Analysis Overview
Threat Level: Likely malicious
The file https://drive.google.com/file/d/14ISthpeAmUtiea-wzGb0k5rno9o5MtQa/view?usp=classroom_web&authuser=0 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-08 11:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-08 11:09
Reported
2025-01-08 11:10
Platform
win10v2004-20241007-en
Max time kernel
62s
Max time network
63s
Command Line
Signatures
Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 282444.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/14ISthpeAmUtiea-wzGb0k5rno9o5MtQa/view?usp=classroom_web&authuser=0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc634746f8,0x7ffc63474708,0x7ffc63474718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16574768549436228791,15110178711870693165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9160 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 172.217.169.78:443 | drive.google.com | tcp |
| GB | 172.217.169.78:443 | drive.google.com | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 88.221.135.50:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 50.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.143.218:443 | r.bing.com | tcp |
| GB | 95.101.143.218:443 | r.bing.com | tcp |
| GB | 95.101.143.178:443 | th.bing.com | tcp |
| GB | 95.101.143.178:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 218.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.68:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gs-auto-clicker.en.softonic.com | udp |
| US | 151.101.1.91:443 | gs-auto-clicker.en.softonic.com | tcp |
| US | 151.101.1.91:443 | gs-auto-clicker.en.softonic.com | tcp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | rv-assets.softonic.com | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.1.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.1.91:443 | rv-assets.softonic.com | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| FR | 3.160.182.59:443 | c.amazon-adsystem.com | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | tcp |
| US | 3.164.85.128:443 | sdk.privacy-center.org | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | tcp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | udp |
| US | 151.101.65.91:443 | rv-assets.softonic.com | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.160.188.116:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.182.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.85.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 142.250.200.46:443 | syndicatedsearch.goog | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| US | 151.101.1.91:443 | rv-assets.softonic.com | udp |
| FR | 3.160.182.59:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| GB | 142.250.180.27:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 116.188.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.97.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | di-images.sftcdn.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | bt.dns-finder.com | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 172.67.134.120:443 | bt.dns-finder.com | tcp |
| FR | 18.161.97.109:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | cdn.btmessage.com | udp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.7.141:443 | cdn.btmessage.com | tcp |
| US | 8.8.8.8:53 | api.btmessage.com | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | notix.io | udp |
| NL | 139.45.197.108:443 | notix.io | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 27.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.249.227.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.134.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.97.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| FR | 52.222.144.82:443 | api.privacy-center.org | tcp |
| US | 8.8.8.8:53 | cc6943d4f920650ddc44e25ac9abb5a4.safeframe.googlesyndication.com | udp |
| GB | 172.217.169.1:443 | cc6943d4f920650ddc44e25ac9abb5a4.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 104.18.26.193:443 | htlb.casalemedia.com | tcp |
| DE | 176.9.112.17:443 | shb.richaudience.com | tcp |
| DE | 176.9.112.17:443 | shb.richaudience.com | tcp |
| DE | 176.9.112.17:443 | shb.richaudience.com | tcp |
| IE | 52.30.86.151:443 | ap.lijit.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| IE | 52.16.219.167:443 | ad.360yield.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| FR | 54.192.110.171:443 | aax.amazon-adsystem.com | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.34:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.200.46:443 | syndicatedsearch.goog | udp |
| GB | 216.58.212.194:443 | partner.googleadservices.com | tcp |
| IE | 54.73.51.224:443 | id.crwdcntrl.net | tcp |
| US | 104.18.28.101:443 | cdn-ima.33across.com | tcp |
| FR | 54.230.112.53:443 | tags.crwdcntrl.net | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.144.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.26.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.86.30.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.219.16.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.112.9.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.110.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.51.73.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.28.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.112.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.201.97:443 | ep2.adtrafficquality.google | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 172.217.169.3:443 | www.google.co.uk | tcp |
| GB | 172.217.169.3:443 | www.google.co.uk | tcp |
| GB | 74.125.133.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| GB | 172.217.169.3:443 | www.google.co.uk | tcp |
| GB | 216.58.213.14:443 | ampcid.google.com | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| GB | 216.58.201.97:443 | ep2.adtrafficquality.google | udp |
| GB | 74.125.133.155:443 | stats.g.doubleclick.net | udp |
| US | 104.26.7.141:443 | api.btmessage.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.133.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| GB | 172.217.169.34:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| DE | 148.251.40.113:443 | sync.richaudience.com | tcp |
| US | 104.18.25.18:443 | js-sec.indexww.com | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| GB | 95.100.244.20:443 | contextual.media.net | tcp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| IE | 52.212.178.129:443 | ce.lijit.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 52.0.11.75:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | 18.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.40.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.108.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.244.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.vistarsagency.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| FI | 95.216.70.52:443 | sync.vistarsagency.com | tcp |
| FR | 51.178.195.213:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | bc-sync.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| DE | 37.252.171.149:443 | secure.adnxs.com | tcp |
| DE | 37.252.171.149:443 | secure.adnxs.com | tcp |
| DE | 37.252.171.149:443 | secure.adnxs.com | tcp |
| US | 18.207.14.20:443 | api-2-0.spot.im | tcp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| US | 34.1.237.230:443 | csync.loopme.me | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| DE | 51.89.9.251:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 154.57.158.116:443 | ads.stickyadstv.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 8.8.8.8:53 | tracker.open-adsyield.com | udp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| GB | 142.250.187.194:443 | cm.g.doubleclick.net | tcp |
| NL | 89.149.193.117:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 172.111.38.54:443 | tracker.open-adsyield.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| IE | 54.72.91.113:443 | jadserve.postrelease.com | tcp |
| US | 52.73.37.20:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| NL | 89.149.193.104:443 | rtb-csync.smartadserver.com | tcp |
| IE | 54.154.177.234:443 | match.prod.bidr.io | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| GB | 142.250.187.194:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 98.82.154.76:443 | s.amazon-adsystem.com | tcp |
| US | 98.82.154.76:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 75.11.0.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.195.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.70.216.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.193.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.237.1.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.14.207.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.136.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.91.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.38.111.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.37.73.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.177.154.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.154.82.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | feedback.smartscreen.microsoft.com | udp |
| US | 40.118.255.59:443 | feedback.smartscreen.microsoft.com | tcp |
| US | 40.118.255.59:443 | feedback.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | securityintelligencecenter-westus.azurewebsites.net | udp |
| US | 8.8.8.8:53 | assets.onestore.ms | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 40.118.255.59:443 | securityintelligencecenter-westus.azurewebsites.net | tcp |
| US | 40.118.255.59:443 | securityintelligencecenter-westus.azurewebsites.net | tcp |
| US | 40.118.255.59:443 | securityintelligencecenter-westus.azurewebsites.net | tcp |
| US | 40.118.255.59:443 | securityintelligencecenter-westus.azurewebsites.net | tcp |
| US | 40.118.255.59:443 | securityintelligencecenter-westus.azurewebsites.net | tcp |
| US | 40.118.255.59:443 | securityintelligencecenter-westus.azurewebsites.net | tcp |
| GB | 104.124.165.196:443 | assets.onestore.ms | tcp |
| GB | 104.124.165.196:443 | assets.onestore.ms | tcp |
| GB | 104.124.165.196:443 | assets.onestore.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | 59.255.118.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.165.124.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | dc.services.visualstudio.com | udp |
| NL | 20.50.88.242:443 | dc.services.visualstudio.com | tcp |
| US | 8.8.8.8:53 | 242.88.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e443ee4336fcf13c698b8ab5f3c173d0 |
| SHA1 | 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a |
| SHA256 | 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b |
| SHA512 | cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd |
\??\pipe\LOCAL\crashpad_3944_UEAYLTTIDWHDDUAZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56a4f78e21616a6e19da57228569489b |
| SHA1 | 21bfabbfc294d5f2aa1da825c5590d760483bc76 |
| SHA256 | d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb |
| SHA512 | c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 59107aade15e7c7eec4b94471b6ea3e2 |
| SHA1 | fd5e8ab3fae12ab9524c0b40a2d9e491654e50e4 |
| SHA256 | eef48c8086bcda5e605cda33d19c6231a3f245f5df107167b62033d61237fbda |
| SHA512 | 149d82fc375be1a3db2dd8a746b3046d2a4e6ad4c2007dff6fb2bdb9b45df5ec0b83bb26d8cb60322b5a73dcd11b9e38613769346f8df5e4754527f21a5d5309 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 371406ebe990fd45d9d5e320b5db33af |
| SHA1 | f9b431d1994f4e3b26163a8592e31e3cbabc8200 |
| SHA256 | a6fb2c709ae6c5d4881ea76cff700baf28da1c5550f73d597421570c9562526a |
| SHA512 | 9df51f8e8127ffcc17d2a250ff1305af2d9809ad57e2dbe91ec7045f7c5a5c33b92dbe516ba9eecb6da821a71533598c4c21fbf3982c52936c708679c0f05cc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | adb759c6a9adecda4069ddebc5e11764 |
| SHA1 | a5cea2f3d960b89d5dbd341b18259334d6559841 |
| SHA256 | 7cd18b60eb3bc5cc3db12c72651746e99cec59c4d0d11d5954205814b6549cbe |
| SHA512 | 3f066e1a610007311f517f69f14d48dd529e4a55e4703b4a50669bcd191530eaa37dc7a974fc69cf36b087c7973e444fe982615b22a974e8cd3f7a8368451a18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7e058e9a593b93f55a133c51d3061063 |
| SHA1 | 964118e1b77f877618aba443fee187af7f725185 |
| SHA256 | 84e122e6100045dd18508e48a686c43d0f4c2246765c9ff1141a271b2f7a8f83 |
| SHA512 | 792f0478acdaeb54a0a3a38e92d9fcdd1365a86b66bd6ccefe980fdfbb3bbf810b31a5cec6181ffd82086a089efdad18a80e8d93e0fb0c9719b14f7300d5368b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7a1f494f7703824f5e497a55f528fc2a |
| SHA1 | fbfead81c0cc81119cd070b7ac87614b99443be5 |
| SHA256 | 48c62a31c9f4c9552bafc140d06a8d90f3320c4f56114b5edf3c641d72e5300f |
| SHA512 | 005abf2a0b603837255d5e78b8b02135e04783b2580bde8617869833c9d6347da7123e2c651cf40648a109f6b9c2f159b77b732ab78f2a9479dea9a8d34287d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fe46.TMP
| MD5 | 0b08d96a230289579853698fb0492b22 |
| SHA1 | e1f4d581f5bbdb1b5ae9afe044d4e2bb78aa0650 |
| SHA256 | 7acdd27a2a45d3f43f1e9bff8545ecc9ca72f12073555722503a5cd0416f2af2 |
| SHA512 | d4681e79977093e1b0e3e4cd4bf83fe5f4a4a3829745079ef79ee40715d8a944686c548d4172e9935882ca47cd8dd7684259cfbf2f293e0b3ad092207ee98a12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | d79b35ccf8e6af6714eb612714349097 |
| SHA1 | eb3ccc9ed29830df42f3fd129951cb8b791aaf98 |
| SHA256 | c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365 |
| SHA512 | f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 689328b1af8368b944e7c2a2a7e40750 |
| SHA1 | 43e140a42b99b2a171974d74b17e7486e76e87b4 |
| SHA256 | 99187680534102bdf7b72108d55bced1ba124a1bd95a27e93635f0482b06f929 |
| SHA512 | e850378cec830e2907e8206c18097bf7dd841ff3d4e20193b9f6fc431e88e3e3decded42b0e56c9ce9b8baa03af8e16688224ea510ecaf786c4ef26488737509 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a4722fb3a02ce02652b5f39bc270fdf4 |
| SHA1 | fd768b06546ad89aae6841da21f6e3eeb33dda7a |
| SHA256 | f9dee7d0fd7de50a219a17b028004ed6fac60ea1ed9387cdddebdf460618ee9d |
| SHA512 | bd97fde5c4af146b513685a6c55d9612adc40c6db21f35e4118324d5003164ce394d909286cadd43710c3adfd96594d7e50dcd9238104094db7f6eb1f1efabaf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 783b1b0feaa6c42984b9f448833cdf4f |
| SHA1 | d0fa6dae0c8ef9275f622366c987dbc466628b96 |
| SHA256 | 1ce4d85f3f2536a1fd916a1d79a2d0461acc1534a9cddac1ff4e778c72b31204 |
| SHA512 | d399de27af9b92e8748d4df6189fd0194eae9edba694d38877aa9612edd2ccb364f96da4bfa75b278f1a1b6210d2b499c6ca6b613585bd23573921aa9a51bbe5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587579.TMP
| MD5 | a16f6b4ab2a866f21814d1eec719a5fb |
| SHA1 | 137fb1ecee279cf06c4bbca4da53b5449fcaec4a |
| SHA256 | 3a0b0c04dfdb438064e9b551ac34edec0652086359e3bd131f27e88ac0f2d02c |
| SHA512 | b6a6a103ad1bc726ef6b120c3791b5fb64a3fd329d01293c24a078bbb90974b6142c8f141302f45be4bb28796fb70f2971ca203a0da1d5e03085d653121e7e0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 275064a280c2bbe09c6a25bf8242a852 |
| SHA1 | 2c8b21204a228b3ceb022d1cfb524cede5ec39e4 |
| SHA256 | 84e50d49d67f0ba91c933c2c9adde410de81b9104f664d6aca3138f66450439e |
| SHA512 | bfdba544878e1442ebc92385fdb6d458af7e51fbb38d6799ebe94693639ac96583786a7149d36ca955b55599b883e02899d3fdb5cc9e136fc3e3b1d5bc2b804c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 82b4e2f8bfe4dfd0a2bc5456810e3672 |
| SHA1 | ed6d79cbcc663ad1d668a9a5e4286ab5f955f136 |
| SHA256 | 523b7b90fcb8e457d54e80517245fd663f6de52acc9e6d207316edc225853306 |
| SHA512 | 60376d7d8c612cfb3f788b0a3dc3e904ed77508de2519653528130f26e99f2e0070ada8e342f737c66948a1db5ea3366cfb0afbe9e1f39acf4ed79774d92a6c5 |