Malware Analysis Report

2024-12-07 22:32

Sample ID 240409-kgehpaea41
Target https://tria.ge/240408-yqhtcsad26
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

Threat Level: Shows suspicious behavior

The file https://tria.ge/240408-yqhtcsad26 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Looks up external IP address via web service

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-09 08:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-09 08:34

Reported

2024-04-09 08:35

Platform

win10v2004-20240226-en

Max time kernel

104s

Max time network

111s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/240408-yqhtcsad26

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-609813121-2907144057-1731107329-1000\{E8F52EB2-EB9C-4A05-90B6-4C1569172287} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3936 wrote to memory of 2160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 2160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3936 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/240408-yqhtcsad26

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d7dd46f8,0x7ff8d7dd4708,0x7ff8d7dd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5040 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7228 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6688 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6472 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x40c 0x4a4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3742890005400041198,14625163159530822466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 98.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 tria.ge udp
NL 154.61.71.12:443 tria.ge tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 12.71.61.154.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.72:443 r.bing.com tcp
NL 23.62.61.72:443 r.bing.com tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 81.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.17.251.10:443 aefd.nelreports.net tcp
US 2.17.251.10:443 aefd.nelreports.net udp
US 8.8.8.8:53 10.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.16.154.36:443 whatismyipaddress.com tcp
US 104.16.154.36:443 whatismyipaddress.com tcp
US 8.8.8.8:53 36.154.16.104.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 app.fusebox.fm udp
US 8.8.8.8:53 a.omappapi.com udp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 a.pub.network udp
US 104.26.12.133:443 app.fusebox.fm tcp
US 104.18.21.206:443 a.pub.network tcp
GB 143.244.38.136:443 a.omappapi.com tcp
BE 13.225.239.40:443 cmp.inmobi.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.170:80 apps.identrust.com tcp
US 8.8.8.8:53 api.floors.dev udp
US 8.8.8.8:53 optimise.net udp
US 34.111.152.239:443 optimise.net tcp
US 34.160.128.112:443 api.floors.dev tcp
US 8.8.8.8:53 maps.whatismyipaddress.info udp
US 8.8.8.8:53 d.pub.network udp
US 172.67.69.80:443 maps.whatismyipaddress.info tcp
US 172.67.69.80:443 maps.whatismyipaddress.info tcp
US 172.67.69.80:443 maps.whatismyipaddress.info tcp
US 172.67.69.80:443 maps.whatismyipaddress.info tcp
US 34.160.152.31:443 d.pub.network tcp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 223.111.17.104.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 206.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 133.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 40.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 239.152.111.34.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 112.128.160.34.in-addr.arpa udp
US 8.8.8.8:53 80.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 31.152.160.34.in-addr.arpa udp
US 34.111.152.239:443 optimise.net tcp
US 104.26.12.133:443 app.fusebox.fm tcp
US 34.111.152.239:443 optimise.net udp
US 8.8.8.8:53 api.omappapi.com udp
US 172.66.41.8:443 api.omappapi.com tcp
US 34.160.128.112:443 api.floors.dev tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net tcp
US 34.160.128.112:443 api.floors.dev udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 8.41.66.172.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 216.239.38.181:443 analytics.google.com tcp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 static.libsyn.com udp
US 8.8.8.8:53 onesignal.com udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
BE 13.225.239.127:443 static.libsyn.com tcp
BE 64.233.167.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 cdn.whatismyipaddress.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 18.196.12.154:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.136:443 login.microsoftonline.com tcp
US 8.8.8.8:53 181.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 127.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 42.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 154.12.196.18.in-addr.arpa udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
BE 13.225.239.94:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 freestar-io.videoplayerhub.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 104.26.8.50:443 freestar-io.videoplayerhub.com tcp
US 104.18.43.90:443 cdn.confiant-integrations.net tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
BE 13.225.21.72:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 94.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 50.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 90.43.18.104.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 72.21.225.13.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 fid.agkn.com udp
US 8.8.8.8:53 secure.quantserve.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 idx.liadm.com udp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 34.160.46.1:443 fid.agkn.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
DE 91.228.74.200:443 secure.quantserve.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 btloader.com udp
US 34.120.133.55:443 api.rlcdn.com tcp
US 54.85.178.249:443 idx.liadm.com tcp
BE 13.225.239.85:443 config.aps.amazon-adsystem.com tcp
US 104.22.74.216:443 btloader.com tcp
BE 13.225.21.215:443 aax.amazon-adsystem.com tcp
BE 13.225.21.215:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
NL 23.218.48.210:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 s2s.t13.io udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 a.teads.tv udp
US 34.107.140.113:443 s2s.t13.io tcp
US 34.107.140.113:443 s2s.t13.io tcp
US 34.107.140.113:443 s2s.t13.io tcp
US 34.120.63.153:443 prebid.media.net tcp
US 34.120.63.153:443 prebid.media.net tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 72.246.173.80:443 a.teads.tv tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 8.8.8.8:53 rp.liadm.com udp
US 54.173.104.12:443 rp.liadm.com tcp
US 8.8.8.8:53 1dbcc6632fdba17255a4fe95dd17aa04.safeframe.googlesyndication.com udp
GB 142.250.180.1:443 1dbcc6632fdba17255a4fe95dd17aa04.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 104.22.4.69:443 a.ad.gt tcp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 1.46.160.34.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 85.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 215.21.225.13.in-addr.arpa udp
US 8.8.8.8:53 249.178.85.54.in-addr.arpa udp
US 8.8.8.8:53 210.48.218.23.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 113.140.107.34.in-addr.arpa udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 244.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 80.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 12.104.173.54.in-addr.arpa udp
US 8.8.8.8:53 api.btloader.com udp
IE 67.220.228.200:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 rules.quantcount.com udp
US 8.8.8.8:53 ad-delivery.net udp
BE 13.225.239.8:443 rules.quantcount.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 104.18.36.155:443 ssum-sec.casalemedia.com tcp
US 8.8.8.8:53 qsearch-a.akamaihd.net udp
NL 23.63.101.171:443 qsearch-a.akamaihd.net tcp
US 34.107.140.113:443 s2s.t13.io udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 178.250.1.3:443 static.criteo.net tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 p.ad.gt udp
US 172.67.23.234:443 p.ad.gt tcp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.178.1:443 cdn.ampproject.org tcp
US 104.22.5.69:443 ids.ad.gt tcp
US 104.22.5.69:443 ids.ad.gt tcp
US 104.22.5.69:443 ids.ad.gt tcp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 dpm.demdex.net udp
GB 185.64.191.210:443 image2.pubmatic.com tcp
US 8.8.8.8:53 sync.go.sonobi.com udp
GB 172.217.169.2:443 cm.g.doubleclick.net tcp
NL 213.19.162.90:443 token.rubiconproject.com tcp
GB 142.250.178.1:443 cdn.ampproject.org tcp
US 69.166.1.34:443 sync.go.sonobi.com tcp
IE 34.246.11.24:443 dpm.demdex.net tcp
NL 81.17.55.116:443 sync.smartadserver.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.1:443 cdn.ampproject.org udp
US 8.8.8.8:53 cdn.browsiprod.com udp
BE 13.225.239.123:443 cdn.browsiprod.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 pixel.quantserve.com udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 200.228.220.67.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 8.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 171.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 c.pub.network udp
GB 172.217.169.2:443 cm.g.doubleclick.net udp
US 34.160.152.31:443 c.pub.network tcp
US 34.160.152.31:443 c.pub.network udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
FR 185.235.86.211:443 ag.gbc.criteo.com tcp
NL 185.235.87.134:443 gem.gbc.criteo.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 104.22.4.69:443 ids.ad.gt tcp
US 172.67.23.234:443 ids.ad.gt tcp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 24.11.246.34.in-addr.arpa udp
US 8.8.8.8:53 116.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 34.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 123.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 90.162.19.213.in-addr.arpa udp
US 216.239.38.181:443 analytics.google.com udp
US 8.8.8.8:53 211.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 134.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 pixels.ad.gt udp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 172.67.23.234:443 pixels.ad.gt tcp
US 8.8.8.8:53 events.browsiprod.com udp
US 54.203.219.232:443 events.browsiprod.com tcp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 65.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 yield-manager.browsiprod.com udp
US 8.8.8.8:53 x.bidswitch.net udp
BE 13.225.239.14:443 yield-manager.browsiprod.com tcp
US 8.8.8.8:53 cdn.springserve.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
BE 13.225.239.38:443 cdn.springserve.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 14.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 232.219.203.54.in-addr.arpa udp
US 8.8.8.8:53 38.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:80 www.youtube.com tcp
GB 142.250.200.46:80 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
BE 64.233.184.84:443 accounts.google.com udp
US 8.8.8.8:53 84.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 142.250.200.46:443 suggestqueries-clients6.youtube.com tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.180.14:443 consent.youtube.com tcp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
GB 216.58.201.118:443 i.ytimg.com udp
US 8.8.8.8:53 rr1---sn-q4fzene7.googlevideo.com udp
US 173.194.141.166:443 rr1---sn-q4fzene7.googlevideo.com tcp
US 173.194.141.166:443 rr1---sn-q4fzene7.googlevideo.com tcp
US 173.194.141.166:443 rr1---sn-q4fzene7.googlevideo.com tcp
US 173.194.141.166:443 rr1---sn-q4fzene7.googlevideo.com tcp
GB 142.250.200.46:443 suggestqueries-clients6.youtube.com udp
US 173.194.141.166:443 rr1---sn-q4fzene7.googlevideo.com tcp
US 173.194.141.166:443 rr1---sn-q4fzene7.googlevideo.com tcp
US 8.8.8.8:53 166.141.194.173.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.225:443 yt3.ggpht.com tcp
GB 142.250.187.225:443 yt3.ggpht.com tcp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 216.58.204.78:443 youtube.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 yt3.googleusercontent.com udp
GB 142.250.187.193:443 yt3.googleusercontent.com tcp
GB 142.250.187.193:443 yt3.googleusercontent.com tcp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
GB 142.250.187.225:443 yt3.ggpht.com udp
US 8.8.8.8:53 rr5---sn-5hnekn7z.googlevideo.com udp
NL 74.125.100.106:443 rr5---sn-5hnekn7z.googlevideo.com tcp
NL 74.125.100.106:443 rr5---sn-5hnekn7z.googlevideo.com tcp
US 8.8.8.8:53 106.100.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-5hne6nzd.googlevideo.com udp
NL 74.125.100.233:443 rr4---sn-5hne6nzd.googlevideo.com udp
US 8.8.8.8:53 233.100.125.74.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1e3dc6a82a2cb341f7c9feeaf53f466f
SHA1 915decb72e1f86e14114f14ac9bfd9ba198fdfce
SHA256 a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c
SHA512 0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36bb45cb1262fcfcab1e3e7960784eaa
SHA1 ab0e15841b027632c9e1b0a47d3dec42162fc637
SHA256 7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae
SHA512 02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cf1198993726c89b0a619b8cc3efab2d
SHA1 e83f67be58d09c10ac501e161c760fabb6fb03b8
SHA256 5d12153816a8affb9d99c5d9557b50d685c5e46dfbfaeeca78c381842bacf59c
SHA512 4a170e15c911d71932bec9af8973026f7993c746c3ff2ce029d0058bf8c1a51f2587110beb221b9596f9ad0032fc64a0f30303dc5f7981db017ed3ec4a83aee4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e3c14f9559805e210672d593a11bdc47
SHA1 fb00830874e4592e447f7b068489e792962a563e
SHA256 7f1293b4547ca40911cca2c84707003334fcd81363dabb83dad9948d085388a7
SHA512 5fe6dac08340ba8580cc31ba9b0c22de4cc21ffd818d9c0e750d656e62d62f6818b8477ae37e81e49a24e61a0b801a8571150b9c2b44077bad2da89960c06cfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e28c54f8782e423dca7b13ba78bebe8d
SHA1 c042b6f63a1ff8895a25bc44fedf2da6da54046d
SHA256 da543c3cbc86390e052996791d65d9b0c18caed6b9ef505c0b0953f9ffd5720b
SHA512 690d801bb79a2f389a65df48f58e80c9cf0a5077860f3359516165ce03325ff62b578490fbfb844a9d1a004148a5a49bef86ec7d909c40b4e35372105882e4e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c533e52b346d107b8dd47ffe5a3a5c94
SHA1 4c0e7b54bd591845ed24883ebe5a00438c43c926
SHA256 2544b9fe8b819ddd93625454d6aad42b196954a0e1b98d300f65940d6c1d0cfd
SHA512 07adb28513e4db754aca55d933222bb80f35ad2aef398a65b845219a233da1d73cb952e4df4427b99660bb6afc4ca8cafa3fffb556d2d85193ab3281b58076b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d734928e3b3dd205c2be2349aeb8528d
SHA1 fce2e94fc22174b36eb2b16f421d6afdc1028df8
SHA256 d4e86b1ebddc1976f39c5d1e439ef6ca59446729ab666e135d972fdd9dd9d988
SHA512 ef48241a0474faec995bd9adb51b71ae023a49d2e834710abd5f9b05c0f7920be00462d67ed16b876a762f906ecb3332fc50297c818ef76ad02444034fda6e97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8162cea63807d9d3dbbc84f9d4177af4
SHA1 ce8236559f98a10dc023c4b2c1cd97750f8ccfbb
SHA256 b20ec50fbeb251088a05073706ef7fa29fd6c232e2ec4e3a31d1c0d0f1d1ccec
SHA512 ca809322e56fe3b76d1ee411d44089b14562d68b572d49b5488c83bde23617d2518e71e81047e547ec49c3466d4a20dad5678a45b42018299c9f7b6270324cf9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 56ef0b42c4c41fa069e42875db33076d
SHA1 03ef773ea205652fd0fa738a520d5bd1d0b12ae0
SHA256 f6d46e62c23fff2af2b3ec65303a80a3e632b057b0c3290cea4a361f31a8b80c
SHA512 2eb060f6664b93b860c59bb019c042919e6fddfdcb09ae6c142cded762585d3e8ea7ec0d37fd1dff89b98d0e2c61bba4a9947aca8f2aa9beb115b5decc4c032b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581eed.TMP

MD5 15e3c377024c3d49be2b945303ba1855
SHA1 20a0f4a913c2c4b1424d831f7486e174388128bc
SHA256 d427430c1fa0fc0c824f2ef45a3f72361348dcdfc77a54a3ea3b6d265fd95bcf
SHA512 9f0004aecb25eb1cc6127efc22aad3d7c8f052b07d49bdeef623608242f09ed47347ca81ffd321efe54f383aa4667ecf76d919ce59b2b5d31f849cb3e45e1937

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2ba19ed027c5b67c2be25c2915dd5e74
SHA1 8f3f0a1735e70cd34cd46b7cc1945e54a7439dfd
SHA256 75bb1368ca8402b37c702e1c31be455fcab58b480dc11d151c912962dabbbb2e
SHA512 57841282f9ec166569382d555477c1176ae66011bc0a3f4689bcb746dc92806526b8572ad9f9f4ecafd6aed3571eeef0a58f8fe0e82468fe56e24c557180ee39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c2d69fd475ea822c5f1f7556292063f0
SHA1 2636b3a192cdeab0a44f11598e156e3e575035ef
SHA256 e15a156a877cb59aa28477a30e22c8f3c9014b5313f6c7765b5a68b8b37a6ddc
SHA512 cf22cc22046cf78f080015a3225e104507defc64875e341328858e827eadd2e8a8e39c41a747bdc18fe3f1642864a50dc91c7034259f89cc8664d1799d195190

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 79cbfe7a3db85e1f5fe8caa86dc65c3f
SHA1 6386efbd59c3fd4c5417cfe613730ef6017014b1
SHA256 0b602346bd94ab0883af9a660bdc948490378bd1f497cdfa9936d295448642a9
SHA512 97c0ed39b6c2e930a4b314a1facf495f38f22d5212db0d58ed302f335e9e5841bec3bf738ae12e51b7d55a1467d48c83d1996c50e277b94d4415d8e68ef094e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b0b9ca3dc771526605fbd8f20f26c2d0
SHA1 c2fd637d47a5a5f285fdfc5f9a5a5b347b606b11
SHA256 8d0c83f62beaef66e1b615072fc04561432f01cad2b153cd4311db788381cfda
SHA512 9ff0d0e0a9192463cadf63e8a39e70be3947c55d3ddd9cd517fb697ee5887811009709b3063a2aeffd6f5d2a6d0c9f17d68fe708b6e4f3ae1cacef99ccac7ccd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 024eb15138492e59cdd370c6cc2c499f
SHA1 fb8a5d7dca1ccd6cb1d13a31a315c5b64afc750b
SHA256 78c15a0546552383ec8adf91d7d90d563359211c4f2d66c902861d1b92688187
SHA512 dacafd877a6f28ad8e09903b1d7190de099fdd4ff353f5a880d76d6aa1db6bf0426ca9accef065d2deb6f725e52590554bc4f5d5b79b0166aeaa0c3a95aae24f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe586eb3.TMP

MD5 44b734e9ea35b8fdd08a2e27ee7b6c28
SHA1 d048ab06e12ae04a36c47380fa691a12adbeb4e0
SHA256 be2da68fa800e1acb4b5c33bdf3b7b1ddeb55c2f55f214fb273acfba4a53be45
SHA512 4dd73d9bf3777dded3b7f6801cc013b237945c4fc9011814863455561e6fb2fffee15ba7bd9407068e760e74eacc8ed0158acc496e430f80348557f8a3086f2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 955e82452f155733fd59f8adc7650ed4
SHA1 1a52700cb9a81d31952115978f3db4953cdc01ec
SHA256 0dd3f5a38c3182e81d7fb3907eab756b7adf3bf03f83326d896b42ca971d071f
SHA512 eccaad780370de712d854b4c9decf9b89277501add6371ec0a16196bf158a15f2de47b4d10e3f88f433e6ea3924dc28ac27575517a557dc4bcc1d862be3c3b9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5155a0d1-b8e3-493c-8dbb-631a3d30152f\index-dir\the-real-index~RFe5887c9.TMP

MD5 e27f371f556cf04c02c431d7e8987077
SHA1 23fe21d849f2fdd5a8d95e49b0810cb59483daa6
SHA256 9ad4796dcd49ec57399241eb076d7c8d8ad85fc9807e95b63a53c081b247bf75
SHA512 b09d4924d2bc5785be7229a3f547a3acce23355403cbb48fcb5cba9719e8731ced65f4c30fd1703eea8c13d3b449e7e17ac83192eb360999e96e1a2f5ba5e7b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5155a0d1-b8e3-493c-8dbb-631a3d30152f\index-dir\the-real-index

MD5 cd6d24f5d5dbfeb5427cc6ba533e0fe2
SHA1 c498cb1bce5fc79e47e84da1cb800bf31db00bdf
SHA256 95d290e37c4fb8ee3c8a5318c6d8778e02817a93dc9b1f6faab0c6c311bea599
SHA512 ae3c986aa1cf374730bbaf21ace2fc299531924d2033db93cc3a80fdcda52e91ab3a4e8b6430944f21582fc4c4effbfbc290b2fdd7b3c7a4b1cbcb249db67659

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1ee569ba708057abc988971a66b3a8b8
SHA1 d421535eb0a03525a3bc28dec03e5613ace26926
SHA256 119ff5aeb09905f05ad154db875091b59314b91f5482c25e84e9df1e69bf87ab
SHA512 6acd9bbc818fcc645e77bc80da060b87fcc581dcadaab7461797e07df270953090277aecee145a327d2953d5923198a18d2c1c3ca16e51d568fadbcdb6a7f5d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8cfd9ae2d8ad12460d485a6a478b9ff7
SHA1 e36f95f744c2532ac055e1077e133c9dc802ed34
SHA256 0c87720b7dc08af74ffd73f4b24258b6bc082253fe9aabeba7d4b7a30971b063
SHA512 638e535ad8ebd6bbba5ebea267e25c917ed8262aac6184e3b56f2006476a0213e177ef994f414a3dffec9e8ac4e008d4d20a15e68783e6939d030f7e311b242e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 038c6d895ae75be3d4f0a6acd73aa76b
SHA1 38d761054b6e4bbf88f1e8a8380a9aee513de0d1
SHA256 6679e3bcb3f59f697b25c61100a1efe59d414670155f4f38f04bd5b36ee6c5a7
SHA512 2bfc7d04249071120c2b6bfd3324112d85e101d2dd00c57722bd73c77a76718c96bdf35e6334c86b8c7ec12742317b05fd30e618d13869f27e968d51c6e1545a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b6d554a0f1a271d0d9025fb691f0bc1d
SHA1 f6e2fc90a18f0e3ee3ffc0daa8a33ea507388eee
SHA256 7e83d7dcdbfa9704817925a561cbaa5b8632499fdcd13e102236a2443bc0f7ca
SHA512 4c21bde364592d9ea37930f6b9590a6b9d24164992f9cf328789fae4b199319f2d1425b4a01173ec19a88d9b2b013ad6d8ef320faab34697fc951b2f411de72f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9a61f2a3-9cef-4530-882f-cb97c76872a6\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 75540dcdc3b165d49b1ce76e2128f171
SHA1 53fe8bda61b0eb590aeeb7939436b854e4df34b0
SHA256 a0327aeb2340ea143bf17ab4e63484df9ba9612a8d93d35716d6275f02170063
SHA512 3a40bb3fb0fdde01654bbe45c5b423f1cdc5b73e3c2b2760b854cfa845c56f498a0a358c58418d7b468ea336048a2fa9e9a57f962e14151198e3fc8066e5139a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

MD5 d36a279a33de96214071fd7f70c747d8
SHA1 ceac09f798320386352d961e3b8a1c557361c2eb
SHA256 1b07b593ad68e1a8a0d1b0e3ae27ef5c9d9512f6638bbef8555dd046580b92a7
SHA512 d58b0a54678ceed317222ba60eb1ed34c08e92a44839e83047640294bd79edbb2237962892be029110843de7c9c3bcf8ea6d5d9dabe687027669f27d5fc2ffa4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

MD5 fef9f7a110bec0d6447186afafe5dcf7
SHA1 7ee311875848cf2890ae7e2745e147b8d2cfa519
SHA256 c32dd11911b6c83167ca87e7ed5a0d3e425dd927a669c19e8ef848b3b95cb2aa
SHA512 674fafad403b2417925ab35765ef53df2644a04935b2c68b07dac262a33f8c8d3edab999633b09b227330c98b354f2da53ff0c7ef29d69f5b72ac6a3000c9a2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

MD5 045937268a2acced894a9996af39f816
SHA1 dfbdbd744565fdc5722a2e5a96a55c881b659ed4
SHA256 cc05f08525e5eaf762d1c1c66bef78dec5f3517cf6f7e86e89368c6d4a1ef0cf
SHA512 71a025a421384ed1e88d0c5ffadc6450a9e1efd827fe929f5ef447d2901cd87572fccf13dfa8b2706c9fab8160163e3a0c80bfe1ab49d63ffbbcb0e4e591a84f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d70328a34277b6d5da540ed571d89c4b
SHA1 c7d6bc523a065abaaef1c8afae53b5914ee5c023
SHA256 29ed97584a4adbb6c390f0506e15a4b1b4feb7a91cf3ecd78346ceb37936d933
SHA512 fee857eb13efbce6d458b469c75c3ca4a43d0f2fdd1a4fc64a472635d0e75799fd1f0431a563f60ba251504cb7882d825cf748114c7bbaf7b1443a7d5fd4a8cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1c6846d5a932b7152358d10cc0c0e3c4
SHA1 a5c138fe2e689ce28aee5478668d62f891a24a58
SHA256 41ea02f2ca32c54ddd186fc4d26e4e22a36ea03c7aef0891026b0bffaffda670
SHA512 1ce9c88ffc0623dad1a0002bc9c0fb50a6e39717a245301bca4c23629d200841c9492d648fbb95054a01b4732d3763861e9e0ed0e3d3120cc180ada79c66d201

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c89bcee251d2e8eaa0950c53a020640b
SHA1 64b1166b507770ba6bd84a0cd63d1ef098b77e0d
SHA256 8ff0375a5425bba637e55eccfdad7dd1749a84f76df0cdeec077667d554b52de
SHA512 0b1e58fc2021e2aa613954ff46984bfe6dbe9150a40314533a85656cc9fc1eadb09a5a439a29e314cdc634148cd9a8029be661a37f00e4f3b7378b325517bcbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 aefe585a55e04c8f30137d2dc8c40aad
SHA1 a143314cad8a47946ae338fddc355a2c132fdc63
SHA256 846c8c7b8b0cde92c96fd50a86518eb0c40e6bd6f30691f72a57a0d530819ed8
SHA512 2d449b5a511d2d5f2f7a1bfcac9576ab963806968a4cdba9701887fa22edf6879c783f0caf95abec5d9f22a507a85ad8d4fa939e99cf415ba12900754d51f090

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58e124.TMP

MD5 095e44b4a22e776469bec7020e7fe6dc
SHA1 ecf5160dff986cf168defbc490e66db08dbaa97f
SHA256 7b98a02dad644a7bdb635f86786131a9899b07c7b94e66fd4caf0e1854e08a41
SHA512 24512053a8f105285e0910162c859ef26ffaf3666f96b86ebe9377c1676bfbb5c16fd770fa3cfd821e136eb252f42b291dd10149edb5ba216b43d3c4f3ac494e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\000f67ff-b2fd-42ef-9fa3-55dc9d6241cc\b104c2bc2afd05bc_0

MD5 8c492000ecbee465fecaf87710b71079
SHA1 60c233f17e03fb82f5e17e42874f0473b3f6d895
SHA256 4429977c85cb52d9f79932ccb5c3e6f6ff53b339dfb42722d8024338cd798449
SHA512 3c663fc93011de09a6d6d07d4a8a847afebb4c351cb48124accc4174f509938d466e097fb584ff7fd61ad04db066ab232d9a8aaee1b82d40d042cb743f476dc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 847788bc0514cb501d22cbb5fd3cd299
SHA1 03af3c4d9fb7bf164c253f3ef8b1dda2c2c56094
SHA256 c15ef59c96283641c06ea182b2cfb54526f17ed4d62a196d4c7bb64927a39f4b
SHA512 8e08792e38b1103b6b9082c93532f5bdc3232904c696060aef82aabb7aa831757728f854c7c76cc7b50d8d484f1e7988212b7d27d012209d8573619d0aaca334

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\000f67ff-b2fd-42ef-9fa3-55dc9d6241cc\index-dir\the-real-index

MD5 12399c1312fbe0881d3e7672b6bab68d
SHA1 b4047247b29c2e52d5516e2402ba10ce172b47e1
SHA256 f598777ee67029570e7685c778e9d088fdbde3f80d8dbe1feefc9dac57526c53
SHA512 edd8cc8a2e41f8355424a7ad61a28266a81e910d60fb7d754e34a8e0014d87046bb7cf1a8dc23935b7a6cba414c67e2dd6391f6594ff21667bcb5c423974265c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\000f67ff-b2fd-42ef-9fa3-55dc9d6241cc\index-dir\the-real-index~RFe58f5f4.TMP

MD5 b84e01292b90a4eb050bb8ba33dd241d
SHA1 5d8fe6978cab828cd098946f5e4c6af6f3c09644
SHA256 719ecff14d3ab7b9bdf2130294530cc09eb151e41216a9438c2eb7bd73414a62
SHA512 22f48a5946fdc69437ff66ef7872e5f134b990378882970609aab70eb620de17cb439e76103d9043685d93552f3dfb2beef2665303c958d391bfed646386af40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1833738e6a3b3a551bf6deea220a9620
SHA1 e3974647b63ba10f807c3640c0a0adacae7ed8c8
SHA256 512ac0abddf8b95789b359621577e603dc9bbb3920f6dcd5c08280f152f7219d
SHA512 b59297b5888b10b75d03956d898f9a09d600c79c215c901f5bc15ced5436bebe7b59b27877b41f69223fd3167bc830217123a1b8e744c998054ad55b34ec7bdb