Malware Analysis Report

2024-10-24 17:05

Sample ID 240202-btgzxachhn
Target Aquatic V4.rar
SHA256 5b6439523658efc8db954fa38b37ac1a5f145eaecbb45feecec21363c602dabf
Tags
pyinstaller crealstealer spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5b6439523658efc8db954fa38b37ac1a5f145eaecbb45feecec21363c602dabf

Threat Level: Known bad

The file Aquatic V4.rar was found to be: Known bad.

Malicious Activity Summary

pyinstaller crealstealer spyware stealer

Crealstealer family

An infostealer written in Python and packaged with PyInstaller.

Executes dropped EXE

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Detects Pyinstaller

Unsigned PE

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Enumerates processes with tasklist

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-02 01:26

Signatures

An infostealer written in Python and packaged with PyInstaller.

Description Indicator Process Target
N/A N/A N/A N/A

Crealstealer family

crealstealer

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-02 01:26

Reported

2024-02-02 01:29

Platform

win10v2004-20231215-en

Max time kernel

142s

Max time network

150s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Creal.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Creal.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-02 01:26

Reported

2024-02-02 01:29

Platform

win10v2004-20231215-en

Max time kernel

120s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe"

Signatures

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Aquatic V4.exe C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Aquatic V4.exe C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 872 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe
PID 872 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe
PID 5056 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe C:\Windows\system32\cmd.exe
PID 5056 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe C:\Windows\system32\cmd.exe
PID 3128 wrote to memory of 384 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 3128 wrote to memory of 384 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 4436 wrote to memory of 3524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 2096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 2096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe

"C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe"

C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe

"C:\Users\Admin\AppData\Local\Temp\Aquatic V4\Aquatic V4\Aquatic V4.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd584046f8,0x7ffd58404708,0x7ffd58404718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9707104807358789079,13933815681482716261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8208 /prefetch:1

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Aquatic V4.rar"

C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe

"C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe"

C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe

"C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic V4.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Aquatic V4\Aquatic V4\Aquatic Info.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
US 8.8.8.8:53 api.ipify.org udp
US 64.185.227.156:443 api.ipify.org tcp
FR 51.178.66.33:443 api.gofile.io tcp
US 8.8.8.8:53 geolocation-db.com udp
DE 159.89.102.253:443 geolocation-db.com tcp
US 8.8.8.8:53 store8.gofile.io udp
US 206.168.191.31:443 store8.gofile.io tcp
US 8.8.8.8:53 156.227.185.64.in-addr.arpa udp
US 8.8.8.8:53 33.66.178.51.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 31.191.168.206.in-addr.arpa udp
US 8.8.8.8:53 253.102.89.159.in-addr.arpa udp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 64.185.227.156:443 api.ipify.org tcp
US 162.159.128.233:443 discord.com tcp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
FR 51.178.66.33:443 api.gofile.io tcp
US 8.8.8.8:53 store9.gofile.io udp
US 206.168.190.239:443 store9.gofile.io tcp
US 8.8.8.8:53 239.190.168.206.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 64.185.227.156:443 api.ipify.org tcp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 64.185.227.156:443 api.ipify.org tcp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
NL 52.142.223.178:80 tcp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 easyupload.io udp
US 172.67.71.25:80 easyupload.io tcp
US 172.67.71.25:80 easyupload.io tcp
US 172.67.71.25:443 easyupload.io tcp
US 8.8.8.8:53 25.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 cnt.trvdp.com udp
BE 13.225.239.77:443 cnt.trvdp.com tcp
BE 13.225.239.77:443 cnt.trvdp.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 cdn.adapex.io udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.66:443 securepubads.g.doubleclick.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.21.234.177:443 cdn.adapex.io tcp
FR 142.250.74.228:443 www.google.com tcp
BE 74.125.206.154:443 stats.g.doubleclick.net tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
FR 142.250.179.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 101.57.16.104.in-addr.arpa udp
US 8.8.8.8:53 77.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 177.234.21.104.in-addr.arpa udp
US 8.8.8.8:53 66.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 228.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 154.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 18.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
FR 172.217.18.206:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 ssc.33across.com udp
US 8.8.8.8:53 prebid.adnxs.com udp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 cat.hbwrapper.com udp
NL 185.89.208.11:443 prebid.adnxs.com tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 p2.gcprivacy.com udp
US 8.8.8.8:53 cloudflare.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 34.149.20.76:443 ssc.33across.com tcp
US 8.8.8.8:53 ads.yieldmo.com udp
US 192.241.157.60:443 cat.hbwrapper.com tcp
US 192.241.157.60:443 cat.hbwrapper.com tcp
IE 54.229.26.69:443 g2.gumgum.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 3.216.69.133:443 p2.gcprivacy.com tcp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 104.16.133.229:443 cloudflare.com tcp
BE 13.225.21.72:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 grid.bidswitch.net udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ice.360yield.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 s.seedtag.com udp
US 8.8.8.8:53 targeting.unrulymedia.com udp
IE 54.171.53.169:443 ads.yieldmo.com tcp
US 172.67.10.198:443 prebid.smilewanted.com tcp
DE 35.157.111.144:443 btlr.sharethrough.com tcp
US 34.149.50.64:443 s.seedtag.com tcp
NL 213.19.162.31:443 fastlane.rubiconproject.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
US 34.120.63.153:443 prebid.media.net tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
IE 34.246.66.7:443 ice.360yield.com tcp
NL 35.214.184.7:443 grid.bidswitch.net tcp
NL 185.89.211.116:443 ib.adnxs.com tcp
FR 172.217.18.206:443 fundingchoicesmessages.google.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 secure.quantserve.com udp
BE 13.225.239.28:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
DE 91.228.74.159:443 secure.quantserve.com tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
BE 13.225.239.28:443 tags.crwdcntrl.net tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
GB 2.19.152.155:443 secure.cdn.fastclick.net tcp
GB 2.19.152.155:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 rules.quantcount.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
BE 13.225.239.8:443 rules.quantcount.com tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 104.22.5.69:443 id.hadron.ad.gt tcp
IE 34.252.106.18:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 206.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 66.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 11.208.89.185.in-addr.arpa udp
US 8.8.8.8:53 69.26.229.54.in-addr.arpa udp
US 8.8.8.8:53 76.20.149.34.in-addr.arpa udp
US 8.8.8.8:53 229.133.16.104.in-addr.arpa udp
US 8.8.8.8:53 104.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 72.21.225.13.in-addr.arpa udp
US 8.8.8.8:53 133.69.216.3.in-addr.arpa udp
US 8.8.8.8:53 60.157.241.192.in-addr.arpa udp
US 8.8.8.8:53 198.10.67.172.in-addr.arpa udp
US 8.8.8.8:53 64.50.149.34.in-addr.arpa udp
US 8.8.8.8:53 169.53.171.54.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 31.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 144.111.157.35.in-addr.arpa udp
US 8.8.8.8:53 116.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 7.184.214.35.in-addr.arpa udp
US 8.8.8.8:53 115.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 7.66.246.34.in-addr.arpa udp
US 8.8.8.8:53 98.86.75.51.in-addr.arpa udp
US 8.8.8.8:53 159.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 28.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 110.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 155.152.19.2.in-addr.arpa udp
US 8.8.8.8:53 106.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
NL 89.207.16.210:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 a.ad.gt udp
US 104.22.5.69:443 a.ad.gt tcp
US 172.67.71.25:443 easyupload.io tcp
US 8.8.8.8:53 stg.truvidplayer.com udp
BE 13.225.239.33:443 stg.truvidplayer.com tcp
BE 13.225.239.33:443 stg.truvidplayer.com tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.200:443 syndication.twitter.com tcp
US 8.8.8.8:53 8.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 18.106.252.34.in-addr.arpa udp
US 8.8.8.8:53 210.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 33.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 s.trvdp.com udp
IE 18.66.171.81:443 s.trvdp.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 rt.ad-score.com udp
US 35.208.216.174:443 rt.ad-score.com tcp
US 35.208.216.174:443 rt.ad-score.com tcp
US 8.8.8.8:53 81.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 200.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 174.216.208.35.in-addr.arpa udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
BE 13.225.21.20:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 pixel.quantserve.com udp
NL 185.89.211.116:443 ib.adnxs.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 185.89.211.116:443 ib.adnxs.com tcp
NL 35.214.184.7:443 grid.bidswitch.net tcp
US 8.8.8.8:53 p.gcprivacy.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 104.18.36.155:443 htlb.casalemedia.com tcp
IE 54.171.53.169:443 ads.yieldmo.com tcp
NL 185.89.211.116:443 ib.adnxs.com tcp
NL 213.19.162.31:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 pbs.optidigital.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 213.19.162.31:443 fastlane.rubiconproject.com tcp
NL 213.19.162.31:443 fastlane.rubiconproject.com tcp
IE 54.229.26.69:443 g2.gumgum.com tcp
US 34.120.63.153:443 prebid.media.net tcp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
IE 108.129.62.164:443 ad.360yield.com tcp
BE 13.225.239.108:443 p.gcprivacy.com tcp
US 34.160.72.119:443 pbs.optidigital.com tcp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.120:443 id5-sync.com tcp
US 8.8.8.8:53 20.21.225.13.in-addr.arpa udp
US 8.8.8.8:53 119.72.160.34.in-addr.arpa udp
US 8.8.8.8:53 83.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 164.62.129.108.in-addr.arpa udp
US 8.8.8.8:53 108.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 aggle.net udp
US 3.33.163.81:443 aggle.net tcp
US 8.8.8.8:53 lexicon.33across.com udp
US 35.244.193.51:443 lexicon.33across.com tcp
US 8.8.8.8:53 37daf7f5ea6fb537cfe135907a35e2fe.safeframe.googlesyndication.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 at.teads.tv udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
FR 172.217.20.193:443 37daf7f5ea6fb537cfe135907a35e2fe.safeframe.googlesyndication.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
IE 52.94.223.37:443 aax-eu.amazon-adsystem.com tcp
GB 2.17.149.102:443 at.teads.tv tcp
NL 131.153.158.209:443 id.a-mx.com tcp
US 34.194.87.253:443 idx.liadm.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
IE 99.80.224.8:443 id.crwdcntrl.net tcp
US 8.8.8.8:53 dnacdn.net udp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.179.65:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 scripts.opti-digital.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 8.8.8.8:53 csync.smilewanted.com udp
DE 51.75.86.98:443 onetag-sys.com udp
US 8.8.8.8:53 cdn.adnxs.com udp
FR 142.250.179.65:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 adsdk.microsoft.com udp
GB 92.123.242.2:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 dcdn.adnxs.com udp
US 151.101.1.108:443 dcdn.adnxs.com tcp
US 13.107.246.64:443 adsdk.microsoft.com tcp
FR 172.217.20.194:443 www.googletagservices.com tcp
US 151.101.1.108:443 dcdn.adnxs.com tcp
US 104.18.3.52:443 scripts.opti-digital.com tcp
GB 96.16.108.246:443 acdn.adnxs.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
NL 185.89.208.11:443 prebid.adnxs.com tcp
FR 142.250.74.228:443 www.google.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 a.usbrowserspeed.com udp
US 8.8.8.8:53 pxdrop.lijit.com udp
GB 2.18.63.39:443 pxdrop.lijit.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 54.200.128.140:443 a.usbrowserspeed.com tcp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 81.163.33.3.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 193.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 102.149.17.2.in-addr.arpa udp
US 8.8.8.8:53 37.223.94.52.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 209.158.153.131.in-addr.arpa udp
US 8.8.8.8:53 8.224.80.99.in-addr.arpa udp
US 8.8.8.8:53 226.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 253.87.194.34.in-addr.arpa udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 54.200.128.140:443 a.usbrowserspeed.com tcp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 2.242.123.92.in-addr.arpa udp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 52.3.18.104.in-addr.arpa udp
US 8.8.8.8:53 194.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 246.108.16.96.in-addr.arpa udp
US 8.8.8.8:53 9.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 choices.trustarc.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
GB 92.123.128.167:443 www.bing.com tcp
BE 13.225.239.95:443 choices.trustarc.com tcp
NL 213.19.162.90:443 token.rubiconproject.com tcp
US 8.8.8.8:53 39.63.18.2.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 140.128.200.54.in-addr.arpa udp
US 8.8.8.8:53 95.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 90.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 image8.pubmatic.com udp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 8.8.8.8:53 eu4.easyupload.io udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
FR 51.178.66.33:443 api.gofile.io tcp
US 64.185.227.156:443 api.ipify.org tcp
DE 159.89.102.253:443 geolocation-db.com tcp
US 8.8.8.8:53 store3.gofile.io udp
US 136.175.10.233:443 store3.gofile.io tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 233.10.175.136.in-addr.arpa udp
US 162.159.128.233:443 discord.com tcp
US 64.185.227.156:443 api.ipify.org tcp
US 162.159.128.233:443 discord.com tcp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
FR 51.178.66.33:443 api.gofile.io tcp
US 136.175.10.233:443 store3.gofile.io tcp
US 64.185.227.156:443 api.ipify.org tcp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 64.185.227.156:443 api.ipify.org tcp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI8722\python312.dll

MD5 34fdfc42794461d907ae8ea3be824837
SHA1 7cd9ef7fe3d44cc88ad08c2fecd5ceb4c9930355
SHA256 4f628c529c50d57dac99b9c72f6a234ae4d05c77104834d7a3652a682423654f
SHA512 67666913604485a2c901f5c52d5e463010474ccd6051ea4dab2efbed11b598843c954f401bd4933670372b12b91919dbc373294a989f0bb7466cc1980882c92b

C:\Users\Admin\AppData\Local\Temp\_MEI8722\python312.dll

MD5 21f2d810634655739ad3dbec22c79250
SHA1 9a892f2653eaaf403ad996ada53b5cd09a493ebc
SHA256 afc315a9c9b1149f94dcd1a526aa497c4f455a6e1bbc597f13eca25c3699be81
SHA512 bc9c313da59770687689696337c30210c418b312a9a951d12d427389d621db29df7d35cfb9576dd804a6f807a19c2f66e5a1506c49124102bf0594c679c2b5fb

C:\Users\Admin\AppData\Local\Temp\_MEI8722\VCRUNTIME140.dll

MD5 4585a96cc4eef6aafd5e27ea09147dc6
SHA1 489cfff1b19abbec98fda26ac8958005e88dd0cb
SHA256 a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736
SHA512 d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

C:\Users\Admin\AppData\Local\Temp\_MEI8722\base_library.zip

MD5 f13488d88c3b2351a4b7dae10ab214a0
SHA1 c91226791bf6f017aa2761eefd713926de0c17f1
SHA256 40965355dd7f81dff766d1034273cefd39d29130491b94e58b6bb31391e260da
SHA512 9cbc0cd8b457e985200c7931cf5af6ad644d845f55af303cb1320dc98d83b1094aff6d96329a743ac93b8a43f9092d9534044fd5cdd137c3c3a193eebc0b98ae

C:\Users\Admin\AppData\Local\Temp\_MEI8722\python3.DLL

MD5 77896345d4e1c406eeff011f7a920873
SHA1 ee8cdd531418cfd05c1a6792382d895ac347216f
SHA256 1e9224ba7190b6301ef47befa8e383d0c55700255d04a36f7dac88ea9573f2fb
SHA512 3e98b1b605d70244b42a13a219f9e124944da199a88ad4302308c801685b0c45a037a76ded319d08dbf55639591404665befe2091f0f4206a9472fee58d55c22

C:\Users\Admin\AppData\Local\Temp\_MEI8722\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI8722\_lzma.pyd

MD5 4e2239ece266230ecb231b306adde070
SHA1 e807a078b71c660db10a27315e761872ffd01443
SHA256 34130d8abe27586ee315262d69af4e27429b7eab1f3131ea375c2bb62cf094be
SHA512 86e6a1eab3529e600dd5caab6103e34b0f618d67322a5ecf1b80839faa028150c492a5cf865a2292cc8584fba008955da81a50b92301583424401d249c5f1401

C:\Users\Admin\AppData\Local\Temp\_MEI8722\unicodedata.pyd

MD5 0b84afa280b0ad07a50d9a60eb1173de
SHA1 71cd49da44c470d27c7b7dab0786ab1441ca5a06
SHA256 f4973bf1f0ee4537d368dd1f6fd2d0394064b944649e005d31c8cbf4a8181eef
SHA512 3960bab4df184be703575dc4126980ac83794ebc3ede54b3243a859a0af58e7c610a9bf430efe07e65c2b27ba2d818c88fdd0b3c79eb9b487bf2eeb80c4d24eb

C:\Users\Admin\AppData\Local\Temp\_MEI8722\sqlite3.dll

MD5 5b2119475686252815b8b8075a3b7deb
SHA1 93146887d82839581c8399dd1254ed154b4b3dc1
SHA256 3a876916658576a0b4b974a91d5cb17c36a89e6ac76ca39ff13e2fb4cec31c49
SHA512 2086eba84d149464cc1737087af5a6cd07d0e41599a69baf18fe58774a2ea8996c9b351359a9c72e21ed12ace1710a3f599c98ab5b8c32107420bae2cde24395

C:\Users\Admin\AppData\Local\Temp\_MEI8722\_hashlib.pyd

MD5 f495d1897a1b52a2b15c20dcecb84b47
SHA1 8cb65590a8815bda58c86613b6386b5982d9ec3f
SHA256 e47e76d70d508b62924fe480f30e615b12fdd7745c0aac68a2cddabd07b692ae
SHA512 725d408892887bebd5bcf040a0ecc6a4e4b608815b9dea5b6f7b95c812715f82079896df33b0830c9f787ffe149b8182e529bb1f78aadd89df264cf8853ee4c4

C:\Users\Admin\AppData\Local\Temp\_MEI8722\_wmi.pyd

MD5 ee33f4c8d17d17ad62925e85097b0109
SHA1 8c4a03531cf3dbfe6f378fdab9699d51e7888796
SHA256 79adca5037d9145309d3bd19f7a26f7bb7da716ee86e01073c6f2a9681e33dad
SHA512 60b0705a371ad2985db54a91f0e904eea502108663ea3c3fb18ed54671be1932f4f03e8e3fd687a857a5e3500545377b036276c69e821a7d6116b327f5b3d5c1

C:\Users\Admin\AppData\Local\Temp\_MEI8722\_uuid.pyd

MD5 3c8737723a903b08d5d718336900fd8c
SHA1 2ad2d0d50f6b52291e59503222b665b1823b0838
SHA256 bb418e91e543c998d11f9e65fd2a4899b09407ff386e059a88fe2a16aed2556b
SHA512 1d974ec1c96e884f30f4925cc9a03fb5af78687a267dec0d1582b5d7561d251fb733cf733e0cc00faee86f0fef6f73d36a348f3461c6d34b0238a75f69320d10

C:\Users\Admin\AppData\Local\Temp\_MEI8722\libcrypto-3.dll

MD5 40957e0a366203fbf3c4b7de84598803
SHA1 5081e9b17d44a337a2a08aee9d8895f967e99d2c
SHA256 a6822c1e84697e67e61a5c4b1ccac2a7a0805a2eb44f81995372847a7dd972be
SHA512 358d41cf5f895c8bebe0bd3241dca0f579b4276049c30de5d55521f883d1e7f76a80639e11c62a17017334b52e09e59b9b355837198dbd8a79525579221a7f3f

C:\Users\Admin\AppData\Local\Temp\_MEI8722\_ssl.pyd

MD5 9b4e74fd1de0f8a197e4aa1e16749186
SHA1 833179b49eb27c9474b5189f59ed7ecf0e6dc9ea
SHA256 a4ce52a9e0daddbbe7a539d1a7eda787494f2173ddcc92a3faf43b7cf597452b
SHA512 ae72b39cb47a859d07a1ee3e73de655678fe809c5c17ffd90797b5985924ddb47ceb5ebe896e50216fb445526c4cbb95e276e5f3810035b50e4604363eb61cd4

C:\Users\Admin\AppData\Local\Temp\_MEI8722\select.pyd

MD5 bffff83a000baf559f3eb2b599a1b7e8
SHA1 7f9238bda6d0c7cc5399c6b6ab3b42d21053f467
SHA256 bc71fbdfd1441d62dd86d33ff41b35dc3cc34875f625d885c58c8dc000064dab
SHA512 3c0ba0cf356a727066ae0d0d6523440a882aafb3ebdf70117993effd61395deebf179948f8c7f5222d59d1ed748c71d9d53782e16bd2f2eccc296f2f8b4fc948

C:\Users\Admin\AppData\Local\Temp\_MEI8722\_socket.pyd

MD5 899380b2d48df53414b974e11bb711e3
SHA1 f1d11f7e970a7cd476e739243f8f197fcb3ad590
SHA256 b38e66e6ee413e5955ef03d619cadd40fca8be035b43093d2342b6f3739e883e
SHA512 7426ca5e7a404b9628e2966dae544f3e8310c697145567b361825dc0b5c6cd87f2caf567def8cd19e73d68643f2f38c08ff4ff0bb0a459c853f241b8fdf40024

C:\Users\Admin\AppData\Local\Temp\_MEI8722\_queue.pyd

MD5 6e00e0821bb519333ccfd4e61a83cb38
SHA1 3550a41bb2ea54f456940c4d1940acab36815949
SHA256 2ad02d49691a629f038f48fcdee46a07c4fcc2cb0620086e7b09ac11915ae6b7
SHA512 c3f8332c10b58f30e292676b48ecf1860c5ef9546367b87e90789f960c91eae4d462dd3ee9cb14f603b9086e81b6701aab56da5b635b22db1e758ed0a983e562

C:\Users\Admin\AppData\Local\Temp\_MEI8722\_sqlite3.pyd

MD5 cee93c920951c1169b615cb6330cedda
SHA1 ef2abf9f760db2de0bd92afe8766a0b798cf8167
SHA256 ff25bdbeef34d2aa420a79d3666c2660e7e3e96259d1f450f1af5268553380ec
SHA512 999d324448bb39793e4807432c697f01f8922b0aba4519a21d5dc4f4fc8e9e4737d7e104b205b931af753eda65f61d0c744f12be84446f9c6cb3c2a5b35b773c

C:\Users\Admin\AppData\Local\Temp\_MEI8722\_overlapped.pyd

MD5 f9c67280538408411be9a7341b93b5b0
SHA1 ccf776cd2483bc83b48b1db322d7b6fcab48356e
SHA256 5d298bb811037b583cff6c88531f1742fae5eee47c290adb47ddbd0d6126b9cc
SHA512 af2156738893ef504d582ace6750b25bc42ad1ec8a92e0550ce54810706d854f37a82f38eb965a537cad5d35c0178c5eb7b4d20db2a95bebfecf9a13c0592646

C:\Users\Admin\AppData\Local\Temp\_MEI8722\_asyncio.pyd

MD5 2cd68ff636394d3019411611e27d0a3b
SHA1 da369c5d1a32f68639170d8a265a9ea49c2c8ebd
SHA256 0d4fbd46f922e548060ea74c95e99dc5f19b1df69be17706806760515c1c64fe
SHA512 37388d137454f52057b2376d95abcc955fa1edc3e20b96445fa45d1860544e811df0c547f221c8671dc1a4d90262bb20f3b9f114252f3c47a8c3829951a2ce51

C:\Users\Admin\AppData\Local\Temp\_MEI8722\pyexpat.pyd

MD5 f554064233c082f98ef01195693d967d
SHA1 f191d42807867e0174ddc66d04c45250d9f6561e
SHA256 e1d56ffbf5e5fab481d7a14691481b8ff5d2f4c6bf5d1a4664c832756c5942fe
SHA512 3573a226305cec45333fc4d0e6fc0c3357421ad77cd8a1899c90515994351292ee5d1c445412b5563aa02520736e870a9ee879909cd992f5be32e877792bdb88

C:\Users\Admin\AppData\Local\Temp\_MEI8722\sqlite3.dll

MD5 392243740093a8871d592cd88d28fadf
SHA1 34372ec88a0999f2e58843a43b3f18e2b462dabb
SHA256 f37bba355938378d5c6329198934c9673f9644e229bbd41d09fe59b2bfa6690f
SHA512 cf1de9519c7756b7647f3fb35824ed4f5f2cabc7fb3d86208a645aa02d5f61177d9c8ac5382ff92c5968a7b1a2f5e16125de954d0a5e50747ebf837a0d9eb513

C:\Users\Admin\AppData\Local\Temp\_MEI8722\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

MD5 bf9a9da1cf3c98346002648c3eae6dcf
SHA1 db16c09fdc1722631a7a9c465bfe173d94eb5d8b
SHA256 4107b1d6f11d842074a9f21323290bbe97e8eed4aa778fbc348ee09cc4fa4637
SHA512 7371407d12e632fc8fb031393838d36e6a1fe1e978ced36ff750d84e183cde6dd20f75074f4597742c9f8d6f87af12794c589d596a81b920c6c62ee2ba2e5654

C:\Users\Admin\AppData\Local\Temp\_MEI8722\unicodedata.pyd

MD5 f865f3084ad99685b4755b38ee79a708
SHA1 aa08e3f340d4ca526347f706b3c679417e4adabe
SHA256 8b3dae98accb9fd773bc59848c6ebcd4d1723eaef817b26321282cd78ad3c9b9
SHA512 36beb838a9115ea978081193ed4df120c796f8f683fc79235df15515ddd49340180e747a645e7e21887e7bfc40d03e8309b95f50cdd87b1097bf98ce49ecb39f

C:\Users\Admin\AppData\Local\Temp\_MEI8722\Crypto\Cipher\_raw_ecb.pyd

MD5 dedae3efda452bab95f69cae7aebb409
SHA1 520f3d02693d7013ea60d51a605212efed9ca46b
SHA256 6248fdf98f949d87d52232ddf61fada5ef02cd3e404bb222d7541a84a3b07b8a
SHA512 8c1cab8f34de2623a42f0750f182b6b9a7e2affa2667912b3660af620c7d9ad3bd5b46867b3c2d50c0cae2a1bc03d03e20e4020b7ba0f313b6a599726f022c6c

C:\Users\Admin\AppData\Local\Temp\_MEI8722\Crypto\Cipher\_raw_cbc.pyd

MD5 0c46d7b7cd00b3d474417de5d6229c41
SHA1 825bdb1ea8bbfe7de69487b76abb36196b5fdac0
SHA256 9d0a5c9813ad6ba129cafef815741636336eb9426ac4204de7bc0471f7b006e1
SHA512 d81b17b100a052899d1fd4f8cea1b1919f907daa52f1bad8dc8e3f5afc230a5bca465bbac2e45960e7f8072e51fdd86c00416d06cf2a1f07db5ad8a4e3930864

C:\Users\Admin\AppData\Local\Temp\_MEI8722\Crypto\Cipher\_raw_ctr.pyd

MD5 a34f499ee5f1b69fc4fed692a5afd3d6
SHA1 6a37a35d4f5f772dab18e1c2a51be756df16319a
SHA256 4f74bcf6cc81bac37ea24cb1ef0b17f26b23edb77f605531857eaa7b07d6c8b2
SHA512 301f7c31dee8ff65bb11196f255122e47f3f1b6b592c86b6ec51ab7d9ac8926fecfbe274679ad4f383199378e47482b2db707e09d73692bee5e4ec79c244e3a8

C:\Users\Admin\AppData\Local\Temp\_MEI8722\Crypto\Cipher\_raw_ofb.pyd

MD5 a13584f663393f382c6d8d5c0023bc80
SHA1 d324d5fbd7a5dba27aa9b0bdb5c2aebff17b55b1
SHA256 13c34a25d10c42c6a12d214b2d027e5dc4ae7253b83f21fd70a091fedac1e049
SHA512 14e4a6f2959bd68f441aa02a4e374740b1657ab1308783a34d588717f637611724bc90a73c80fc6b47bc48dafb15cf2399dc7020515848f51072f29e4a8b4451

C:\Users\Admin\AppData\Local\Temp\_MEI8722\Crypto\Cipher\_raw_cfb.pyd

MD5 3142c93a6d9393f071ab489478e16b86
SHA1 4fe99c817ed3bcc7708a6631f100862ebda2b33d
SHA256 5ea310e0f85316c8981ed6293086a952fa91a6d12ca3f8af9581521ee2b15586
SHA512 dcafec54bd9f9f42042e6fa4ac5ed53feb6cf8d56ada6a1787cafc3736aa72f14912bbd1b27d0af87e79a6d406b0326602ecd1ad394acdc6275aed4c41cdb9ef

C:\Users\Admin\AppData\Local\Temp\_MEI8722\charset_normalizer\md.cp312-win_amd64.pyd

MD5 d9e0217a89d9b9d1d778f7e197e0c191
SHA1 ec692661fcc0b89e0c3bde1773a6168d285b4f0d
SHA256 ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0
SHA512 3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d

C:\Users\Admin\AppData\Local\Temp\_MEI8722\libssl-3.dll

MD5 9486df377c51defe65f72b7c7f799b44
SHA1 f26ee8538d26620e4d8a2e1f4bd4e7d4219ccb65
SHA256 26a61333787b854d30ff14e362c7508a72dd10f2c3abbb73e910112c1a67e1ab
SHA512 eaab70f2402a8d8c8f13d945e59c6becb470422645ce027f6b666d50a4117d891e3363a1ed59026b2fcd1fde6ade9e8ea1e6f6cd0dd7e6cb87af403f438d892c

C:\Users\Admin\AppData\Local\Temp\_MEI8722\_multiprocessing.pyd

MD5 811bcee2f4246265898167b103fc699b
SHA1 ae3de8acba56cde71001d3796a48730e1b9c7cce
SHA256 fb69005b972dc3703f9ef42e8e0fddf8c835cb91f57ef9b6c66bbdf978c00a8c
SHA512 1f71e23ce4b6bc35fe772542d7845dcbea2a34522ba0468b61cb05f9abab7732cbf524bcff498d1bd0b13b5e8a45c373cca19ad20e5370f17259e281edf344be

C:\Users\Admin\AppData\Local\Temp\_MEI8722\_decimal.pyd

MD5 21c73e7e0d7dad7a1fe728e3b80ce073
SHA1 7b363af01e83c05d0ea75299b39c31d948bbfe01
SHA256 a28c543976aa4b6d37da6f94a280d72124b429f458d0d57b7dbcf71b4bea8f73
SHA512 0357102bffc2ec2bc6ff4d9956d6b8e77ed8558402609e558f1c1ebc1baca6aeaa5220a7781a69b783a54f3e76362d1f74d817e4ee22aac16c7f8c86b6122390

C:\Users\Admin\AppData\Local\Temp\_MEI8722\_cffi_backend.cp312-win_amd64.pyd

MD5 0572b13646141d0b1a5718e35549577c
SHA1 eeb40363c1f456c1c612d3c7e4923210eae4cdf7
SHA256 d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7
SHA512 67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842

C:\Users\Admin\AppData\Local\Temp\_MEI8722\VCRUNTIME140_1.dll

MD5 7e668ab8a78bd0118b94978d154c85bc
SHA1 dbac42a02a8d50639805174afd21d45f3c56e3a0
SHA256 e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f
SHA512 72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

C:\Users\Admin\AppData\Local\Temp\_MEI8722\libssl-3.dll

MD5 698872e3b91237f147975cc73594c90f
SHA1 21afcee241cabdf84c963a349cfe4aa466e5118b
SHA256 66609b222109f89a684a6bda4e7d93ca397e5ea4958ae4eaf024a5a4686ed427
SHA512 be9a50f049f9d70b7764757e6b545d9c52cca1dfda4c3faf1cf5d7454efd478b931a9cea82f358fe9097f9384d5f1d617214c816f1fc4fb2b00516e397ca05b0

C:\Users\Admin\AppData\Local\Temp\_MEI8722\libcrypto-3.dll

MD5 d6739900d5412909b39c4da85e33194c
SHA1 9ad87721202aea6311f9698ca10a9a106bfd1266
SHA256 bc881265f3f6171ffa054c491099f77a8a09e674ce0e4f2631612991d2990bec
SHA512 7d57ea197a7624a13ec198d4b89e96bb67bcfe92d4693031e1f89fdd4bd30ee2be63831f02717513cb6bdbcf3eb694ac4d622202846a4c68f58c28b82c87f55d

C:\Users\Admin\AppData\Local\Temp\_MEI8722\_bz2.pyd

MD5 c7ce973f261f698e3db148ccad057c96
SHA1 59809fd48e8597a73211c5df64c7292c5d120a10
SHA256 02d772c03704fe243c8de2672c210a5804d075c1f75e738d6130a173d08dfcde
SHA512 a924750b1825747a622eef93331fd764d824c954297e37e8dc93a450c11aa7ab3ad7c3b823b11656b86e64de3cd5d409fda15db472488dfaa4bb50341f0b29d1

C:\Users\Admin\AppData\Local\Temp\_MEI8722\_ctypes.pyd

MD5 10fdcf63d1c3c3b7e5861fbb04d64557
SHA1 1aa153efec4f583643046618b60e495b6e03b3d7
SHA256 bc3b83d2dc9e2f0e6386ed952384c6cf48f6eed51129a50dfd5ef6cbbc0a8fb3
SHA512 dc702f4100ed835e198507cd06fa5389a063d4600fc08be780690d729ab62114fd5e5b201d511b5832c14e90a5975ed574fc96edb5a9ab9eb83f607c7a712c7f

C:\Users\Admin\AppData\Local\Temp\crcook.txt

MD5 155ea3c94a04ceab8bd7480f9205257d
SHA1 b46bbbb64b3df5322dd81613e7fa14426816b1c1
SHA256 445e2bcecaa0d8d427b87e17e7e53581d172af1b9674cf1a33dbe1014732108b
SHA512 3d47449da7c91fe279217a946d2f86e5d95d396f53b55607ec8aca7e9aa545cfaf9cb97914b643a5d8a91944570f9237e18eecec0f1526735be6ceee45ecba05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bcaf436ee5fed204f08c14d7517436eb
SHA1 637817252f1e2ab00275cd5b5a285a22980295ff
SHA256 de776d807ae7f2e809af69746f85ea99e0771bbdaaed78a764a6035dabe7f120
SHA512 7e6cf2fdffdcf444f6ef4a50a6f9ef1dfb853301467e3f4784c9ee905c3bf159dc3ee9145d77dbf72637d5b99242525eb951b91c020e5f4e5cfcfd965443258c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e012487bbfa4cc9cd3e9c54ead5ebe14
SHA1 14a666f95c33b1f3db720ceb321bf74680ae32ae
SHA256 3766a42d7f28a8e25013f1db021b6aa22d022d3cf2ed3a504c64e8c7db6e3ca7
SHA512 8cdadecb43cfeb05e25afc3a5d3b6e24bbef32d1bd175b4befdf8ae6f206c61c551d6c1646e8cdfdf88d1f216b34ff5a3a2a75da30f33b9fbb460709fd3705ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a840845cb2776ebaeacc6375a8735e73
SHA1 3448aeb84849095ff0a824bc9759e8679f65fa3d
SHA256 2220433543c1633359e73fc29d074ad2970d607ae123ff0b385a3d31d756dd51
SHA512 dd7610ef7387b10deb8e1e2db06f44eea0547aa1f1a9fa8f8c43e3cbb8bffd788ca13d874572c4717261e20b8afb52c1e749fc8f8361c7447daa7f1a79b9a98a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6515b1ff9737929b87c36436afa58987
SHA1 bbf648d65eeb309db97b9d108301e59246aad189
SHA256 be088fe60058538b61307c54847adb6518b9ee8132f33c57b310adb95cd3ce5e
SHA512 53a0c6fdf13e18d969f842b1efeb274376372525f1fd3ad1870a297f7724c03b62c180139c12ff8f3b2429d9b51547bae80e7be06f6e15e59ba2fabe8acbb247

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 b0ba6f0eee8f998b4d78bc4934f5fd17
SHA1 589653d624de363d3e8869c169441b143c1f39ad
SHA256 4b5ee509e727accbd11493dda2c1d512e7dbfaff66c4f5f7ea9c2d2ccd06151f
SHA512 e9a165da246c6b80fc38431538203cf03f95794184ff63f00c9500f8919a2028b803f64b670e685185eed72df0509e3185c9b434fdbf2bc7af36021d46bd08d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ba5da1cf822ce1762dd86c6ed982000c
SHA1 7aac4d9206e7d6841cccb5963d92df7f2f123c20
SHA256 ad25b22380af5b7e8a4d5a7862f85e19c120cd39873146878ecc760c2a2cc280
SHA512 f966a30d9b2c517ec0bcf94f1b0dda32e3e51776643f232fc94789bb0fcf5fbbe7add0c501149765f9c59677944eb5aaeef88c0fdb8d886536def4425751bf35

C:\Users\Admin\Downloads\Unconfirmed 883868.crdownload

MD5 bbc1fb978b2374a52fbb4ef5e6cd62d2
SHA1 872327e493bf98f30b28105e2d61f14a1ed7593d
SHA256 48f43128bbbda8ca3692c33a67d910202aaeb41ce728089d6ca8bfb20968d33d
SHA512 7144cb56147102b73bd72f49422a98abc795cf5291daa84707b3bf3aaa72ce0a480f7753f4447d51b77e61f5d00ee9162dcc9250943cd4c8d42724f12ae37321

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6843fc479675153ca8f6ab17eb10bae2
SHA1 47634e79591f04181791422e7783fcaadb19ba7e
SHA256 bf5d11438eebd66d6165f51cc68e9565036da22416342792c798f95cc599621c
SHA512 6fdf8e7589dfb73eabee67fa7c7b0e1f9a6a2efa62f3bf60e9eb14a2820f8eeaff863f91565ec1dd703c8c34b1eeb19f11088fec06cbd4daad484871b48a6e4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5f98ae2d6b0f43044154ec2becd12192
SHA1 ae80ec5ac0d8dbe786d8793de73177f171f60084
SHA256 b3ef31c77b72df3b1ae4f7ba2bb4f8b7f0392f6d7c614a139ea8bf2ca11e8f17
SHA512 0ff906996a8949602ce483974694ddd1956bbf9625d6c2ed053ebd72d1391bec6b28666c4672362e49d77406fad3d7121e1ac3d0676b68d4ac4472638fb82fc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 32cb38791c073f64a047fc70f0fa4213
SHA1 a318731036744c03efe2905952e5826809a454aa
SHA256 8f030a5831420f4219e945e1e723bafa3e1feb7d4686530823b76fa84620513b
SHA512 7032328cf0e348e51e78664700103caa0b842c2a09e32054cc712affa68c7f831c7be836e7c50be081e71c2752e69f872374b4f34f5295a2cde362833d0d19eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aaab4995b0d9ca1a60ab491b1c0822e6
SHA1 861e0de9efc7d2a841cb7c12d12e6460f4a65dd2
SHA256 055b651edd1f096b4b8d0443a50b4c4cb18b6a4aa7dc2406dcc10f2deb4b38b8
SHA512 0d8f2e35c31600083a31cf6ba02c2e5cf14233568ff66f8492146e82823beb4ad1abb16a9786a63a4accdf90db1bb82dc21fc5f9a505b71a1c1ee1c3f28d75c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 024263389e154e588fe3480ccbfe8723
SHA1 7441ec4cdd52181aaf8ee110440c19cd2a816a7f
SHA256 e949e5a146741de80f7a5d9f4d013fa18320c218691041f3a738d148fae325a0
SHA512 0384aedfefef579d83a2121c1190f0f7132be09b596bc9419a7de6a0b7b4d4c206c0588488de68fe6f7ebc8cf90e139cad475437ddb385b989bb1cccf70937b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 12c7a0d90fafd1160c5033aedc052a00
SHA1 5e09e713184edd80fe6e818d1c42e874e5f06fe8
SHA256 9e7674027357242d90204662023713a61855589a1f34d65d43a8908f93a6937e
SHA512 def4536898b47718c3b6c477da0035bbe1685fad69508e05b867736393b725e2442ba4b16701aed2342cc06b7b032c3118bdb54e7261ec4edc0b0029f93a582b