Malware Analysis Report

2024-10-23 21:28

Sample ID 240411-3e2vbabh2z
Target https://easyupload.io/cbm5st
Tags
quasar office04 spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://easyupload.io/cbm5st was found to be: Known bad.

Malicious Activity Summary

quasar office04 spyware trojan

Quasar payload

Quasar RAT

Executes dropped EXE

Enumerates system info in registry

Creates scheduled task(s)

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-11 23:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-11 23:26

Reported

2024-04-11 23:27

Platform

win10v2004-20240226-en

Max time kernel

74s

Max time network

76s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://easyupload.io/cbm5st

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zO47626637\RyansProject.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zO476CC3C7\RyansProject.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RyansProject.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RyansProject.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zO85966B78\RyansProject.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\Client.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3516 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://easyupload.io/cbm5st

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff864ea46f8,0x7ff864ea4708,0x7ff864ea4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8128 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8040 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10936 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10936 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\RyansProject.rar"

C:\Users\Admin\AppData\Local\Temp\7zO47626637\RyansProject.exe

"C:\Users\Admin\AppData\Local\Temp\7zO47626637\RyansProject.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11432 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\7zO476CC3C7\RyansProject.exe

"C:\Users\Admin\AppData\Local\Temp\7zO476CC3C7\RyansProject.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap3234:86:7zEvent10407

C:\Users\Admin\Downloads\RyansProject.exe

"C:\Users\Admin\Downloads\RyansProject.exe"

C:\Users\Admin\Downloads\RyansProject.exe

"C:\Users\Admin\Downloads\RyansProject.exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\RyansProject.rar"

C:\Users\Admin\AppData\Local\Temp\7zO85966B78\RyansProject.exe

"C:\Users\Admin\AppData\Local\Temp\7zO85966B78\RyansProject.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15580206074635887335,11408357738763832886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8520 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 easyupload.io udp
US 172.67.71.25:443 easyupload.io tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 cnt.trvdp.com udp
US 18.239.208.82:443 cnt.trvdp.com tcp
US 18.239.208.82:443 cnt.trvdp.com tcp
US 8.8.8.8:53 25.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 cdn.adapex.io udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 www.google.com udp
GB 199.232.56.157:443 platform.twitter.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net tcp
US 104.21.234.176:443 cdn.adapex.io tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.177:80 apps.identrust.com tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 ssc.33across.com udp
US 8.8.8.8:53 prebid.adnxs.com udp
US 151.101.1.229:443 cdn.jsdelivr.net udp
NL 145.40.97.67:443 prebid.a-mo.net tcp
US 34.149.20.76:443 ssc.33across.com tcp
US 8.8.8.8:53 cat.hbwrapper.com udp
US 8.8.8.8:53 g2.gumgum.com udp
NL 185.89.208.11:443 prebid.adnxs.com tcp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 cat1.hbwrapper.com udp
US 8.8.8.8:53 cloudflare.com udp
US 8.8.8.8:53 p2.gcprivacy.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
IE 52.17.97.65:443 g2.gumgum.com tcp
IE 63.35.31.32:443 ads.yieldmo.com tcp
US 134.122.30.244:443 cat1.hbwrapper.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 grid.bidswitch.net udp
US 134.122.30.244:443 cat1.hbwrapper.com tcp
US 34.193.235.108:443 p2.gcprivacy.com tcp
US 104.16.132.229:443 cloudflare.com tcp
US 18.239.212.129:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ice.360yield.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prebid.media.net udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 s.seedtag.com udp
US 8.8.8.8:53 82.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 96.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 157.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 176.234.21.104.in-addr.arpa udp
US 8.8.8.8:53 targeting.unrulymedia.com udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 157.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 177.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 76.20.149.34.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 11.208.89.185.in-addr.arpa udp
US 8.8.8.8:53 65.97.17.52.in-addr.arpa udp
US 8.8.8.8:53 229.132.16.104.in-addr.arpa udp
US 8.8.8.8:53 32.31.35.63.in-addr.arpa udp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 129.212.239.18.in-addr.arpa udp
US 8.8.8.8:53 244.30.122.134.in-addr.arpa udp
US 172.67.14.119:443 prebid.smilewanted.com tcp
DE 35.158.166.125:443 btlr.sharethrough.com tcp
US 34.149.50.64:443 s.seedtag.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
US 34.120.63.153:443 prebid.media.net tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
IE 54.194.25.32:443 ice.360yield.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 18.239.208.31:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 secure.quantserve.com udp
DE 91.228.74.200:443 secure.quantserve.com tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.browsiprod.com udp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 18.239.208.74:443 cdn.browsiprod.com tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 18.239.208.102:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 rules.quantcount.com udp
US 18.239.208.103:443 rules.quantcount.com tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 events.browsiprod.com udp
US 8.8.8.8:53 yield-manager.browsiprod.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 54.187.87.185:443 events.browsiprod.com tcp
US 18.239.208.14:443 yield-manager.browsiprod.com tcp
IE 52.49.90.166:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 pixel.quantserve.com udp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
US 172.67.71.25:443 easyupload.io tcp
US 8.8.8.8:53 stg.truvidplayer.com udp
NL 63.215.202.178:443 proc.ad.cpe.dotomi.com tcp
US 18.239.208.48:443 stg.truvidplayer.com tcp
US 18.239.208.48:443 stg.truvidplayer.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 108.235.193.34.in-addr.arpa udp
US 8.8.8.8:53 64.50.149.34.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 119.14.67.172.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 21.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 18.239.207.196:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 115.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 180.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 125.166.158.35.in-addr.arpa udp
US 8.8.8.8:53 254.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 32.25.194.54.in-addr.arpa udp
US 8.8.8.8:53 31.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 74.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 102.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
US 8.8.8.8:53 103.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 14.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 166.90.49.52.in-addr.arpa udp
US 8.8.8.8:53 185.87.187.54.in-addr.arpa udp
US 8.8.8.8:53 178.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 48.208.239.18.in-addr.arpa udp
US 172.67.23.234:443 a.ad.gt tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
IE 63.35.31.32:443 ads.yieldmo.com tcp
US 8.8.8.8:53 p.gcprivacy.com udp
US 8.8.8.8:53 ad.360yield.com udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 pbs.optidigital.com udp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
US 34.120.63.153:443 prebid.media.net tcp
US 8.8.8.8:53 ghb.adtelligent.com udp
IE 52.17.97.65:443 g2.gumgum.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
US 34.160.72.119:443 pbs.optidigital.com tcp
US 18.239.208.129:443 p.gcprivacy.com tcp
US 107.151.11.18:443 ghb.adtelligent.com tcp
US 8.8.8.8:53 s.trvdp.com udp
IE 34.251.91.106:443 ad.360yield.com tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.72:443 syndication.twitter.com tcp
US 8.8.8.8:53 rt.ad-score.com udp
US 35.208.216.174:443 rt.ad-score.com tcp
US 35.208.216.174:443 rt.ad-score.com tcp
US 8.8.8.8:53 aggle.net udp
US 15.197.179.7:443 aggle.net tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 349233a4f479178fb26c4c9890a49d8e.safeframe.googlesyndication.com udp
US 8.8.8.8:53 api.rlcdn.com udp
GB 142.250.180.1:443 349233a4f479178fb26c4c9890a49d8e.safeframe.googlesyndication.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 id5-sync.com udp
DE 141.95.98.64:443 id5-sync.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 196.207.239.18.in-addr.arpa udp
US 8.8.8.8:53 119.72.160.34.in-addr.arpa udp
US 8.8.8.8:53 129.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 106.91.251.34.in-addr.arpa udp
US 8.8.8.8:53 18.11.151.107.in-addr.arpa udp
US 8.8.8.8:53 7.179.197.15.in-addr.arpa udp
US 8.8.8.8:53 72.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 174.216.208.35.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 cdn.adnxs-simple.com udp
US 8.8.8.8:53 ams3-ib.adnxs-simple.com udp
US 8.8.8.8:53 adsdk.microsoft.com udp
NL 185.89.210.180:443 ams3-ib.adnxs-simple.com tcp
US 23.53.112.216:443 cdn.adnxs-simple.com tcp
US 13.107.246.64:443 adsdk.microsoft.com tcp
US 8.8.8.8:53 hbx.media.net udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 cs.seedtag.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 23.220.112.27:443 hbx.media.net tcp
DE 51.89.9.254:443 onetag-sys.com udp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 104.16.183.87:443 cs.seedtag.com tcp
US 23.53.112.234:443 ads.pubmatic.com tcp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 sync.adtelligent.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 scripts.opti-digital.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 csync.smartadserver.com udp
GB 185.83.71.234:443 sync.adtelligent.com tcp
DK 37.157.6.243:443 cm.adform.net tcp
US 104.18.3.52:443 scripts.opti-digital.com tcp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 csync.loopme.me udp
NL 185.89.208.11:443 prebid.adnxs.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 35.214.143.40:443 csync.loopme.me tcp
DE 3.122.23.28:443 match.sharethrough.com tcp
BE 104.68.78.171:443 secure-assets.rubiconproject.com tcp
BE 104.117.77.160:443 csync.smartadserver.com tcp
DE 162.55.233.28:443 sync.richaudience.com tcp
US 8.8.8.8:53 contextual.media.net udp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 67.202.105.22:443 ssc-cms.33across.com tcp
NL 72.246.173.47:443 eus.rubiconproject.com tcp
US 34.160.72.119:443 pbs.optidigital.com udp
US 34.149.50.64:443 s.seedtag.com udp
NL 72.246.172.22:443 contextual.media.net tcp
US 8.8.8.8:53 static.smilewanted.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 ssp-sync.criteo.com udp
US 8.8.8.8:53 216.112.53.23.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 27.112.220.23.in-addr.arpa udp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 87.183.16.104.in-addr.arpa udp
US 8.8.8.8:53 234.112.53.23.in-addr.arpa udp
US 8.8.8.8:53 234.71.83.185.in-addr.arpa udp
US 8.8.8.8:53 52.3.18.104.in-addr.arpa udp
US 8.8.8.8:53 243.6.157.37.in-addr.arpa udp
US 76.223.111.18:443 eb2.3lift.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 8.8.8.8:53 cacerts.rapidssl.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 eu5.easyupload.io udp
US 8.8.8.8:53 x.bidswitch.net udp
FR 5.135.209.101:443 ssbsync-global.smartadserver.com tcp
NL 213.19.162.90:443 token.rubiconproject.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
NL 213.19.162.80:443 token.rubiconproject.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 23.62.61.129:443 www.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 40.143.214.35.in-addr.arpa udp
US 8.8.8.8:53 171.78.68.104.in-addr.arpa udp
US 8.8.8.8:53 28.23.122.3.in-addr.arpa udp
US 8.8.8.8:53 160.77.117.104.in-addr.arpa udp
US 8.8.8.8:53 47.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 22.172.246.72.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 7.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 90.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 101.209.135.5.in-addr.arpa udp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 u.openx.net udp
NL 81.17.55.117:443 sync.smartadserver.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 70.42.32.159:443 b1sync.zemanta.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 creativecdn.com udp
IE 54.77.183.226:443 ap.lijit.com tcp
US 34.98.64.218:443 u.openx.net tcp
US 47.253.61.56:443 gw-iad-bid.ymmobi.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 t.adx.opera.com udp
US 34.98.64.218:443 u.openx.net udp
US 18.239.208.62:443 public.servenobid.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 70.42.32.159:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 image8.pubmatic.com udp
NL 35.214.143.40:443 csync.loopme.me tcp
US 70.42.32.159:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 s.adtelligent.com udp
US 54.160.182.222:443 sync.srv.stackadapt.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 18.239.208.103:443 api-2-0.spot.im tcp
IE 52.48.73.249:443 match.prod.bidr.io tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
DE 142.132.249.187:443 s.adtelligent.com tcp
US 8.8.8.8:53 assets.a-mo.net udp
IE 54.170.186.220:443 jadserve.postrelease.com tcp
US 104.19.158.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 bttrack.com udp
US 54.236.215.164:443 cs-server-s2s.yellowblue.io tcp
BE 104.117.77.160:443 csync.smartadserver.com tcp
US 8.8.8.8:53 ced-ns.sascdn.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 192.132.33.67:443 bttrack.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
BE 104.117.77.155:443 ced-ns.sascdn.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 117.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 226.183.77.54.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 159.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 56.61.253.47.in-addr.arpa udp
US 8.8.8.8:53 62.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 79.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 249.73.48.52.in-addr.arpa udp
US 8.8.8.8:53 187.249.132.142.in-addr.arpa udp
US 8.8.8.8:53 222.182.160.54.in-addr.arpa udp
US 8.8.8.8:53 220.186.170.54.in-addr.arpa udp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 164.215.236.54.in-addr.arpa udp
US 8.8.8.8:53 155.77.117.104.in-addr.arpa udp
US 8.8.8.8:53 67.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 image6.pubmatic.com udp
US 8.8.8.8:53 cdn.dxkulture.com udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 172.64.145.29:443 cdn.dxkulture.com tcp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 ssp.disqus.com udp
US 8.8.8.8:53 ads.servenobid.com udp
IE 54.76.55.31:443 ce.lijit.com tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 3.223.82.67:443 ssp.disqus.com tcp
IE 52.50.207.177:443 ads.servenobid.com tcp
IE 52.50.207.177:443 ads.servenobid.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
IE 52.50.207.177:443 ads.servenobid.com tcp
IE 52.50.207.177:443 ads.servenobid.com tcp
IE 52.50.207.177:443 ads.servenobid.com tcp
IE 54.194.25.32:443 ice.360yield.com tcp
US 8.8.8.8:53 us.shb-sync.com udp
US 8.2.110.33:443 us.shb-sync.com tcp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 29.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 31.55.76.54.in-addr.arpa udp
US 8.8.8.8:53 177.207.50.52.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 67.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 67.82.223.3.in-addr.arpa udp
US 8.8.8.8:53 sync.adkernel.com udp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 8.8.8.8:53 s.ad.smaato.net udp
US 18.239.208.36:443 s.ad.smaato.net tcp
US 8.8.8.8:53 ads.dxkulture.com udp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 8.8.8.8:53 33.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 72.57.245.77.in-addr.arpa udp
US 8.8.8.8:53 71.126.55.45.in-addr.arpa udp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 8.8.8.8:53 eexsync.com udp
US 80.77.87.108:443 eexsync.com tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 108.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
N/A 192.168.1.226:4782 tcp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
NL 185.89.210.180:443 secure.adnxs.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
US 34.120.63.153:443 prebid.media.net udp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 ghb1.adtelligent.com udp
GB 185.83.69.58:443 ghb1.adtelligent.com tcp
NL 185.89.210.180:443 secure.adnxs.com tcp
US 8.8.8.8:53 58.69.83.185.in-addr.arpa udp
N/A 192.168.1.226:4782 tcp
NL 185.89.210.180:443 secure.adnxs.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 ghb2.adtelligent.com udp
US 23.227.151.242:443 ghb2.adtelligent.com tcp
US 8.8.8.8:53 242.151.227.23.in-addr.arpa udp
NL 185.89.210.180:443 secure.adnxs.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 cdn.adnxs.com udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 151.101.1.108:443 cdn.adnxs.com tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
N/A 192.168.1.226:4782 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1eb86108cb8f5a956fdf48efbd5d06fe
SHA1 7b2b299f753798e4891df2d9cbf30f94b39ef924
SHA256 1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40
SHA512 e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

\??\pipe\LOCAL\crashpad_3516_QTXYZFBENJZCCMAF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f35bb0615bb9816f562b83304e456294
SHA1 1049e2bd3e1bbb4cea572467d7c4a96648659cb4
SHA256 05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71
SHA512 db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 90bde1593a6860f4cc8f62b0a34a8a28
SHA1 bf707dacbdedc64c3e6bdbf3846422a62c36b7fb
SHA256 b6a42173ee510dc9f77f3dc6bc0e8a1af50f32b3168cb6dcde436b910769b366
SHA512 74e78a64ec25b0164bc7ce25bc5572ec33c0deb73677a0ad5f3573fd09fa0ea037fa02cb1d4d7d80f1c1821942840ca23ca15186f95d2e5992a338f32a264354

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 0c01f7f48843653180912a1ae3ba9691
SHA1 514c4c3c854416f4b6acc65f60624a5f9381d649
SHA256 c6e8174e0fa6a834758c95df325b834b2bc6b0a2bef56870507865de4276deb2
SHA512 5b18c2f3dff6b1d54723da818e9aaa98eebb878a77ecadacb5835e6087ccb5e313d7aa729e9bd4020445db27d1d103b9e323e0a60e303937801ce655e5978038

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 309bdec57f3d22dddb703597b935c73d
SHA1 5cc6f08cebdf11bf55cf66cede31e4a922bf6457
SHA256 dd9bf285cb642f39f5f825342b3cde8b326bf2218742e907e8070db7e7d6bba6
SHA512 5dec60fa364f004a371285b8e268a0c5764c712906ff75979ecdecd6341469711eb011a5a9dca8bcd4601b3016cd0fc47f698bca2ff7a0a24659b5a8feef0ff0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\Downloads\RyansProject.rar

MD5 44d6e8a53cff50cc3363e729ce3ecb04
SHA1 c9b66072ab2179194baee927b4ab04d43d64ddf5
SHA256 17f1c062b320bd3c8b938a07f9518affaf837fc253fe20c624187faa114938ae
SHA512 a93a888e5438c9a1d7453874da93d6aa860fd92be616d4a349870f025c3c79ab3ed24403f635d3e1496799930ac08c9c1f58cf0580720a70bbf43c2aaad11189

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e8b1132932ee90283bcfcf6f11e2dfff
SHA1 046283ca7f176db837d7576d78d2135061a83f0c
SHA256 7ace24640fc0bb760299b23778b08d61e94fd07f16026ba156a42f5ff44677d6
SHA512 0a8cdb1cf6e0fe9d6dcd989fbc2ea2b237983a2d4b27b967483ae1405dea7230edf9bad8b83aae6cf34098f572568b081b89621b0c034f0b67c44347fc7f2e23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aacdd9c3bfbe9f0c1b52682220ede5e0
SHA1 70269c0982baae379fabda3b2b9eecfe5752d3ac
SHA256 7f3df646f3f1c85b86e15146a6296c8edeaef82f3de0dfc110b29648e737051a
SHA512 5a79af9fc0ada1f0fc4123d7c6401b138b4020631a3453af5c68735ad9c432965d580103f77ab4e50cf8f787e4e4610282e01442152466b98e8d96b711416d16

C:\Users\Admin\AppData\Local\Temp\7zO47626637\RyansProject.exe

MD5 20edba711349a03803c2f96bbbe18b39
SHA1 675607f2c3510c35ea0784c1051e3a96c3b44416
SHA256 8e3077a2601f2727d79389b445d9e90336a0055c0f5a7ce330cbd4006876f1f9
SHA512 85130c87a19dc29bb6b6c26aea68f7173bf0df69c2a4b80e90bc2e14c19acdb1457f680e69d75c916fe7d546c470da5bb38b970843b33feda74847f5a675ee4e

memory/7712-281-0x0000000000D80000-0x00000000010A4000-memory.dmp

memory/7712-280-0x00007FF853270000-0x00007FF853D31000-memory.dmp

memory/7712-282-0x0000000003140000-0x0000000003150000-memory.dmp

memory/7704-289-0x00007FF853270000-0x00007FF853D31000-memory.dmp

memory/7712-290-0x00007FF853270000-0x00007FF853D31000-memory.dmp

memory/7704-291-0x000000001BF70000-0x000000001BF80000-memory.dmp

memory/7704-292-0x0000000003230000-0x0000000003280000-memory.dmp

memory/7704-293-0x000000001C730000-0x000000001C7E2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 424dd2d9b1af304a3679f8a5dccf06a5
SHA1 75454a8463dd1de70f1478cf3837ff62968bd39b
SHA256 65c90f1af6388bdf0a570c8ba6270f584ef22e39009d2a0751f1a630caebe5b7
SHA512 4e110e67b19bab4164e676e2e4a7d3feb7a3411f4316efae45202c9ba3cc3176e2cc128c77cd638d3d580d82f05e4fd0edbd1e6e0037b308c4ed3f75fac8049f

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RyansProject.exe.log

MD5 baf55b95da4a601229647f25dad12878
SHA1 abc16954ebfd213733c4493fc1910164d825cac8
SHA256 ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA512 24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

memory/7252-331-0x00007FF853270000-0x00007FF853D31000-memory.dmp

memory/7252-332-0x00007FF853270000-0x00007FF853D31000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 979bb5e5db4d9cb5204fe3123a887f23
SHA1 8beccacf0c1beb40d82ea9844a2974427224ec35
SHA256 ac3ca60e350848794a021cdd3e3b20acca5637fae091ecc0399918e9ca5151a5
SHA512 17b1248699e21b4627332725fe629a1086ec2355dd8cecf13288dc4b0e4a81d5e38700aca37d7e5ad9b632e59ab88acfb60b31690dcb90ec38868b5854ed7122

memory/7704-353-0x00007FF853270000-0x00007FF853D31000-memory.dmp

memory/7704-354-0x000000001BF70000-0x000000001BF80000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9b701b8216f025ffdaaf5115c950ba2c
SHA1 db0d4409f1f36aa5abc200e68e26938bda5ed94b
SHA256 83e8496a58e76fec5e663a3e6570d46468afeecca72eba1dcfa29513657d8eab
SHA512 e2b28137ce07bc2200d9ad9057dfc62c430874f25016ba25550f7ccaa0da391b837e808257bdd98071dcc0bfa23760aeb3ad73dd56d08dc847a2bcbf507b867c

memory/6660-378-0x00007FF853270000-0x00007FF853D31000-memory.dmp

memory/6660-379-0x0000000002E10000-0x0000000002E20000-memory.dmp

memory/6660-380-0x00007FF853270000-0x00007FF853D31000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dd02.TMP

MD5 b911114a20dedf31cd616d155a7c429d
SHA1 9967ab084972f67d33d6750b98fdbf01d00a3521
SHA256 94d1a2e3ecf93a620b4738f870b4416d4007302850bf90dcb2896fe59b645b84
SHA512 24e9ea549c2059ebbf542582a64c6f050a8c2c2ab3d7daecf3d906eb9e23085dbb0976c9c792a7fda0f7036b5c850ac63cf04fa401620d6f41ef18cdb311ed63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4074bbc19a61ad2cd70321f74862ba87
SHA1 1bd30c48c0759cb993f51d8c4e419d03430f6ee0
SHA256 117a0d862b789bde7f5b4208b737af1e96e76548275596af48bcb5daeaa28993
SHA512 8f0dc5c7df6a3b9e29682625a5d61ca286a8faf6f99ab481bce3036ae485b58a64d250a908b56a1d215a54b30446fc9c467e7eb865f313d37c656048ff34a20d

memory/2768-399-0x00007FF853270000-0x00007FF853D31000-memory.dmp

memory/2768-400-0x0000000003430000-0x0000000003440000-memory.dmp

memory/2768-401-0x00007FF853270000-0x00007FF853D31000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6f041d7ab2953bcba321f9b40a59876b
SHA1 636fe3eb4eea984eeb879eb5b2bfb91fadca71ac
SHA256 2526a329e1cf3eb616c7282176c38ce4825164c58e75c09aaf7d2106c38e19d9
SHA512 f6f7e0f0c5c44c5a2651868dd6aa355eee265f549c3be1c9c6a9dddb5d506c2b7b9ef83d84d9b2c16f47cc3f82aa42941b167b3a31c0395910a8381492fdd141

memory/7088-421-0x00007FF853270000-0x00007FF853D31000-memory.dmp

memory/7088-422-0x000000001B3D0000-0x000000001B3E0000-memory.dmp

memory/7088-424-0x00007FF853270000-0x00007FF853D31000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 bffb059f66bf71c890cc5b5ae438989a
SHA1 e13ab1e1accbf64e3e430f02f7c10ae09d413ac4
SHA256 3a87dbcf5afda3daf93b5be8979affc5ed1a14c1050e004cf4c8897f2d96bd64
SHA512 cc7a0e52bc9278d4e69923eb6ead9da450144797c5aec7bb479cd68203221320341e271f2be120d7fabd6b8a9d0ecfe48c870c7eb18fe687d96dbb20ede9488a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 df4290b557c613f2299f4d2379cf6e78
SHA1 02425ec61f16c155b61cff503d260288d8d285a0
SHA256 4b4084e10f6916b555937ef972da3a82e721d874e7ab42d1c36db21a1f6147dd
SHA512 6bdd7f3dab451bfc9394a2b9a1cc6e2504f9ed2f2bf6be1d4dfb8266ba2ab65c877ffe8118c96fecf3b43caf5eb7038864c7a88d2a12d6a2fd3919f77d75308a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 059e4792380953248a45ba15c7cea739
SHA1 abb68193cbadc18fb5c061307f9cd3f7d3f15fa0
SHA256 93c85198f93b58d7306d8c87952aff656303ca07399763f152aead1877c86f77
SHA512 333283cda0e4d33ea3c2cae9a073bacb898b7962d6e40ffd11b860dd144d319c04dd5a8620296d313baa199acc6a335c65e55253092c5f1b6ddc95647570f81a