Analysis Overview
SHA256
5b6439523658efc8db954fa38b37ac1a5f145eaecbb45feecec21363c602dabf
Threat Level: Known bad
The file Aquatic V4.rar was found to be: Known bad.
Malicious Activity Summary
Crealstealer family
An infostealer written in Python and packaged with PyInstaller.
Executes dropped EXE
Drops startup file
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Detects Pyinstaller
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Enumerates processes with tasklist
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-02 01:26
Signatures
An infostealer written in Python and packaged with PyInstaller.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Crealstealer family
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-02 01:26
Reported
2024-02-02 01:29
Platform
win10v2004-20231215-en
Max time kernel
142s
Max time network
150s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Creal.pyc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-02 01:26
Reported
2024-02-02 01:29
Platform
win10v2004-20231215-en
Max time kernel
120s
Max time network
123s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Aquatic V4.exe | C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Aquatic V4.exe | C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe
"C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe"
C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe
"C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd584046f8,0x7ffd58404708,0x7ffd58404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8208 /prefetch:1
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Aquatic V4.rar"
C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe
"C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe"
C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe
"C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic Info.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 64.185.227.156:443 | api.ipify.org | tcp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | geolocation-db.com | udp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 8.8.8.8:53 | store8.gofile.io | udp |
| US | 206.168.191.31:443 | store8.gofile.io | tcp |
| US | 8.8.8.8:53 | 156.227.185.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.66.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 31.191.168.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.102.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 64.185.227.156:443 | api.ipify.org | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store9.gofile.io | udp |
| US | 206.168.190.239:443 | store9.gofile.io | tcp |
| US | 8.8.8.8:53 | 239.190.168.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 64.185.227.156:443 | api.ipify.org | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 64.185.227.156:443 | api.ipify.org | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 167.128.123.92.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | easyupload.io | udp |
| US | 172.67.71.25:80 | easyupload.io | tcp |
| US | 172.67.71.25:80 | easyupload.io | tcp |
| US | 172.67.71.25:443 | easyupload.io | tcp |
| US | 8.8.8.8:53 | 25.71.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.57.101:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | cnt.trvdp.com | udp |
| BE | 13.225.239.77:443 | cnt.trvdp.com | tcp |
| BE | 13.225.239.77:443 | cnt.trvdp.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | cdn.adapex.io | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.66:443 | securepubads.g.doubleclick.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.21.234.177:443 | cdn.adapex.io | tcp |
| FR | 142.250.74.228:443 | www.google.com | tcp |
| BE | 74.125.206.154:443 | stats.g.doubleclick.net | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| FR | 142.250.179.66:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 101.57.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.234.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| FR | 172.217.18.206:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | ssc.33across.com | udp |
| US | 8.8.8.8:53 | prebid.adnxs.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cat.hbwrapper.com | udp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | p2.gcprivacy.com | udp |
| US | 8.8.8.8:53 | cloudflare.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 34.149.20.76:443 | ssc.33across.com | tcp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 192.241.157.60:443 | cat.hbwrapper.com | tcp |
| US | 192.241.157.60:443 | cat.hbwrapper.com | tcp |
| IE | 54.229.26.69:443 | g2.gumgum.com | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 3.216.69.133:443 | p2.gcprivacy.com | tcp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 104.16.133.229:443 | cloudflare.com | tcp |
| BE | 13.225.21.72:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | grid.bidswitch.net | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | targeting.unrulymedia.com | udp |
| IE | 54.171.53.169:443 | ads.yieldmo.com | tcp |
| US | 172.67.10.198:443 | prebid.smilewanted.com | tcp |
| DE | 35.157.111.144:443 | btlr.sharethrough.com | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| NL | 213.19.162.31:443 | fastlane.rubiconproject.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| IE | 34.246.66.7:443 | ice.360yield.com | tcp |
| NL | 35.214.184.7:443 | grid.bidswitch.net | tcp |
| NL | 185.89.211.116:443 | ib.adnxs.com | tcp |
| FR | 172.217.18.206:443 | fundingchoicesmessages.google.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| BE | 13.225.239.28:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| DE | 91.228.74.159:443 | secure.quantserve.com | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| BE | 13.225.239.28:443 | tags.crwdcntrl.net | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| GB | 2.19.152.155:443 | secure.cdn.fastclick.net | tcp |
| GB | 2.19.152.155:443 | secure.cdn.fastclick.net | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| BE | 13.225.239.8:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| IE | 34.252.106.18:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 206.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.208.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.26.229.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.20.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.133.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.21.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.69.216.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.157.241.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.10.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.50.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.53.171.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.111.157.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.184.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.66.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.86.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.36.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.152.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| NL | 89.207.16.210:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| US | 172.67.71.25:443 | easyupload.io | tcp |
| US | 8.8.8.8:53 | stg.truvidplayer.com | udp |
| BE | 13.225.239.33:443 | stg.truvidplayer.com | tcp |
| BE | 13.225.239.33:443 | stg.truvidplayer.com | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.200:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | 8.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.106.252.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.trvdp.com | udp |
| IE | 18.66.171.81:443 | s.trvdp.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | rt.ad-score.com | udp |
| US | 35.208.216.174:443 | rt.ad-score.com | tcp |
| US | 35.208.216.174:443 | rt.ad-score.com | tcp |
| US | 8.8.8.8:53 | 81.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.216.208.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| BE | 13.225.21.20:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| NL | 185.89.211.116:443 | ib.adnxs.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 185.89.211.116:443 | ib.adnxs.com | tcp |
| NL | 35.214.184.7:443 | grid.bidswitch.net | tcp |
| US | 8.8.8.8:53 | p.gcprivacy.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| IE | 54.171.53.169:443 | ads.yieldmo.com | tcp |
| NL | 185.89.211.116:443 | ib.adnxs.com | tcp |
| NL | 213.19.162.31:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pbs.optidigital.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 213.19.162.31:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.31:443 | fastlane.rubiconproject.com | tcp |
| IE | 54.229.26.69:443 | g2.gumgum.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| IE | 108.129.62.164:443 | ad.360yield.com | tcp |
| BE | 13.225.239.108:443 | p.gcprivacy.com | tcp |
| US | 34.160.72.119:443 | pbs.optidigital.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | 20.21.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.72.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.62.129.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aggle.net | udp |
| US | 3.33.163.81:443 | aggle.net | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 8.8.8.8:53 | 37daf7f5ea6fb537cfe135907a35e2fe.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | at.teads.tv | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| FR | 172.217.20.193:443 | 37daf7f5ea6fb537cfe135907a35e2fe.safeframe.googlesyndication.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| IE | 52.94.223.37:443 | aax-eu.amazon-adsystem.com | tcp |
| GB | 2.17.149.102:443 | at.teads.tv | tcp |
| NL | 131.153.158.209:443 | id.a-mx.com | tcp |
| US | 34.194.87.253:443 | idx.liadm.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| IE | 99.80.224.8:443 | id.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | scripts.opti-digital.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | cdn.adnxs.com | udp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| US | 8.8.8.8:53 | adsdk.microsoft.com | udp |
| GB | 92.123.242.2:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | dcdn.adnxs.com | udp |
| US | 151.101.1.108:443 | dcdn.adnxs.com | tcp |
| US | 13.107.246.64:443 | adsdk.microsoft.com | tcp |
| FR | 172.217.20.194:443 | www.googletagservices.com | tcp |
| US | 151.101.1.108:443 | dcdn.adnxs.com | tcp |
| US | 104.18.3.52:443 | scripts.opti-digital.com | tcp |
| GB | 96.16.108.246:443 | acdn.adnxs.com | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| FR | 142.250.74.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | a.usbrowserspeed.com | udp |
| US | 8.8.8.8:53 | pxdrop.lijit.com | udp |
| GB | 2.18.63.39:443 | pxdrop.lijit.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 54.200.128.140:443 | a.usbrowserspeed.com | tcp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.163.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.149.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.223.94.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.158.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.224.80.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.87.194.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 54.200.128.140:443 | a.usbrowserspeed.com | tcp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.242.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.3.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.108.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | choices.trustarc.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| BE | 13.225.239.95:443 | choices.trustarc.com | tcp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 39.63.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.128.200.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 8.8.8.8:53 | eu4.easyupload.io | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| US | 64.185.227.156:443 | api.ipify.org | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 8.8.8.8:53 | store3.gofile.io | udp |
| US | 136.175.10.233:443 | store3.gofile.io | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 233.10.175.136.in-addr.arpa | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 64.185.227.156:443 | api.ipify.org | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| US | 136.175.10.233:443 | store3.gofile.io | tcp |
| US | 64.185.227.156:443 | api.ipify.org | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 64.185.227.156:443 | api.ipify.org | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI8722\python312.dll
| MD5 | 34fdfc42794461d907ae8ea3be824837 |
| SHA1 | 7cd9ef7fe3d44cc88ad08c2fecd5ceb4c9930355 |
| SHA256 | 4f628c529c50d57dac99b9c72f6a234ae4d05c77104834d7a3652a682423654f |
| SHA512 | 67666913604485a2c901f5c52d5e463010474ccd6051ea4dab2efbed11b598843c954f401bd4933670372b12b91919dbc373294a989f0bb7466cc1980882c92b |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\python312.dll
| MD5 | 21f2d810634655739ad3dbec22c79250 |
| SHA1 | 9a892f2653eaaf403ad996ada53b5cd09a493ebc |
| SHA256 | afc315a9c9b1149f94dcd1a526aa497c4f455a6e1bbc597f13eca25c3699be81 |
| SHA512 | bc9c313da59770687689696337c30210c418b312a9a951d12d427389d621db29df7d35cfb9576dd804a6f807a19c2f66e5a1506c49124102bf0594c679c2b5fb |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\VCRUNTIME140.dll
| MD5 | 4585a96cc4eef6aafd5e27ea09147dc6 |
| SHA1 | 489cfff1b19abbec98fda26ac8958005e88dd0cb |
| SHA256 | a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736 |
| SHA512 | d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\base_library.zip
| MD5 | f13488d88c3b2351a4b7dae10ab214a0 |
| SHA1 | c91226791bf6f017aa2761eefd713926de0c17f1 |
| SHA256 | 40965355dd7f81dff766d1034273cefd39d29130491b94e58b6bb31391e260da |
| SHA512 | 9cbc0cd8b457e985200c7931cf5af6ad644d845f55af303cb1320dc98d83b1094aff6d96329a743ac93b8a43f9092d9534044fd5cdd137c3c3a193eebc0b98ae |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\python3.DLL
| MD5 | 77896345d4e1c406eeff011f7a920873 |
| SHA1 | ee8cdd531418cfd05c1a6792382d895ac347216f |
| SHA256 | 1e9224ba7190b6301ef47befa8e383d0c55700255d04a36f7dac88ea9573f2fb |
| SHA512 | 3e98b1b605d70244b42a13a219f9e124944da199a88ad4302308c801685b0c45a037a76ded319d08dbf55639591404665befe2091f0f4206a9472fee58d55c22 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\_lzma.pyd
| MD5 | 4e2239ece266230ecb231b306adde070 |
| SHA1 | e807a078b71c660db10a27315e761872ffd01443 |
| SHA256 | 34130d8abe27586ee315262d69af4e27429b7eab1f3131ea375c2bb62cf094be |
| SHA512 | 86e6a1eab3529e600dd5caab6103e34b0f618d67322a5ecf1b80839faa028150c492a5cf865a2292cc8584fba008955da81a50b92301583424401d249c5f1401 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\unicodedata.pyd
| MD5 | 0b84afa280b0ad07a50d9a60eb1173de |
| SHA1 | 71cd49da44c470d27c7b7dab0786ab1441ca5a06 |
| SHA256 | f4973bf1f0ee4537d368dd1f6fd2d0394064b944649e005d31c8cbf4a8181eef |
| SHA512 | 3960bab4df184be703575dc4126980ac83794ebc3ede54b3243a859a0af58e7c610a9bf430efe07e65c2b27ba2d818c88fdd0b3c79eb9b487bf2eeb80c4d24eb |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\sqlite3.dll
| MD5 | 5b2119475686252815b8b8075a3b7deb |
| SHA1 | 93146887d82839581c8399dd1254ed154b4b3dc1 |
| SHA256 | 3a876916658576a0b4b974a91d5cb17c36a89e6ac76ca39ff13e2fb4cec31c49 |
| SHA512 | 2086eba84d149464cc1737087af5a6cd07d0e41599a69baf18fe58774a2ea8996c9b351359a9c72e21ed12ace1710a3f599c98ab5b8c32107420bae2cde24395 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\_hashlib.pyd
| MD5 | f495d1897a1b52a2b15c20dcecb84b47 |
| SHA1 | 8cb65590a8815bda58c86613b6386b5982d9ec3f |
| SHA256 | e47e76d70d508b62924fe480f30e615b12fdd7745c0aac68a2cddabd07b692ae |
| SHA512 | 725d408892887bebd5bcf040a0ecc6a4e4b608815b9dea5b6f7b95c812715f82079896df33b0830c9f787ffe149b8182e529bb1f78aadd89df264cf8853ee4c4 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\_wmi.pyd
| MD5 | ee33f4c8d17d17ad62925e85097b0109 |
| SHA1 | 8c4a03531cf3dbfe6f378fdab9699d51e7888796 |
| SHA256 | 79adca5037d9145309d3bd19f7a26f7bb7da716ee86e01073c6f2a9681e33dad |
| SHA512 | 60b0705a371ad2985db54a91f0e904eea502108663ea3c3fb18ed54671be1932f4f03e8e3fd687a857a5e3500545377b036276c69e821a7d6116b327f5b3d5c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\_uuid.pyd
| MD5 | 3c8737723a903b08d5d718336900fd8c |
| SHA1 | 2ad2d0d50f6b52291e59503222b665b1823b0838 |
| SHA256 | bb418e91e543c998d11f9e65fd2a4899b09407ff386e059a88fe2a16aed2556b |
| SHA512 | 1d974ec1c96e884f30f4925cc9a03fb5af78687a267dec0d1582b5d7561d251fb733cf733e0cc00faee86f0fef6f73d36a348f3461c6d34b0238a75f69320d10 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\libcrypto-3.dll
| MD5 | 40957e0a366203fbf3c4b7de84598803 |
| SHA1 | 5081e9b17d44a337a2a08aee9d8895f967e99d2c |
| SHA256 | a6822c1e84697e67e61a5c4b1ccac2a7a0805a2eb44f81995372847a7dd972be |
| SHA512 | 358d41cf5f895c8bebe0bd3241dca0f579b4276049c30de5d55521f883d1e7f76a80639e11c62a17017334b52e09e59b9b355837198dbd8a79525579221a7f3f |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\_ssl.pyd
| MD5 | 9b4e74fd1de0f8a197e4aa1e16749186 |
| SHA1 | 833179b49eb27c9474b5189f59ed7ecf0e6dc9ea |
| SHA256 | a4ce52a9e0daddbbe7a539d1a7eda787494f2173ddcc92a3faf43b7cf597452b |
| SHA512 | ae72b39cb47a859d07a1ee3e73de655678fe809c5c17ffd90797b5985924ddb47ceb5ebe896e50216fb445526c4cbb95e276e5f3810035b50e4604363eb61cd4 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\select.pyd
| MD5 | bffff83a000baf559f3eb2b599a1b7e8 |
| SHA1 | 7f9238bda6d0c7cc5399c6b6ab3b42d21053f467 |
| SHA256 | bc71fbdfd1441d62dd86d33ff41b35dc3cc34875f625d885c58c8dc000064dab |
| SHA512 | 3c0ba0cf356a727066ae0d0d6523440a882aafb3ebdf70117993effd61395deebf179948f8c7f5222d59d1ed748c71d9d53782e16bd2f2eccc296f2f8b4fc948 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\_socket.pyd
| MD5 | 899380b2d48df53414b974e11bb711e3 |
| SHA1 | f1d11f7e970a7cd476e739243f8f197fcb3ad590 |
| SHA256 | b38e66e6ee413e5955ef03d619cadd40fca8be035b43093d2342b6f3739e883e |
| SHA512 | 7426ca5e7a404b9628e2966dae544f3e8310c697145567b361825dc0b5c6cd87f2caf567def8cd19e73d68643f2f38c08ff4ff0bb0a459c853f241b8fdf40024 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\_queue.pyd
| MD5 | 6e00e0821bb519333ccfd4e61a83cb38 |
| SHA1 | 3550a41bb2ea54f456940c4d1940acab36815949 |
| SHA256 | 2ad02d49691a629f038f48fcdee46a07c4fcc2cb0620086e7b09ac11915ae6b7 |
| SHA512 | c3f8332c10b58f30e292676b48ecf1860c5ef9546367b87e90789f960c91eae4d462dd3ee9cb14f603b9086e81b6701aab56da5b635b22db1e758ed0a983e562 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\_sqlite3.pyd
| MD5 | cee93c920951c1169b615cb6330cedda |
| SHA1 | ef2abf9f760db2de0bd92afe8766a0b798cf8167 |
| SHA256 | ff25bdbeef34d2aa420a79d3666c2660e7e3e96259d1f450f1af5268553380ec |
| SHA512 | 999d324448bb39793e4807432c697f01f8922b0aba4519a21d5dc4f4fc8e9e4737d7e104b205b931af753eda65f61d0c744f12be84446f9c6cb3c2a5b35b773c |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\_overlapped.pyd
| MD5 | f9c67280538408411be9a7341b93b5b0 |
| SHA1 | ccf776cd2483bc83b48b1db322d7b6fcab48356e |
| SHA256 | 5d298bb811037b583cff6c88531f1742fae5eee47c290adb47ddbd0d6126b9cc |
| SHA512 | af2156738893ef504d582ace6750b25bc42ad1ec8a92e0550ce54810706d854f37a82f38eb965a537cad5d35c0178c5eb7b4d20db2a95bebfecf9a13c0592646 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\_asyncio.pyd
| MD5 | 2cd68ff636394d3019411611e27d0a3b |
| SHA1 | da369c5d1a32f68639170d8a265a9ea49c2c8ebd |
| SHA256 | 0d4fbd46f922e548060ea74c95e99dc5f19b1df69be17706806760515c1c64fe |
| SHA512 | 37388d137454f52057b2376d95abcc955fa1edc3e20b96445fa45d1860544e811df0c547f221c8671dc1a4d90262bb20f3b9f114252f3c47a8c3829951a2ce51 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\pyexpat.pyd
| MD5 | f554064233c082f98ef01195693d967d |
| SHA1 | f191d42807867e0174ddc66d04c45250d9f6561e |
| SHA256 | e1d56ffbf5e5fab481d7a14691481b8ff5d2f4c6bf5d1a4664c832756c5942fe |
| SHA512 | 3573a226305cec45333fc4d0e6fc0c3357421ad77cd8a1899c90515994351292ee5d1c445412b5563aa02520736e870a9ee879909cd992f5be32e877792bdb88 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\sqlite3.dll
| MD5 | 392243740093a8871d592cd88d28fadf |
| SHA1 | 34372ec88a0999f2e58843a43b3f18e2b462dabb |
| SHA256 | f37bba355938378d5c6329198934c9673f9644e229bbd41d09fe59b2bfa6690f |
| SHA512 | cf1de9519c7756b7647f3fb35824ed4f5f2cabc7fb3d86208a645aa02d5f61177d9c8ac5382ff92c5968a7b1a2f5e16125de954d0a5e50747ebf837a0d9eb513 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\charset_normalizer\md__mypyc.cp312-win_amd64.pyd
| MD5 | bf9a9da1cf3c98346002648c3eae6dcf |
| SHA1 | db16c09fdc1722631a7a9c465bfe173d94eb5d8b |
| SHA256 | 4107b1d6f11d842074a9f21323290bbe97e8eed4aa778fbc348ee09cc4fa4637 |
| SHA512 | 7371407d12e632fc8fb031393838d36e6a1fe1e978ced36ff750d84e183cde6dd20f75074f4597742c9f8d6f87af12794c589d596a81b920c6c62ee2ba2e5654 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\unicodedata.pyd
| MD5 | f865f3084ad99685b4755b38ee79a708 |
| SHA1 | aa08e3f340d4ca526347f706b3c679417e4adabe |
| SHA256 | 8b3dae98accb9fd773bc59848c6ebcd4d1723eaef817b26321282cd78ad3c9b9 |
| SHA512 | 36beb838a9115ea978081193ed4df120c796f8f683fc79235df15515ddd49340180e747a645e7e21887e7bfc40d03e8309b95f50cdd87b1097bf98ce49ecb39f |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\Crypto\Cipher\_raw_ecb.pyd
| MD5 | dedae3efda452bab95f69cae7aebb409 |
| SHA1 | 520f3d02693d7013ea60d51a605212efed9ca46b |
| SHA256 | 6248fdf98f949d87d52232ddf61fada5ef02cd3e404bb222d7541a84a3b07b8a |
| SHA512 | 8c1cab8f34de2623a42f0750f182b6b9a7e2affa2667912b3660af620c7d9ad3bd5b46867b3c2d50c0cae2a1bc03d03e20e4020b7ba0f313b6a599726f022c6c |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\Crypto\Cipher\_raw_cbc.pyd
| MD5 | 0c46d7b7cd00b3d474417de5d6229c41 |
| SHA1 | 825bdb1ea8bbfe7de69487b76abb36196b5fdac0 |
| SHA256 | 9d0a5c9813ad6ba129cafef815741636336eb9426ac4204de7bc0471f7b006e1 |
| SHA512 | d81b17b100a052899d1fd4f8cea1b1919f907daa52f1bad8dc8e3f5afc230a5bca465bbac2e45960e7f8072e51fdd86c00416d06cf2a1f07db5ad8a4e3930864 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\Crypto\Cipher\_raw_ctr.pyd
| MD5 | a34f499ee5f1b69fc4fed692a5afd3d6 |
| SHA1 | 6a37a35d4f5f772dab18e1c2a51be756df16319a |
| SHA256 | 4f74bcf6cc81bac37ea24cb1ef0b17f26b23edb77f605531857eaa7b07d6c8b2 |
| SHA512 | 301f7c31dee8ff65bb11196f255122e47f3f1b6b592c86b6ec51ab7d9ac8926fecfbe274679ad4f383199378e47482b2db707e09d73692bee5e4ec79c244e3a8 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\Crypto\Cipher\_raw_ofb.pyd
| MD5 | a13584f663393f382c6d8d5c0023bc80 |
| SHA1 | d324d5fbd7a5dba27aa9b0bdb5c2aebff17b55b1 |
| SHA256 | 13c34a25d10c42c6a12d214b2d027e5dc4ae7253b83f21fd70a091fedac1e049 |
| SHA512 | 14e4a6f2959bd68f441aa02a4e374740b1657ab1308783a34d588717f637611724bc90a73c80fc6b47bc48dafb15cf2399dc7020515848f51072f29e4a8b4451 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\Crypto\Cipher\_raw_cfb.pyd
| MD5 | 3142c93a6d9393f071ab489478e16b86 |
| SHA1 | 4fe99c817ed3bcc7708a6631f100862ebda2b33d |
| SHA256 | 5ea310e0f85316c8981ed6293086a952fa91a6d12ca3f8af9581521ee2b15586 |
| SHA512 | dcafec54bd9f9f42042e6fa4ac5ed53feb6cf8d56ada6a1787cafc3736aa72f14912bbd1b27d0af87e79a6d406b0326602ecd1ad394acdc6275aed4c41cdb9ef |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\charset_normalizer\md.cp312-win_amd64.pyd
| MD5 | d9e0217a89d9b9d1d778f7e197e0c191 |
| SHA1 | ec692661fcc0b89e0c3bde1773a6168d285b4f0d |
| SHA256 | ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0 |
| SHA512 | 3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\libssl-3.dll
| MD5 | 9486df377c51defe65f72b7c7f799b44 |
| SHA1 | f26ee8538d26620e4d8a2e1f4bd4e7d4219ccb65 |
| SHA256 | 26a61333787b854d30ff14e362c7508a72dd10f2c3abbb73e910112c1a67e1ab |
| SHA512 | eaab70f2402a8d8c8f13d945e59c6becb470422645ce027f6b666d50a4117d891e3363a1ed59026b2fcd1fde6ade9e8ea1e6f6cd0dd7e6cb87af403f438d892c |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\_multiprocessing.pyd
| MD5 | 811bcee2f4246265898167b103fc699b |
| SHA1 | ae3de8acba56cde71001d3796a48730e1b9c7cce |
| SHA256 | fb69005b972dc3703f9ef42e8e0fddf8c835cb91f57ef9b6c66bbdf978c00a8c |
| SHA512 | 1f71e23ce4b6bc35fe772542d7845dcbea2a34522ba0468b61cb05f9abab7732cbf524bcff498d1bd0b13b5e8a45c373cca19ad20e5370f17259e281edf344be |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\_decimal.pyd
| MD5 | 21c73e7e0d7dad7a1fe728e3b80ce073 |
| SHA1 | 7b363af01e83c05d0ea75299b39c31d948bbfe01 |
| SHA256 | a28c543976aa4b6d37da6f94a280d72124b429f458d0d57b7dbcf71b4bea8f73 |
| SHA512 | 0357102bffc2ec2bc6ff4d9956d6b8e77ed8558402609e558f1c1ebc1baca6aeaa5220a7781a69b783a54f3e76362d1f74d817e4ee22aac16c7f8c86b6122390 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\_cffi_backend.cp312-win_amd64.pyd
| MD5 | 0572b13646141d0b1a5718e35549577c |
| SHA1 | eeb40363c1f456c1c612d3c7e4923210eae4cdf7 |
| SHA256 | d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7 |
| SHA512 | 67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\VCRUNTIME140_1.dll
| MD5 | 7e668ab8a78bd0118b94978d154c85bc |
| SHA1 | dbac42a02a8d50639805174afd21d45f3c56e3a0 |
| SHA256 | e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f |
| SHA512 | 72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\libssl-3.dll
| MD5 | 698872e3b91237f147975cc73594c90f |
| SHA1 | 21afcee241cabdf84c963a349cfe4aa466e5118b |
| SHA256 | 66609b222109f89a684a6bda4e7d93ca397e5ea4958ae4eaf024a5a4686ed427 |
| SHA512 | be9a50f049f9d70b7764757e6b545d9c52cca1dfda4c3faf1cf5d7454efd478b931a9cea82f358fe9097f9384d5f1d617214c816f1fc4fb2b00516e397ca05b0 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\libcrypto-3.dll
| MD5 | d6739900d5412909b39c4da85e33194c |
| SHA1 | 9ad87721202aea6311f9698ca10a9a106bfd1266 |
| SHA256 | bc881265f3f6171ffa054c491099f77a8a09e674ce0e4f2631612991d2990bec |
| SHA512 | 7d57ea197a7624a13ec198d4b89e96bb67bcfe92d4693031e1f89fdd4bd30ee2be63831f02717513cb6bdbcf3eb694ac4d622202846a4c68f58c28b82c87f55d |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\_bz2.pyd
| MD5 | c7ce973f261f698e3db148ccad057c96 |
| SHA1 | 59809fd48e8597a73211c5df64c7292c5d120a10 |
| SHA256 | 02d772c03704fe243c8de2672c210a5804d075c1f75e738d6130a173d08dfcde |
| SHA512 | a924750b1825747a622eef93331fd764d824c954297e37e8dc93a450c11aa7ab3ad7c3b823b11656b86e64de3cd5d409fda15db472488dfaa4bb50341f0b29d1 |
C:\Users\Admin\AppData\Local\Temp\_MEI8722\_ctypes.pyd
| MD5 | 10fdcf63d1c3c3b7e5861fbb04d64557 |
| SHA1 | 1aa153efec4f583643046618b60e495b6e03b3d7 |
| SHA256 | bc3b83d2dc9e2f0e6386ed952384c6cf48f6eed51129a50dfd5ef6cbbc0a8fb3 |
| SHA512 | dc702f4100ed835e198507cd06fa5389a063d4600fc08be780690d729ab62114fd5e5b201d511b5832c14e90a5975ed574fc96edb5a9ab9eb83f607c7a712c7f |
C:\Users\Admin\AppData\Local\Temp\crcook.txt
| MD5 | 155ea3c94a04ceab8bd7480f9205257d |
| SHA1 | b46bbbb64b3df5322dd81613e7fa14426816b1c1 |
| SHA256 | 445e2bcecaa0d8d427b87e17e7e53581d172af1b9674cf1a33dbe1014732108b |
| SHA512 | 3d47449da7c91fe279217a946d2f86e5d95d396f53b55607ec8aca7e9aa545cfaf9cb97914b643a5d8a91944570f9237e18eecec0f1526735be6ceee45ecba05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bcaf436ee5fed204f08c14d7517436eb |
| SHA1 | 637817252f1e2ab00275cd5b5a285a22980295ff |
| SHA256 | de776d807ae7f2e809af69746f85ea99e0771bbdaaed78a764a6035dabe7f120 |
| SHA512 | 7e6cf2fdffdcf444f6ef4a50a6f9ef1dfb853301467e3f4784c9ee905c3bf159dc3ee9145d77dbf72637d5b99242525eb951b91c020e5f4e5cfcfd965443258c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e012487bbfa4cc9cd3e9c54ead5ebe14 |
| SHA1 | 14a666f95c33b1f3db720ceb321bf74680ae32ae |
| SHA256 | 3766a42d7f28a8e25013f1db021b6aa22d022d3cf2ed3a504c64e8c7db6e3ca7 |
| SHA512 | 8cdadecb43cfeb05e25afc3a5d3b6e24bbef32d1bd175b4befdf8ae6f206c61c551d6c1646e8cdfdf88d1f216b34ff5a3a2a75da30f33b9fbb460709fd3705ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a840845cb2776ebaeacc6375a8735e73 |
| SHA1 | 3448aeb84849095ff0a824bc9759e8679f65fa3d |
| SHA256 | 2220433543c1633359e73fc29d074ad2970d607ae123ff0b385a3d31d756dd51 |
| SHA512 | dd7610ef7387b10deb8e1e2db06f44eea0547aa1f1a9fa8f8c43e3cbb8bffd788ca13d874572c4717261e20b8afb52c1e749fc8f8361c7447daa7f1a79b9a98a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6515b1ff9737929b87c36436afa58987 |
| SHA1 | bbf648d65eeb309db97b9d108301e59246aad189 |
| SHA256 | be088fe60058538b61307c54847adb6518b9ee8132f33c57b310adb95cd3ce5e |
| SHA512 | 53a0c6fdf13e18d969f842b1efeb274376372525f1fd3ad1870a297f7724c03b62c180139c12ff8f3b2429d9b51547bae80e7be06f6e15e59ba2fabe8acbb247 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | b0ba6f0eee8f998b4d78bc4934f5fd17 |
| SHA1 | 589653d624de363d3e8869c169441b143c1f39ad |
| SHA256 | 4b5ee509e727accbd11493dda2c1d512e7dbfaff66c4f5f7ea9c2d2ccd06151f |
| SHA512 | e9a165da246c6b80fc38431538203cf03f95794184ff63f00c9500f8919a2028b803f64b670e685185eed72df0509e3185c9b434fdbf2bc7af36021d46bd08d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ba5da1cf822ce1762dd86c6ed982000c |
| SHA1 | 7aac4d9206e7d6841cccb5963d92df7f2f123c20 |
| SHA256 | ad25b22380af5b7e8a4d5a7862f85e19c120cd39873146878ecc760c2a2cc280 |
| SHA512 | f966a30d9b2c517ec0bcf94f1b0dda32e3e51776643f232fc94789bb0fcf5fbbe7add0c501149765f9c59677944eb5aaeef88c0fdb8d886536def4425751bf35 |
C:\Users\Admin\Downloads\Unconfirmed 883868.crdownload
| MD5 | bbc1fb978b2374a52fbb4ef5e6cd62d2 |
| SHA1 | 872327e493bf98f30b28105e2d61f14a1ed7593d |
| SHA256 | 48f43128bbbda8ca3692c33a67d910202aaeb41ce728089d6ca8bfb20968d33d |
| SHA512 | 7144cb56147102b73bd72f49422a98abc795cf5291daa84707b3bf3aaa72ce0a480f7753f4447d51b77e61f5d00ee9162dcc9250943cd4c8d42724f12ae37321 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6843fc479675153ca8f6ab17eb10bae2 |
| SHA1 | 47634e79591f04181791422e7783fcaadb19ba7e |
| SHA256 | bf5d11438eebd66d6165f51cc68e9565036da22416342792c798f95cc599621c |
| SHA512 | 6fdf8e7589dfb73eabee67fa7c7b0e1f9a6a2efa62f3bf60e9eb14a2820f8eeaff863f91565ec1dd703c8c34b1eeb19f11088fec06cbd4daad484871b48a6e4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5f98ae2d6b0f43044154ec2becd12192 |
| SHA1 | ae80ec5ac0d8dbe786d8793de73177f171f60084 |
| SHA256 | b3ef31c77b72df3b1ae4f7ba2bb4f8b7f0392f6d7c614a139ea8bf2ca11e8f17 |
| SHA512 | 0ff906996a8949602ce483974694ddd1956bbf9625d6c2ed053ebd72d1391bec6b28666c4672362e49d77406fad3d7121e1ac3d0676b68d4ac4472638fb82fc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 32cb38791c073f64a047fc70f0fa4213 |
| SHA1 | a318731036744c03efe2905952e5826809a454aa |
| SHA256 | 8f030a5831420f4219e945e1e723bafa3e1feb7d4686530823b76fa84620513b |
| SHA512 | 7032328cf0e348e51e78664700103caa0b842c2a09e32054cc712affa68c7f831c7be836e7c50be081e71c2752e69f872374b4f34f5295a2cde362833d0d19eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aaab4995b0d9ca1a60ab491b1c0822e6 |
| SHA1 | 861e0de9efc7d2a841cb7c12d12e6460f4a65dd2 |
| SHA256 | 055b651edd1f096b4b8d0443a50b4c4cb18b6a4aa7dc2406dcc10f2deb4b38b8 |
| SHA512 | 0d8f2e35c31600083a31cf6ba02c2e5cf14233568ff66f8492146e82823beb4ad1abb16a9786a63a4accdf90db1bb82dc21fc5f9a505b71a1c1ee1c3f28d75c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 024263389e154e588fe3480ccbfe8723 |
| SHA1 | 7441ec4cdd52181aaf8ee110440c19cd2a816a7f |
| SHA256 | e949e5a146741de80f7a5d9f4d013fa18320c218691041f3a738d148fae325a0 |
| SHA512 | 0384aedfefef579d83a2121c1190f0f7132be09b596bc9419a7de6a0b7b4d4c206c0588488de68fe6f7ebc8cf90e139cad475437ddb385b989bb1cccf70937b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 12c7a0d90fafd1160c5033aedc052a00 |
| SHA1 | 5e09e713184edd80fe6e818d1c42e874e5f06fe8 |
| SHA256 | 9e7674027357242d90204662023713a61855589a1f34d65d43a8908f93a6937e |
| SHA512 | def4536898b47718c3b6c477da0035bbe1685fad69508e05b867736393b725e2442ba4b16701aed2342cc06b7b032c3118bdb54e7261ec4edc0b0029f93a582b |