Malware Analysis Report

2025-04-13 11:56

Sample ID 240819-tjgv9sxbpj
Target https://www.youtube.com/watch?v=31RLLmYnBVg
Tags
quasar javaupdatechecker discovery spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.youtube.com/watch?v=31RLLmYnBVg was found to be: Known bad.

Malicious Activity Summary

quasar javaupdatechecker discovery spyware trojan

Quasar RAT

Quasar payload

Executes dropped EXE

Enumerates physical storage devices

Browser Information Discovery

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Scheduled Task/Job: Scheduled Task

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-19 16:05

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-19 16:05

Reported

2024-08-19 16:06

Platform

win10v2004-20240802-en

Max time kernel

97s

Max time network

97s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=31RLLmYnBVg

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\javaupdatechecker.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ezRip\ezRip\ezRip.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\javaupdatechecker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ezRip\ezRip\ezRip.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ezRip\ezRip\ezRip.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\javaupdatechecker.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\javaupdatechecker.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\javaupdatechecker.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4840 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 1696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 1696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4840 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=31RLLmYnBVg

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a19c46f8,0x7ff8a19c4708,0x7ff8a19c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5292 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x318 0x42c

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7432 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11580 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Users\Admin\Downloads\ezRip\ezRip\ezRip.exe

"C:\Users\Admin\Downloads\ezRip\ezRip\ezRip.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "javaupdatechecker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\javaupdatechecker.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\javaupdatechecker.exe

"C:\Users\Admin\AppData\Roaming\SubDir\javaupdatechecker.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "javaupdatechecker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\javaupdatechecker.exe" /rl HIGHEST /f

C:\Users\Admin\Downloads\ezRip\ezRip\ezRip.exe

"C:\Users\Admin\Downloads\ezRip\ezRip\ezRip.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1235904220574919025,1879006166370646641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1

C:\Users\Admin\Downloads\ezRip\ezRip\ezRip.exe

"C:\Users\Admin\Downloads\ezRip\ezRip\ezRip.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
FR 216.58.214.174:443 www.youtube.com tcp
FR 216.58.214.174:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 rr4---sn-5hne6nzy.googlevideo.com udp
FR 142.250.179.118:443 i.ytimg.com tcp
NL 172.217.132.169:443 rr4---sn-5hne6nzy.googlevideo.com tcp
NL 172.217.132.169:443 rr4---sn-5hne6nzy.googlevideo.com tcp
FR 142.250.179.118:443 i.ytimg.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 118.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com tcp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 84.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-t0a7sn7d.googlevideo.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 216.58.213.74:443 jnn-pa.googleapis.com tcp
FR 216.58.213.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 227.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 216.58.215.33:443 yt3.ggpht.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
FR 142.250.201.174:443 play.google.com tcp
FR 142.250.201.174:443 play.google.com tcp
FR 142.250.201.174:443 play.google.com udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 174.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
FR 142.250.74.238:443 youtube.com tcp
US 8.8.8.8:53 238.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
FR 216.58.215.33:443 yt3.ggpht.com udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
FR 172.217.18.206:443 consent.youtube.com tcp
NL 172.217.132.169:443 rr4---sn-5hne6nzy.googlevideo.com udp
US 8.8.8.8:53 206.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
FR 172.217.20.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 142.250.74.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 230.74.250.142.in-addr.arpa udp
FR 142.250.74.238:443 youtube.com udp
US 8.8.8.8:53 fastupload.io udp
US 104.26.2.147:443 fastupload.io tcp
US 104.26.2.147:443 fastupload.io tcp
US 104.26.2.147:443 fastupload.io tcp
US 8.8.8.8:53 www.statcounter.com udp
US 8.8.8.8:53 cmp.setupcmp.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 172.67.70.36:443 cmp.setupcmp.com tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 104.20.95.138:443 www.statcounter.com tcp
US 8.8.8.8:53 video.onnetwork.tv udp
US 8.8.8.8:53 c.statcounter.com udp
FR 94.23.186.68:443 video.onnetwork.tv tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdn.pubfuture-ad.com udp
US 8.8.8.8:53 stpd.cloud udp
US 172.67.70.36:443 cmp.setupcmp.com tcp
US 104.18.30.49:443 stpd.cloud tcp
US 8.8.8.8:53 cdn.onnetwork.tv udp
US 172.67.70.38:443 cdn.pubfuture-ad.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
FR 178.33.54.87:443 cdn.onnetwork.tv tcp
US 8.8.8.8:53 147.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 36.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 138.95.20.104.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 68.186.23.94.in-addr.arpa udp
US 8.8.8.8:53 49.30.18.104.in-addr.arpa udp
US 8.8.8.8:53 38.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
GB 173.222.211.58:80 apps.identrust.com tcp
US 8.8.8.8:53 ip2geo.pubfuture-ad.com udp
US 8.8.8.8:53 cdnt.onnetwork.tv udp
US 172.67.70.38:443 ip2geo.pubfuture-ad.com tcp
FR 217.182.102.210:443 cdnt.onnetwork.tv tcp
FR 217.182.102.210:443 cdnt.onnetwork.tv tcp
FR 217.182.102.210:443 cdnt.onnetwork.tv tcp
FR 217.182.102.210:443 cdnt.onnetwork.tv tcp
FR 178.33.54.87:443 cdnt.onnetwork.tv tcp
US 151.101.129.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
DK 13.33.153.189:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 cdnpf.com udp
US 172.67.185.239:443 cdnpf.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 58.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 210.102.182.217.in-addr.arpa udp
US 8.8.8.8:53 189.153.33.13.in-addr.arpa udp
US 8.8.8.8:53 239.185.67.172.in-addr.arpa udp
US 8.8.8.8:53 104.5.173.18.in-addr.arpa udp
US 8.8.8.8:53 cf.pubfuture.com udp
US 8.8.8.8:53 s3.pubfuture.com udp
US 8.8.8.8:53 360playvid.info udp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
DK 13.33.141.70:443 config.aps.amazon-adsystem.com tcp
US 104.21.50.50:443 360playvid.info tcp
US 172.67.74.59:443 s3.pubfuture.com tcp
US 104.26.4.37:443 s3.pubfuture.com tcp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
DK 143.204.237.28:443 tags.crwdcntrl.net tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
DK 143.204.237.28:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 serve.360playvid.info udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 44.195.198.182:443 serve.360playvid.info tcp
US 151.101.129.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
FR 142.250.178.138:443 imasdk.googleapis.com tcp
FR 142.250.178.138:443 imasdk.googleapis.com tcp
NL 89.207.16.210:443 proc.ad.cpe.dotomi.com tcp
FR 142.250.178.138:443 imasdk.googleapis.com udp
US 8.8.8.8:53 232.154.172.18.in-addr.arpa udp
US 8.8.8.8:53 50.50.21.104.in-addr.arpa udp
US 8.8.8.8:53 59.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 37.4.26.104.in-addr.arpa udp
US 8.8.8.8:53 70.141.33.13.in-addr.arpa udp
US 8.8.8.8:53 cdn0.360playvid.com udp
US 8.8.8.8:53 t.360playvid.info udp
US 8.8.8.8:53 153.161.49.23.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 178.36.239.216.in-addr.arpa udp
GB 95.101.128.202:443 cdn0.360playvid.com tcp
US 8.8.8.8:53 182.198.195.44.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 210.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
FR 172.217.20.162:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 28.237.204.143.in-addr.arpa udp
US 8.8.8.8:53 s0.2mdn.net udp
US 44.196.94.208:443 t.360playvid.info tcp
US 172.67.23.234:443 a.ad.gt tcp
FR 142.250.179.70:443 s0.2mdn.net tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 142.251.35.163:443 csi.gstatic.com tcp
US 8.8.8.8:53 202.128.101.95.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 208.94.196.44.in-addr.arpa udp
US 8.8.8.8:53 70.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 142.251.35.163:443 csi.gstatic.com udp
US 8.8.8.8:53 163.35.251.142.in-addr.arpa udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 p.ad.gt udp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 35.71.131.137:443 match.adsrvr.org tcp
DE 37.252.171.149:443 secure.adnxs.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 44.236.200.196:443 ids.ad.gt tcp
US 44.236.200.196:443 ids.ad.gt tcp
US 44.236.200.196:443 ids.ad.gt tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
FR 142.250.179.98:443 cm.g.doubleclick.net tcp
US 172.67.23.234:443 p.ad.gt tcp
US 104.26.9.169:443 script.4dex.io tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
IE 52.215.197.51:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 prebid-stag.setupad.net udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 adx.adform.net udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
IE 52.215.197.51:443 bcp.crwdcntrl.net tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 104.18.11.176:443 mp.4dex.io tcp
DK 37.157.6.243:443 adx.adform.net tcp
NL 147.75.34.153:443 prebid.a-mo.net tcp
NL 89.149.193.112:443 prg.smartadserver.com tcp
NL 89.149.193.112:443 prg.smartadserver.com tcp
NL 89.149.193.112:443 prg.smartadserver.com tcp
NL 89.149.193.112:443 prg.smartadserver.com tcp
NL 89.149.193.112:443 prg.smartadserver.com tcp
NL 89.149.193.112:443 prg.smartadserver.com tcp
US 8.8.8.8:53 sync.smartadserver.com udp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 ad.360yield.com udp
FR 142.250.201.162:443 pubads.g.doubleclick.net tcp
US 8.8.8.8:53 static.criteo.net udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 dnacdn.net udp
US 104.18.36.155:443 ssum-sec.casalemedia.com tcp
FR 142.250.179.98:443 cm.g.doubleclick.net udp
FR 5.196.111.72:443 sync.smartadserver.com tcp
US 172.67.23.234:443 p.ad.gt tcp
US 44.236.200.196:443 ids.ad.gt tcp
IE 34.250.59.226:443 ad.360yield.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 ads.us.e-planning.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 44.236.200.196:443 ids.ad.gt tcp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
DK 13.33.125.70:443 cdn.prod.uidapi.com tcp
NL 193.3.178.4:443 ads.us.e-planning.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 connectid.analytics.yahoo.com udp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 pixels.ad.gt udp
DK 18.173.5.81:443 connectid.analytics.yahoo.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 104.22.4.69:443 pixels.ad.gt tcp
US 104.18.22.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 oajs.openx.net udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
FR 185.235.86.179:443 ag.gbc.criteo.com tcp
US 34.120.107.143:443 oajs.openx.net tcp
NL 185.235.87.225:443 gem.gbc.criteo.com tcp
FR 142.250.201.162:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 149.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 169.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 51.197.215.52.in-addr.arpa udp
US 8.8.8.8:53 178.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 176.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 20.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 153.34.75.147.in-addr.arpa udp
US 8.8.8.8:53 112.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 243.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 196.200.236.44.in-addr.arpa udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 72.111.196.5.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 226.59.250.34.in-addr.arpa udp
US 8.8.8.8:53 4.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 70.125.33.13.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 81.5.173.18.in-addr.arpa udp
US 8.8.8.8:53 143.107.120.34.in-addr.arpa udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
FR 185.235.86.179:443 ag.gbc.criteo.com tcp
NL 185.235.87.225:443 gem.gbc.criteo.com tcp
US 34.120.107.143:443 oajs.openx.net udp
US 8.8.8.8:53 fe250e72b7f840038b485511ed2854c9.safeframe.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.179.65:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 google-bidout-d.openx.net udp
FR 172.217.20.193:443 fe250e72b7f840038b485511ed2854c9.safeframe.googlesyndication.com tcp
DK 13.33.153.189:443 c.amazon-adsystem.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 fs6.fastupload.io udp
FI 37.27.131.82:443 fs6.fastupload.io tcp
US 8.8.8.8:53 u.4dex.io udp
US 34.149.40.38:443 u.4dex.io tcp
US 8.8.8.8:53 cm.adform.net udp
FR 142.250.179.65:443 tpc.googlesyndication.com udp
FR 172.217.20.196:443 www.google.com udp
DK 37.157.5.84:443 cm.adform.net tcp
US 8.8.8.8:53 193.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 82.131.27.37.in-addr.arpa udp
US 8.8.8.8:53 38.40.149.34.in-addr.arpa udp
US 8.8.8.8:53 84.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
FR 178.32.210.231:443 ssbsync-global.smartadserver.com tcp
FR 178.32.210.231:443 ssbsync-global.smartadserver.com tcp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 node.setupad.com udp
US 8.8.8.8:53 track.adform.net udp
US 8.8.8.8:53 s1.adform.net udp
DK 37.157.3.20:443 track.adform.net tcp
US 8.8.8.8:53 cookies.nextmillmedia.com udp
DE 159.89.25.223:443 node.setupad.com tcp
DK 37.157.2.250:443 s1.adform.net tcp
US 34.225.168.224:443 cookies.nextmillmedia.com tcp
US 8.8.8.8:53 ice.360yield.com udp
DK 37.157.3.20:443 track.adform.net tcp
US 8.8.8.8:53 231.210.32.178.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 223.25.89.159.in-addr.arpa udp
US 8.8.8.8:53 250.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 224.168.225.34.in-addr.arpa udp
US 8.8.8.8:53 ads.pubmatic.com udp
GB 23.36.168.202:443 ads.pubmatic.com tcp
US 8.8.8.8:53 20.3.157.37.in-addr.arpa udp
US 8.8.8.8:53 202.168.36.23.in-addr.arpa udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 sync.a-mo.net udp
US 151.101.193.108:443 acdn.adnxs.com tcp
GB 2.18.109.233:443 eus.rubiconproject.com tcp
US 151.101.193.108:443 acdn.adnxs.com tcp
NL 147.75.84.127:443 sync.a-mo.net tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 assets.a-mo.net udp
US 104.19.159.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 233.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 127.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 19.159.19.104.in-addr.arpa udp
US 8.8.8.8:53 108.193.101.151.in-addr.arpa udp
BE 142.251.173.155:443 stats.g.doubleclick.net tcp
FR 94.23.186.68:443 video.onnetwork.tv tcp
NL 185.235.87.225:443 gem.gbc.criteo.com tcp
FR 185.235.86.179:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 go.trvdp.com udp
DK 13.33.141.38:443 go.trvdp.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 bh.contextweb.com udp
US 69.166.1.35:443 sync.go.sonobi.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
IE 99.81.94.253:443 dpm.demdex.net tcp
US 8.8.8.8:53 155.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 38.141.33.13.in-addr.arpa udp
US 8.8.8.8:53 203.228.220.67.in-addr.arpa udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 t.adx.opera.com udp
DE 51.75.86.98:443 onetag-sys.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 34.149.40.38:443 u.4dex.io udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 stg.truvidplayer.com udp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 216.200.232.249:443 sync.mathtag.com tcp
US 104.22.51.98:443 spl.zeotap.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 a7244b6825ab7275557664defe8b57b5.safeframe.googlesyndication.com udp
GB 2.22.101.110:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 98.86.75.51.in-addr.arpa udp
US 8.8.8.8:53 35.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 253.94.81.99.in-addr.arpa udp
US 8.8.8.8:53 98.51.22.104.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 81.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
DK 143.204.237.56:443 stg.truvidplayer.com tcp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 s.trvdp.com udp
DK 18.173.5.36:443 s.trvdp.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 8.8.8.8:53 csync.loopme.me udp
NL 35.214.220.244:443 csync.loopme.me tcp
US 8.8.8.8:53 110.101.22.2.in-addr.arpa udp
US 8.8.8.8:53 56.237.204.143.in-addr.arpa udp
US 8.8.8.8:53 36.5.173.18.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 rt.ad-score.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 35.208.216.174:443 rt.ad-score.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 8.8.8.8:53 ap.lijit.com udp
US 51.81.244.190:443 pbs.nextmillmedia.com tcp
IE 99.81.204.127:443 ap.lijit.com tcp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
US 35.244.159.8:443 u.openx.net udp
US 35.227.252.103:443 rtb.openx.net udp
US 8.8.8.8:53 244.220.214.35.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 174.216.208.35.in-addr.arpa udp
US 8.8.8.8:53 127.204.81.99.in-addr.arpa udp
US 8.8.8.8:53 190.244.81.51.in-addr.arpa udp
US 8.8.8.8:53 147.128.46.52.in-addr.arpa udp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
IE 52.214.160.218:443 ads.yieldmo.com tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 151.101.194.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 s.company-target.com udp
DE 91.228.74.159:443 cms.quantserve.com tcp
US 34.96.71.22:443 s.company-target.com tcp
IE 52.209.189.118:443 match.prod.bidr.io tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
NL 81.17.55.116:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.116:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.116:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 218.160.214.52.in-addr.arpa udp
US 8.8.8.8:53 49.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 159.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
US 8.8.8.8:53 116.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 118.189.209.52.in-addr.arpa udp
US 8.8.8.8:53 id.a-mx.com udp
NL 79.127.227.46:443 id.a-mx.com tcp
NL 79.127.227.46:443 id.a-mx.com tcp
US 8.8.8.8:53 id.rtb.mx udp
US 8.8.8.8:53 prebid.adnxs.com udp
US 8.8.8.8:53 ow.pubmatic.com udp
GB 185.64.190.84:443 ow.pubmatic.com tcp
NL 185.89.208.11:443 prebid.adnxs.com tcp
DE 79.127.216.47:443 id.rtb.mx tcp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 11.208.89.185.in-addr.arpa udp
US 8.8.8.8:53 84.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
FR 142.250.201.174:443 play.google.com udp
US 80.77.87.163:443 cs.admanmedia.com tcp
FR 185.235.86.179:443 ag.gbc.criteo.com tcp
NL 185.235.87.225:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 skiddinglol209-64250.portmap.host udp
DE 193.161.193.99:64250 skiddinglol209-64250.portmap.host tcp
NL 185.235.87.247:443 gem.gbc.criteo.com tcp
FR 185.235.86.191:443 ag.gbc.criteo.com tcp
NL 185.235.87.247:443 gem.gbc.criteo.com tcp
FR 185.235.86.191:443 ag.gbc.criteo.com tcp
DE 193.161.193.99:64250 skiddinglol209-64250.portmap.host tcp
FR 185.235.86.191:443 ag.gbc.criteo.com tcp
NL 185.235.87.247:443 gem.gbc.criteo.com tcp
FR 216.58.214.174:443 analytics.google.com udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
DE 193.161.193.99:64250 skiddinglol209-64250.portmap.host tcp
NL 185.235.87.247:443 gem.gbc.criteo.com tcp
FR 185.235.86.191:443 ag.gbc.criteo.com tcp
FR 185.235.86.168:443 ag.gbc.criteo.com tcp
NL 185.235.87.242:443 gem.gbc.criteo.com tcp
NL 185.235.87.242:443 gem.gbc.criteo.com tcp
FR 185.235.86.168:443 ag.gbc.criteo.com tcp
DE 193.161.193.99:64250 skiddinglol209-64250.portmap.host tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
FR 185.235.86.168:443 ag.gbc.criteo.com tcp
NL 185.235.87.242:443 gem.gbc.criteo.com tcp
DE 193.161.193.99:64250 skiddinglol209-64250.portmap.host tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
DE 193.161.193.99:64250 skiddinglol209-64250.portmap.host tcp
NL 185.235.87.242:443 gem.gbc.criteo.com tcp
FR 185.235.86.168:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
DE 193.161.193.99:64250 skiddinglol209-64250.portmap.host tcp
NL 185.235.87.245:443 gem.gbc.criteo.com tcp
FR 185.235.86.187:443 ag.gbc.criteo.com tcp
NL 185.235.87.245:443 tcp
FR 185.235.86.187:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 847d47008dbea51cb1732d54861ba9c9
SHA1 f2099242027dccb88d6f05760b57f7c89d926c0d
SHA256 10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512 bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

\??\pipe\LOCAL\crashpad_4840_RWMRJTGYVRQNAULS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f9664c896e19205022c094d725f820b6
SHA1 f8f1baf648df755ba64b412d512446baf88c0184
SHA256 7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA512 3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f15e450550d3914c98707239235794d5
SHA1 2879ff87861951cc0cbd6f48d786d4262a9430ad
SHA256 0d961329d9559af2e5e71b17c2badc2d46f15451d5e0f9a9dd76f36d72171073
SHA512 7ef30cffcb0b97443b4ccd6c146b52550e0f25e2d7d328e0bc05d23223ccf99ea0e9b71a17d4831fa45e6c4745a5dd6f7431e9b57bfabdadc2342bce46d1503c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 421b8116ed62f4c7fcffa5795734c220
SHA1 cd8e310ad6755e9afbb3c955b68ae81f3f1b98c4
SHA256 d8b50243ebe472fd4bd2ea1cbd6925e207837f7d5ff01e7b54d9c25eb2563122
SHA512 43b67e3e76ef0b1b9d09396bd57da3740e5b3eefc7ce173e0ccf3aaa9ba62c5a9617532d59cc9bd94c4c12c0a535375cf6f711531e06824d8b77bd1fcdd44be4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5e6cbb136d77a2931b2883a85ccf0ff1
SHA1 f02cafbb43232a5034ed060c916bb0178bb292c4
SHA256 6cad7a5f49fb417b0625921a03fa9e95b505f3e1d65618212987f36ba4962d26
SHA512 b46c0ec775f8ef00f037b593283a3b7476c12860658f199f694a9402986489d4b4aaee5134f96f40b13df9ac1924a251d50a2765ab86957fb6c1d96e8d0e0e42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7f6f5c617170ed8728e347b71f30dafb
SHA1 0ae2fc570873bde3897a0e444ab8d36cc7b91e0f
SHA256 ecd408d91584096e450a1ee06bbea085ab60ecb9c93380dde294ee610ad4e0cc
SHA512 b22c28e9a35591bc22d33d3fd372c3d7242cf656b4356b2c7907c0339752b6ae7fc3e3e5093d7e57181c95506619e56e57cc56c363d9c4a540f6dc7cbe60efd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e93dce2325f1fd1e72e21d0f2035af8a
SHA1 c20261c8ce48ccd66cc2d8d501954766d09aaea0
SHA256 83ee6201ef62c67b3955e53327438013905c81cd7c6515eb511e5c7d87d253bc
SHA512 26380e1c1b91516b9024a5cf1f2d0d232ee57f043d5691512de1943eed7fb6351d7f60e9b9c6a2423ec1ca03e472cf1ec58b393c88e9d599c4ee1acf95b8abb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 de54578fb140203772709581ab7aeed7
SHA1 635c6caa91462d1b1a325f06dd9820d85530a6da
SHA256 7ced26247553c42c5d9b09d17ea7ef4d697f62377be544d4fff3c78498e3d468
SHA512 b6dc28905b1cc7ce6a37048c8a1fb9f1f0eca2e7792e266c256c877602979c29be07e0d93a6233f67009b981e8311e4a850d0cf7298ebc3c2a303eca08d476e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\91ac33a6-8ec4-482c-a261-0f97c9f4b58a\index-dir\the-real-index

MD5 5be7bc31e324b2231ac101ce45e2256a
SHA1 79f3e35b78b4672ca318cb0090006955d7863d8d
SHA256 a7cd079da04a34bf7f7d30eccd071ebfbbc46146dacf48985d709b96869bd4bc
SHA512 b557f747e2791ac43d60fafd899c47b55381ab509f76ed8df03910b76c00a6c81f8457a7f5c07c9c38432d7feeca3fbdfc14924ad44c79ce80fa7ecaca0cb4cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\91ac33a6-8ec4-482c-a261-0f97c9f4b58a\index-dir\the-real-index~RFe57bb03.TMP

MD5 40250d43f6f0ffbb390fa7221487905b
SHA1 5979cbd491ccab750da6166f9523e86aac08a1d3
SHA256 8575b2ffeb528a030b8a8dd9c51d23049d6926f8a961cd69bc0ff894fdadd089
SHA512 eef0d768f0f72c49dc2956b703f0444be77b97aeb6db580220e7949f6debcf2252559eab7b55786b924fca7185da1fe645ce0e28dd161e0aa0c86a7979ecafa7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2892eee3e20e19a9ba77be6913508a54
SHA1 7c4ef82faa28393c739c517d706ac6919a8ffc49
SHA256 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512 b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 338e8316137d4ab759bd496ae8eeb3fa
SHA1 f3ecf0200a083495b4ba7112339f2fe05f3ddc0e
SHA256 bf0e93d17a2aac13e683fa466a5a2052b95aff91ec9ec4f880efde8ac89d8f82
SHA512 34f7f3ec258682b4f62d0065ae9d2d654146f91b640c3da549ae6fc40409c582932df8e663fb94633d39db6a535920495032c3515ba4e45c9cbec6e7439b08c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8ed6697a-c1a7-4a7d-9bdf-5c34c6148948\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a0ce5f6d6dfeafdb10a539c3da4f2864
SHA1 73b52240120c80c2615b5c3449765653139ea967
SHA256 57c3a28e5ac1216111bebe6095b0a28326e23fc4196a059f4d8adf2fac4ca3a6
SHA512 26360861f8bb1c9da8062ca941f5d72f867ae15c33a560414045601d19971dfde2f81330961ece77fd88a778477858e5af1b7c3876310073098bdff5e8600e1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 907f8482e1bdd222e2ec62ac441db79a
SHA1 5a7375989e3e338fe0bc880b923d98bdf3335345
SHA256 09b44095d31cd4880a9531701a9b1b1cfdf36c9b3341773b23ff4db25920f219
SHA512 9c6ff1356ca9ca22eb6485e5c2378b63792a14aae676945ede40bee60f0b846f78944e1c7e9cb5861181937465327bf1b924e7685a7b2ec0e7045c2379f0e315

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9e89e01c9aba7a02bdc752ef326d793d
SHA1 9a3b8f8e7654d89db26e6688fd21fc59cd342e6e
SHA256 ed63db8255d834443a33e15781feeb69e91b3f2fde477b770476e83ee7dbf529
SHA512 c84daa155aa025109a7c2ef3a77241ed56e69ec17226c94dff015368895b95422aa22e4d44b4514340288c2e662fbe2a664ffb6eea762a9662f59cf451aa323c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 858041c19204953e91ce39820b1007f3
SHA1 34085dab1e958dcaa9765eb20ada990aabb3dc26
SHA256 e8655b324342643465a3b7e5bb3f2de742b495551ec1e8820455f23dd8d7cf11
SHA512 dce0984c5e2730ca10dbe939fdce4c3ba972405cab6814a637700885f7da9feb98e51139325d1314afc758e20e12eab0f8d5fce35d35a724624a5858fa94bcdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 2a071490e33fffcfb59c7aef14771bd2
SHA1 9a13eb4cc11210c08b0bf5b6319058f66e5c1c9c
SHA256 6b7ab3ca0776ab48c07d7a69c948a9dcc6e0a2f898552ac1857b6db9ffd4c9c6
SHA512 ad52b85b6b373d9ef7a894ca5f629ec0c9ae4fd19c7abc857eac228e81bc320b05ff0a2469596e9aa52aa5d1f9b9fa6173174f9be08fe341df77a4635d438dff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 201a89b53e3d7ff9f45d78e9a191c8a5
SHA1 e4abe321ea8f590ca6a6c3b38c3e8fd8827d67b6
SHA256 a3f235d453979f32edcc800f6d8be8266c207361165a740ec917786f935c6daf
SHA512 179a594bf32cbf8c9b0c760780eeb83d55540c767bd619e7362abb7d66bf4d2301895dcf1cb9362390a7b5149589e499f73c87f210a73fd9e3a3fe41cc0e6642

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 dbe6d76a95111c0c2a8b89478258c95e
SHA1 f0d5b7f5e30fa6df6eee51aed1241ccae78259f2
SHA256 46bfe88f740dbeed005c2f4c36ed51aa7347e90c55d07c5e3167f903fff4d1b0
SHA512 25f819705955dbdb3d44591850d8a7a21603fd2e76b9010e50026c74386ce26e5b6ae52e229f80be2b47a95f54e05cc0dee2339cadd3c9a32b034adfc5f4fafe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9d5bb2e5c8fe53dc14f4911455e8f9d6
SHA1 f71d272aa5865ca614e4b02e84696805dbb7ee54
SHA256 66b9c6bf7d28766453fa4a036b7a4969d1596b26763e6ddf5512b2009dc68558
SHA512 6c1d893422fb6a141054f60a3340e6ee65eb2758409e72b1fa920f0387b66e284f2e0926d6cdab414deae41dad1266d07f07ed38e68058b65e46012b0a1e2860

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e196.TMP

MD5 09c85d106341398db330949f5c8ce4b8
SHA1 9a0af74e71d140e492ceb036009159fab6370f83
SHA256 c1f03e4d0a9b6916da1c1396072785e39c974c32c918745d57ed3282c5207a57
SHA512 e2519f1e7b2c02fff04696929fea9812a86064db7c21dd4c2ad217f5e6546b84de1f75b1dc8e73560894d4acfdf0d22f3c8c2b71fe0ba6fe5ac78d756d1f7b41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fcf6585a6709d46f697a128f97478b34
SHA1 0e9a86fab418b045d294534eab113b2d1d5aa46c
SHA256 3139ac52d7edea5d076e89fd4c3155a643f2cf243ddc515f2e09e28099b006dd
SHA512 11263b109203cd74e80d0f5db329597f867d80310dadb0ee97c523fc62358884649197bb6d79ff9fbbab83732724d313b5f5d1d5a660609cb224d00ce65863d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4054852dcee3eff5dedf1d8d4c6b22f2
SHA1 b1015e3c5e8ddffa4d8772c926d89b1844df59b3
SHA256 6ebc69f80ce338f564afa2279d4c98ed0e64c175417226c7de2a66fda8dd2b53
SHA512 1904f6c59852c1a4ec782147546d5e9ae08776c24e0d3fbf623414d6bbdc151ed2412b37e0080d16e215123b08b16145266b3893765eccb501b3074b1e9a5661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9315e22c21b7784c4fd5114df58ef4c0
SHA1 0e5afb4d5bbb814b971cba77142cdda262ed741a
SHA256 725884ec4981cdc5e35e5d81dbe129bd53d93286f8ec8720d21e6cf1f2279f07
SHA512 91520c97813a18a22217553bd9d0aa7dd82c9ed2e0a33f6fd43017e10992c1d40c7bf76571bd2343211bd3aa5ac8dd871f196727390bc529f4fb228b4e46008c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5e49a596a879b7ca8106bb13683a6bb6
SHA1 164d2d2044579a6f540c8fe8e4e8892c6d7b65c2
SHA256 f55a2d5e80ac5434705c0e9adc98bf607f62c62f038064d86ac7582e2a543a6c
SHA512 fc6217e5cc9bb0505c1ccf8e9498ff85c2779b843dcebfaf563734fda4f5fdf213cd2884ab5e04406f8bc785454c4a7df87662976ed9217d0b51b5e2c76ba1b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580dc6.TMP

MD5 632d098121cc02f98844bdd54b090f70
SHA1 3a49772d915f38f56d580273a67c76e2b7f73e7f
SHA256 3659e1b12268de331a539ee35d99b34a5825ab881093b51f2359a5378c50eab8
SHA512 270c7638377c5cc2842d7b79a73c9fdb28231d188b3909c021788c5405027ff884ed392650435973f30278b640c2b2f3f8691780665c9f40749935a123a7c11b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\60c68474-cdd4-495a-a55f-6d82cefa8a4f\index-dir\the-real-index

MD5 f0e32fbdb11f0595dc22230cb5f7bb96
SHA1 86cc4ac31b38f8f77aaf4f5d0363487c78656d91
SHA256 4e119d1d4cd211d61d994133bdd55e1e0fdf85fbecdbc05fe5d8ccdb64253b24
SHA512 e2565bb5a205e19585847c0574eabd6ae5a7b04378217b3b87f16d4ab61e1125792a806d80437bcacedee2a9104c136da67832c26c2acf6916596e6a3a314342

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\60c68474-cdd4-495a-a55f-6d82cefa8a4f\index-dir\the-real-index~RFe5814db.TMP

MD5 76d8bd4174237a0a15aeb9511f6ade81
SHA1 b5f570a21e8faf01e4af17b7a204140f68715dbd
SHA256 09f18c839f0bef9b2e2770592b71e20ec991f6af1721264b138a801438b3dbba
SHA512 bcfcd2aeffdfc8b1c0a2a0b349101b7001c66781cbc85d3f8de9e5f16ef3b5f5df7ab4664d74f1912444323205dc072eac0028fb3303123d16ee03096857e668

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8ed6697a-c1a7-4a7d-9bdf-5c34c6148948\index-dir\the-real-index

MD5 deee63a5d6f6fd6c6dc1acb5aab43583
SHA1 1bd6e01d4443b32204dde7626378a10b039ecc7a
SHA256 50e328e447496dac449e886619f978b8ff153bcdec0614b94f1cdfd4632939c3
SHA512 b855c2b22ca17fef385ddd9e98102b7d3207ebe5a0fdf88828ccf622ceafad2d66a34a6714c40c5779320c304171b79ec70b377e87ab40bd9805996eee7896d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8ed6697a-c1a7-4a7d-9bdf-5c34c6148948\index-dir\the-real-index~RFe58174c.TMP

MD5 c3f4923e5b00d8150f3e23694bdf0ad6
SHA1 6226f82c28fb4203f45d46660341d00dbd7cd772
SHA256 ee7a5c1aad6c2bbe0eb8587c7239eb2260addb6c28d95a9fd4ead222d6d045bf
SHA512 481bf0af313fbd4a32d78057975edb70926cf7d5a045efa075d462dc321aba80b20c1baeec37216701bc74df977f565fffde9aec712396dc6b92a6bd9c708f42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ba50293fc8606f9331d7908ae0d3e1cb
SHA1 98b66a1610de5101ff9930d6d69c4bcbe1c8e31b
SHA256 fe5de9cd51e0be92314ef6d69df48310033b621660b18ca41b60cd0eea37bca6
SHA512 51aa7e6abe1a7cdb03a3987ae8f7b69449de4b90a811007bbede1ffac85c0acecadd888c8214051fd2fdc1d836a592b9625de81dcc1c2f479254570e45b100e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 6fb26b39d8dcf2f09ef8aebb8a5ffe23
SHA1 578cac24c947a6d24bc05a6aa305756dd70e9ac3
SHA256 774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059
SHA512 c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 a985559d0e66583398b6caec4cd6e214
SHA1 120fe1d4c52aeb22f3f3b74c26e9adfba2bd633a
SHA256 388f3a5b0ffc2fca8416b21c05e4aaff7dc1a1bbc2500e632d25264275a38b99
SHA512 116c272578cc199d0210ba6cfc00f7c348e52c68019526ff7f09941cae6ee3ab25c338e3aa371f8e10ff6259b8a7fa615a5747b51cd2cdc14abff660710abb12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6724df2e9581bbbdddd64032617e88db
SHA1 f6f7c49ef8d32f6f2b7f774198020e606f50d363
SHA256 0c48df143ed875fffe6483be8b2f5d290fd9a07cafe5a56db6368b6e35e9203f
SHA512 219c4e06f8e6fd1ef1d5c9ac4ca5bc6373be3df41e46d03a7bb19c05692f626a0689ec228feba36571d79754831a25213707e09f5381881c416a72174657412a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9dce1eb8508319441bc452dfb64975a9
SHA1 ed57fc736fe00614a4bf02388d1f3299e50d4d4a
SHA256 cad9b2bd1d1601eaf5c0dceb1496b6d9563dc6e7febe480ef017536fa423a0bc
SHA512 d3a26243623a38a0c7831698284c0ec821bb9131c928daa2a5a8362fced402a8f1b160c588745c65b0becafdbb56d892421e88363cb6a0f3f7a2190b17733279

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c24237ce2422215b5122d76e96bb7da6
SHA1 6c370115e93cd87cace5d003e1fd225f62383700
SHA256 39ed4a5c02c3371c7aaf1d78e8506ed39c4b4c2c1ca489d7cdf45dd1092ae6be
SHA512 0048a38bf9c797091eec0eb2bfd2ed3f3393987600aa70ba375fd11a5396bbdca0b88928764018565a9c25ff5f85cd3c126eccb93423dd1aac9bde7b775ec03c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

MD5 a1afe33ce7442502a96deee597945384
SHA1 fe34cd78635f5617cf238de6dc746058d6f88899
SHA256 f7eeb570c60aff1435db1daf3767c0672634269789870ef91c69b2b90a47edaa
SHA512 f8bca21c3fd79d63c8265f5dfcba95419eac697b42efb600e7c33d15dc5d9c3e0d0d360da39e14004facaea4cff4dcfc00d7437979283ce0a2b06916b69b8c80

memory/5572-1334-0x0000000000540000-0x0000000000864000-memory.dmp

C:\Users\Admin\AppData\Roaming\SubDir\javaupdatechecker.exe

MD5 043871ec404d967e3a8397f8cd99f25f
SHA1 4b194ffac71882497207a18ec8c86cc841907378
SHA256 5fd670ad5a0eb8939ab57b8c3801754b717c8b82b73a296ac6f2ffb8579786a7
SHA512 827f3005084872a69a928ad4d1983098768bc1182566fbc78fe692aea8ed655e60e446f0fbbf0cd045a5e5c3779319529551ae8f17a6ecc25984bde57deeb283

memory/5432-1341-0x000000001BE50000-0x000000001BEA0000-memory.dmp

memory/5432-1342-0x000000001BF60000-0x000000001C012000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 28cf5fc1145d3786a05fd2f1214a73a8
SHA1 9725e5606c71c73be878a42796633e693179e31e
SHA256 1bf9ccfb685fc47019c3fd53d0bb6ab4f53c12989994a7fa48e56c2aaaba53d1
SHA512 b1dd8d827c3a8bf22c86b5be3b80c2b8ab4ff72919d293bef2c2b1be483d4bdf13ccfd2682dda74f74286893364c81f0fab895832ea47d16823d407598124dbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2ea7df73c5adf11afe804b6918b5d177
SHA1 d74dae916b3ac113c1ed9b1ad85a271e10041bf8
SHA256 5faba62495c87695b0896cdf91f2e852c1bbcd57dfd2050830ef17c2071feba9
SHA512 dd4b27ceeea61694f483c8223830370908069827be8b3864c3b41643f98fc7af7a40ede8f98b4f385e64115a9472fa3edebfb90cb350be07c8fe6a9aedbaa766

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ezRip.exe.log

MD5 baf55b95da4a601229647f25dad12878
SHA1 abc16954ebfd213733c4493fc1910164d825cac8
SHA256 ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA512 24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3928bd61622f338d178de26c40ddfa83
SHA1 3cb2d29e9da374f5cfa124bd5bd18f380e78e15d
SHA256 836364b5564e9519f32c5d417c1cb72c73b21875c16d9b3a3dabb1de87c44db6
SHA512 fdafe00269b53c9c4482cedc554088d4cc502715b3dd483a3fecfeeea001d68b089bcd7087352c280206cf3f7a466be8791e949851dda72c4cc1f2768c3b1de8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 19710f98deba17d0580fc54c3f20a12d
SHA1 85e119e0a29c2242b927512433b719548c498e0c
SHA256 3f51a177c7473c3c014512764d3273dfa20f26c2b8ed39566f1edb98ff0c2a07
SHA512 47c032bcfcdee1e75dfe8be7c776ad157923e405b945f21bb597257a207709ca15ce4f5f548f425cae5cdcdce659d6dc2b3b9c8d26ccd715e7392bf7b69318ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0d8a427ba0f10c3094ae412b211cfaa1
SHA1 b046188abdf592e5b6c35830008999e0187d177b
SHA256 b7cdc953b4d6c1e2c27b40bfd6f35e4701932c59976700db340ce588c935fe6a
SHA512 e632a1ca35c607c7b35ecee1a1be62e35b6512aca22f71e9dc5153ef0557c037d7c5303576dd47aa612b93aeee7b1740f6c07edb76726357726ab8720b8c224e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 db2e119c258442e572804a7a60e50eb0
SHA1 7e2a5957f5d8a4bbec16a6bbd6a3b2a102afc6a7
SHA256 35f05b5fa0bacdb4a0bec4da9f8cff4209bd1b191455bd6c5da973527cf4ee28
SHA512 c5b87604975eab219af0ddc90b7b4e964abdf4b20247e92ec7532b1ba28cd05d728af0e82c3e63380f4b2a2b275a084f92ccb962569b6f26943ccf76132d63f7