159:443 b1sync.zemanta.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
DE 138.201.8.249:443 sync.richaudience.com tcp
US 18.213.23.44:443 api-2-0.spot.im tcp
US 70.42.32.159:443 b1sync.zemanta.com tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 192.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 108.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 166.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 161.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 139.100.146.54.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 107.15.194.23.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 100.238.202.149.in-addr.arpa udp
US 8.8.8.8:53 93.43.17.104.in-addr.arpa udp
US 8.8.8.8:53 251.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 126.67.212.52.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 141.174.214.35.in-addr.arpa udp
US 8.8.8.8:53 72.119.184.18.in-addr.arpa udp
US 8.8.8.8:53 sync.aniview.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
GB 142.250.178.2:443 cm.g.doubleclick.net udp
NL 35.214.174.141:443 a.sportradarserving.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 tracker.open-adsyield.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 172.111.38.111:443 tracker.open-adsyield.com tcp
IE 18.203.51.229:443 jadserve.postrelease.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 bttrack.com udp
FR 178.32.197.56:443 rtb-csync.smartadserver.com tcp
US 192.132.33.67:443 bttrack.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 80.77.87.161:443 cs.admanmedia.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 t.adx.opera.com udp
DE 51.89.9.251:443 onetag-sys.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
FR 178.32.197.56:443 rtb-csync.smartadserver.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
NL 89.149.193.85:443 ssbsync-global.smartadserver.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 251.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 159.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 44.23.213.18.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 229.51.203.18.in-addr.arpa udp
US 8.8.8.8:53 35.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 111.38.111.172.in-addr.arpa udp
US 8.8.8.8:53 56.197.32.178.in-addr.arpa udp
US 8.8.8.8:53 67.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 81.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 85.193.149.89.in-addr.arpa udp
FR 178.32.197.56:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 ap.lijit.com udp
IE 52.214.193.39:443 ap.lijit.com tcp
US 172.240.45.78:443 sync.aniview.com tcp
US 172.240.45.78:443 sync.aniview.com tcp
US 172.240.45.78:443 sync.aniview.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
IE 52.214.193.39:443 ap.lijit.com tcp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 39.193.214.52.in-addr.arpa udp
US 8.8.8.8:53 78.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 104.155.46.52.in-addr.arpa udp
US 8.8.8.8:53 track1.avplayer.com udp
US 172.240.45.76:443 track1.avplayer.com tcp
US 8.8.8.8:53 76.45.240.172.in-addr.arpa udp
DE 18.184.119.72:443 match.sharethrough.com tcp
DE 18.184.119.72:443 match.sharethrough.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.133.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 234.133.159.162.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
FR 5.196.111.72:443 rtb-csync.smartadserver.com tcp
FR 5.196.111.72:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 72.111.196.5.in-addr.arpa udp
US 69.166.1.64:443 apex.go.sonobi.com tcp
FR 5.196.111.64:443 prg.smartadserver.com tcp
NL 185.89.210.180:443 secure.adnxs.com tcp
US 69.166.1.64:443 apex.go.sonobi.com tcp
FR 5.196.111.64:443 prg.smartadserver.com tcp
NL 185.89.210.180:443 secure.adnxs.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 52.94.223.167:443 aax-eu.amazon-adsystem.com tcp
GB 142.250.187.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 167.223.94.52.in-addr.arpa udp
US 8.8.8.8:53 ib.3lift.com udp
FR 3.165.136.3:443 ib.3lift.com tcp
US 8.8.8.8:53 ads.eu.criteo.com udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 widget.nl3.eu.criteo.com udp
US 8.8.8.8:53 cat.nl3.eu.criteo.com udp
US 8.8.8.8:53 17.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 3.136.165.3.in-addr.arpa udp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.9:443 widget.nl3.eu.criteo.com tcp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
US 8.8.8.8:53 csm.eu.criteo.net udp
US 8.8.8.8:53 imageproxy.eu.criteo.net udp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
US 8.8.8.8:53 15.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 6.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 162.159.133.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.134.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 234.134.159.162.in-addr.arpa udp
US 162.159.134.234:443 gateway.discord.gg tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 983cbc1f706a155d63496ebc4d66515e
SHA1 223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256 cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512 d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

\??\pipe\LOCAL\crashpad_4144_LVMLVLFQOTPRFIMH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 111c361619c017b5d09a13a56938bd54
SHA1 e02b363a8ceb95751623f25025a9299a2c931e07
SHA256 d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512 fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ea2fbca2089c57d88f13e753d4de702d
SHA1 ad77d1129f0739e3d9fdbc59a84c70d439f729a2
SHA256 143fda9c3bf3383d5ac9f57c1c4fe61ea1f7c4dd03e4ed4973d9307fd4478501
SHA512 720a16bfbaef1d35ee1a82dce33ff8ec52d3758db9391c7128ffa715b5915ec79f98a5b2ae2661c10bd345883dbb9cce642c3e27b8824faccab9794970ccdb52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 deede2d632369d5c0f95fded90906268
SHA1 63512bb1de4bf199c94eb66bbb504f8621814d79
SHA256 05b05077218b3fb6594f5b9de1b312ed8611620d20acc102e0e9b74c918f7c87
SHA512 68ba89e0b8e7b043ca28f6cb8554042700e159f5013e4f4bb57eac743bde307cb4698e795f8dd7a9d8a9c9e51160e2b5afdf58754cf446fd7b28a70e4af8646e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6e2872c6d86d28bd31b716c58b5d1e75
SHA1 a032e602de88de920d80deeebd4a6a9ce6af12f7
SHA256 287b9537d99a4950a0b61e6808029a6e93aa76634cc11d1c8a13c69b5ef998c4
SHA512 801d0b9084def580feff838611a26ab7f584b96362a409f00e7b5b63e53d20267de2ebd21d8b64646c8e524efb2566ec7bb8b636fb3beacdde7be3d4ca9bc33a

C:\Users\Admin\Downloads\Unconfirmed 174908.crdownload

MD5 f1f47d4cd19d07ac078ed5f9a51ff46e
SHA1 8594a3d64885e3544434abebb2a3c199130a332b
SHA256 0279834e3a8560616fa6078c8691b970c3f7fada6db8878b9d62a2570b723fd1
SHA512 50580ee4dbb17141542c54baaf876e4c4a5648bef699a1bd170389589bf6542ab8c19b7a4168c710dbad72799783d2391bda39e702fb15debc5fde8fef84899f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 434ede79176d2f7fc89dfebc4ba2568d
SHA1 ea10d98e8d7dcef39ec9d354591cd4d35b957e0e
SHA256 3172f14437c146fa750b6a671b8bf14c0bab032daf5e9c6025daf2b5fa7f58b0
SHA512 128b13b0ea15f04a1943f87ba2885359967d3baab34984e77d5654958364129a1c28bff337c0b521b29fff5b9d70d0f546f4dd4b898400d796a57c6d20eae101

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d4b5.TMP

MD5 da5a613dfd120307f27b073df4132fb1
SHA1 95a830ddab5e66ec48093035431bd0bf4b9ef61f
SHA256 d7f1199c201d7e76c52e27d5c771cd8d48dbcabcae70d9fc74921e0dee7cda4d
SHA512 c55cbefa126b9fb2b739bae64979c65983889a34f3354b86110344639e5c30f7adbc71eaea8e39de70112dde616b636dcef96539cbe71a0fd1c9eb69bec08c85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fc6c744fb8f6919f317833c43dae32e1
SHA1 3b1393ecebdae2940f9a7a0aead4189b6804f560
SHA256 24ac5865f8b390813f9faeb8ba1717a2e5fd959e6b8bd8b71a079a72469a5b7b
SHA512 271f64fd02ce67b76b47951aec47a5802bd6f1a611d2ef0d9af6b182613ef8d7fad6929dceed5893e68afecd2fb03926c6539c962a1f0dc804d015f53890ab21

memory/4864-274-0x00000286E88E0000-0x00000286E88F8000-memory.dmp

memory/4864-275-0x00000286EAF90000-0x00000286EB152000-memory.dmp

memory/4864-276-0x00000286EB870000-0x00000286EBD98000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\db8d6e49-9774-4e33-abd9-df6da65851dd.tmp

MD5 c9e1854bfa042efb02859056afb11eaa
SHA1 814883133864b3df5242f802d389007856696817
SHA256 4ffa904b4bf3118fdfd9e6283b348b51de53ec9b933c917350f57dabbf51b045
SHA512 f1dca8f21edb8caf6f2a90e73b39a7daad3a78c82f59faf05dfeaf11ff56347ec33198b0f298786f180ff67f88be9e4d70739d5b835e93db1f553aa2a9b0b8b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 873c184150306bb823642e10ce2cc69f
SHA1 1edf229a8e1b5f89cda8b1fea730a039e99b8c82
SHA256 4d2b7ff4afe33f91d9570896d9e0e8079955ff19ad7a36d30bde94378baeab04
SHA512 04d56cff37239c10914d8755f60017bfc16eec21a48923544908d19c5d0fca59278005247b0bede93561fb28b2e7724d41ed03724aaf217ee9c62873be7fd3e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3b2108d713d99763e17b5549ab7db2ed
SHA1 41bcf126932dc5f1597e0a1e58cbd039691435e0
SHA256 76538a65b16fb040020f3d57a1f56b4928be35967d41f3dfc92ef77f49b8a2c5
SHA512 9ca4619867a94a25fa19ab72831823f31e58a05fe9fa08d8f61a9f44e2e959aa291126706dd17476f9f35913fa058621d2740112ffd809a32778082e6fac68a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1de692c0829263edb82e479c5793f6c3
SHA1 f25bab2b366a37239bc4d9502a6d94a67b6d086b
SHA256 7e17d8187186af8e2152f6251f0400666494ae118bfbc6e2b2203f81c96b908c
SHA512 eae02a7885271e3a172664ee4bd6be2f28c3bc549cea11b76a1f160817bb0895e90421516b2d5866d990b097a63238d078c7e8cf2ce35158597d564c0d8ab43d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 485ba57ff3002dd28a70081ba60f81ae
SHA1 022293ebde7165d9a28e41abb40635bea6622dd3
SHA256 7717f9ff2062f0eb5fb30ae127fa8016d1175f567ee18d70b8c1a3ec4dcbf014
SHA512 b7b87f87de0b0a18cab98f5a3b35c1122e69d52b85d540fca4c67da2e48e23166b7168f458b1478337a0524a46c45b635df98343c9169b44366651f3ead3ade1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cdaf8768444df47cecfdf8c0d364b47c
SHA1 d06f01d83816f015b860beea785f0010a64c56d9
SHA256 c2da63c7c792c29a1574b633546945455c17d8959014bfbc321f4093e918b73e
SHA512 cd5bb84900d305b9403a8821ee8023e18d1e633e34ccfc13345a6339f59e41fbe36e15a83d1029b24c42bc461e3c6f81e4e50da8a8786c0a795a6db5050c2e41