Malware Analysis Report

2024-11-15 05:58

Sample ID 240404-tf8vkscf45
Target https://file.io/V90fz4A5z12x
Tags
rhadamanthys persistence pyinstaller stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://file.io/V90fz4A5z12x was found to be: Known bad.

Malicious Activity Summary

rhadamanthys persistence pyinstaller stealer upx

Suspicious use of NtCreateUserProcessOtherParentProcess

Rhadamanthys

Checks computer location settings

UPX packed file

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Detects Pyinstaller

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: AddClipboardFormatListener

Modifies Internet Explorer settings

Kills process with taskkill

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-04 16:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-04 16:01

Reported

2024-04-04 16:03

Platform

win10v2004-20240226-en

Max time kernel

117s

Max time network

114s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 968 created 2888 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Windows\system32\sihost.exe
PID 5684 created 2888 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Windows\system32\sihost.exe
PID 1008 created 2888 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Windows\system32\sihost.exe

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Eclipse RAT\Eclipse.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Eclipse RAT\crack.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Eclipse RAT\Eclipse.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\explorer.exe N/A
N/A N/A C:\Users\Admin\explorer.exe N/A
N/A N/A C:\Users\Admin\explorer.exe N/A
N/A N/A C:\Users\Admin\explorer.exe N/A
N/A N/A C:\Users\Admin\explorer.exe N/A
N/A N/A C:\Users\Admin\explorer.exe N/A
N/A N/A C:\Users\Admin\explorer.exe N/A
N/A N/A C:\Users\Admin\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\explorer.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Update64 = "C:\\Users\\Admin\\explorer.exe" C:\Users\Admin\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Update64 = "C:\\Users\\Admin\\Downloads\\Eclipse RAT\\explorer.exe" C:\Users\Admin\AppData\Roaming\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Update64 = "C:\\Users\\Admin\\Downloads\\Eclipse RAT\\explorer.exe" C:\Users\Admin\AppData\Roaming\explorer.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Rev = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259} C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\WorkFolders C:\Windows\System32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616209" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Windows\explorer.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1852 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/V90fz4A5z12x

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f42846f8,0x7ff8f4284708,0x7ff8f4284718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6616 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6984 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x410 0x3ec

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10460 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Eclipse RAT\" -ad -an -ai#7zMap14102:84:7zEvent31216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1

C:\Users\Admin\Downloads\Eclipse RAT\Eclipse.exe

"C:\Users\Admin\Downloads\Eclipse RAT\Eclipse.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHQAYQBzACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAGUAbQBmACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcARQByAHIAbwByACEAIABMAGkAYwBlAG4AcwBlACAAaABhAHMAIABlAHgAcABpAHIAZQBkAC4AIABDAG8AbgB0AGEAYwB0ACAAdQBzACAAdgBpAGEAIAB0AGUAbABlAGcAcgBhAG0AIABnAHIAbwB1AHAAIAB0AG8AIABwAHUAcgBjAGgAYQBzAGUAIAAvACAAZwBlAHQAIABmAHIAZQBlACAAdAByAGkAYQBsACAAdgBlAHIAcwBpAG8AbgAhACcALAAnACcALAAnAE8ASwAnACwAJwBFAHIAcgBvAHIAJwApADwAIwBmAHoAeAAjAD4A"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGoAZABtACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHMAbgBzACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHQAYwB5ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGEAZgBnACMAPgA="

C:\Users\Admin\AppData\Local\Temp\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\svchost.exe"

C:\Users\Admin\AppData\Roaming\explorer.exe

"C:\Users\Admin\AppData\Roaming\explorer.exe"

C:\Users\Admin\AppData\Roaming\explorer.exe

"C:\Users\Admin\AppData\Roaming\explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\activate.bat

C:\Windows\system32\taskkill.exe

taskkill /f /im "explorer.exe"

C:\Users\Admin\explorer.exe

"explorer.exe"

C:\Users\Admin\explorer.exe

"explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Eclipse RAT\crack.exe

"C:\Users\Admin\Downloads\Eclipse RAT\crack.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGkAdAB1ACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAGkAZAB4ACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcARQByAHIAbwByACEAIABMAGkAYwBlAG4AcwBlACAAaABhAHMAIABlAHgAcABpAHIAZQBkAC4AIABDAG8AbgB0AGEAYwB0ACAAdQBzACAAdgBpAGEAIAB0AGUAbABlAGcAcgBhAG0AIABnAHIAbwB1AHAAIAB0AG8AIABwAHUAcgBjAGgAYQBzAGUAIAAvACAAZwBlAHQAIABmAHIAZQBlACAAdAByAGkAYQBsACAAdgBlAHIAcwBpAG8AbgAhACcALAAnACcALAAnAE8ASwAnACwAJwBFAHIAcgBvAHIAJwApADwAIwBwAG0AZAAjAD4A"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGsAdwBmACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHkAZQBnACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGEAdQB2ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGgAegBlACMAPgA="

C:\Users\Admin\AppData\Local\Temp\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\svchost.exe"

C:\Users\Admin\AppData\Roaming\explorer.exe

"C:\Users\Admin\AppData\Roaming\explorer.exe"

C:\Users\Admin\AppData\Roaming\explorer.exe

"C:\Users\Admin\AppData\Roaming\explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7075614163831770538,1134041347545782405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1

C:\Users\Admin\Downloads\Eclipse RAT\Eclipse.exe

"C:\Users\Admin\Downloads\Eclipse RAT\Eclipse.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHQAYQBzACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAGUAbQBmACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcARQByAHIAbwByACEAIABMAGkAYwBlAG4AcwBlACAAaABhAHMAIABlAHgAcABpAHIAZQBkAC4AIABDAG8AbgB0AGEAYwB0ACAAdQBzACAAdgBpAGEAIAB0AGUAbABlAGcAcgBhAG0AIABnAHIAbwB1AHAAIAB0AG8AIABwAHUAcgBjAGgAYQBzAGUAIAAvACAAZwBlAHQAIABmAHIAZQBlACAAdAByAGkAYQBsACAAdgBlAHIAcwBpAG8AbgAhACcALAAnACcALAAnAE8ASwAnACwAJwBFAHIAcgBvAHIAJwApADwAIwBmAHoAeAAjAD4A"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGoAZABtACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHMAbgBzACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHQAYwB5ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGEAZgBnACMAPgA="

C:\Users\Admin\AppData\Local\Temp\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\svchost.exe"

C:\Users\Admin\AppData\Roaming\explorer.exe

"C:\Users\Admin\AppData\Roaming\explorer.exe"

C:\Users\Admin\AppData\Roaming\explorer.exe

"C:\Users\Admin\AppData\Roaming\explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 file.io udp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 www.file.io udp
NL 18.239.94.43:443 www.file.io tcp
US 8.8.8.8:53 24.107.55.45.in-addr.arpa udp
US 8.8.8.8:53 218.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 43.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 hb.vntsm.com udp
US 151.101.3.42:443 hb.vntsm.com tcp
US 8.8.8.8:53 42.3.101.151.in-addr.arpa udp
US 151.101.3.42:443 hb.vntsm.com tcp
US 8.8.8.8:53 hb.vntsm.io udp
US 104.22.46.142:443 hb.vntsm.io tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 www.google.co.uk udp
BE 142.251.173.157:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 172.217.169.3:443 www.google.co.uk tcp
BE 142.251.173.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.46.22.104.in-addr.arpa udp
US 8.8.8.8:53 178.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.exelator.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cmp.quantcast.com udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net tcp
NL 18.65.39.71:443 cdn.exelator.com tcp
NL 18.239.83.15:443 cmp.quantcast.com tcp
NL 18.239.70.203:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 cmp.inmobi.com udp
NL 18.239.36.2:443 cmp.inmobi.com tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 mydmp.exelator.com udp
NL 18.238.243.129:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
IE 34.254.143.3:443 mydmp.exelator.com tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 onsite-tag-logs.apps.nielsen.com udp
US 8.8.8.8:53 load77.exelator.com udp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 44.215.78.50:443 onsite-tag-logs.apps.nielsen.com tcp
IE 87.249.137.2:443 load77.exelator.com tcp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
US 8.8.8.8:53 apps.identrust.com udp
NL 63.215.202.178:443 proc.ad.cpe.dotomi.com tcp
GB 104.86.110.209:80 apps.identrust.com tcp
US 8.8.8.8:53 api.cmp.inmobi.com udp
GB 104.86.110.209:80 apps.identrust.com tcp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 71.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 15.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 203.70.239.18.in-addr.arpa udp
US 8.8.8.8:53 2.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 129.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 230.175.78.104.in-addr.arpa udp
US 8.8.8.8:53 3.143.254.34.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 2.137.249.87.in-addr.arpa udp
DE 18.159.154.206:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 a.ad.gt udp
US 104.22.4.69:443 a.ad.gt tcp
US 8.8.8.8:53 50.78.215.44.in-addr.arpa udp
US 8.8.8.8:53 209.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 206.154.159.18.in-addr.arpa udp
US 8.8.8.8:53 178.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 p.ad.gt udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
DE 37.252.173.215:443 secure.adnxs.com tcp
US 172.67.23.234:443 ids.ad.gt tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
US 172.67.23.234:443 ids.ad.gt tcp
US 172.67.23.234:443 ids.ad.gt tcp
US 104.18.36.155:443 ssum-sec.casalemedia.com tcp
NL 213.19.162.80:443 token.rubiconproject.com tcp
NL 81.17.55.172:443 sync.smartadserver.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
GB 142.250.178.2:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 p.cpx.to udp
GB 142.250.178.2:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 secure.quantserve.com udp
US 104.22.4.69:443 ids.ad.gt tcp
US 172.67.23.234:443 ids.ad.gt tcp
US 69.166.1.66:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 id5-sync.com udp
IE 52.30.187.129:443 p.cpx.to tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
DE 91.228.74.244:443 secure.quantserve.com tcp
US 8.8.8.8:53 pixels.ad.gt udp
DE 162.19.138.120:443 id5-sync.com tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 104.22.4.69:443 pixels.ad.gt tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 rules.quantcount.com udp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
NL 18.239.50.73:443 rules.quantcount.com tcp
US 8.8.8.8:53 i.clean.gg udp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 215.173.252.37.in-addr.arpa udp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 172.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 129.187.30.52.in-addr.arpa udp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 66.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 20.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 73.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 cdn.edkt.io udp
NL 18.239.68.199:443 aax.amazon-adsystem.com tcp
US 34.120.111.33:443 cdn.edkt.io tcp
US 8.8.8.8:53 apex.go.sonobi.com udp
US 172.67.75.241:443 script.4dex.io tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 s.cpx.to udp
US 8.8.8.8:53 pixel.quantserve.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 track.venatusmedia.com udp
NL 147.75.84.158:443 prebid.a-mo.net tcp
DE 18.192.77.154:443 btlr.sharethrough.com tcp
DE 18.192.77.154:443 btlr.sharethrough.com tcp
DE 18.192.77.154:443 btlr.sharethrough.com tcp
DE 18.192.77.154:443 btlr.sharethrough.com tcp
US 172.64.144.78:443 elb.the-ozone-project.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
FR 5.135.209.97:443 prg.smartadserver.com tcp
FR 5.135.209.97:443 prg.smartadserver.com tcp
IE 108.128.16.222:443 s.cpx.to tcp
US 34.95.69.49:443 i.clean.gg udp
IE 52.18.58.124:443 track.venatusmedia.com tcp
US 172.67.75.241:443 script.4dex.io tcp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 api.edkt.io udp
US 34.120.111.33:443 api.edkt.io tcp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 f92f32db6d27316ca9bfd440b3abeae6.safeframe.googlesyndication.com udp
US 8.8.8.8:53 tg1.aniview.com udp
GB 142.250.187.193:443 f92f32db6d27316ca9bfd440b3abeae6.safeframe.googlesyndication.com tcp
GB 2.23.161.247:443 tg1.aniview.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 track4.aniview.com udp
US 8.8.8.8:53 player.avplayer.com udp
US 8.8.8.8:53 feed.avplayer.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
N/A 224.0.0.251:5353 udp
US 96.46.186.186:443 track4.aniview.com tcp
GB 104.86.110.16:443 player.avplayer.com tcp
GB 92.122.154.104:443 feed.avplayer.com tcp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 199.68.239.18.in-addr.arpa udp
US 8.8.8.8:53 33.111.120.34.in-addr.arpa udp
US 8.8.8.8:53 241.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 78.144.64.172.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 154.77.192.18.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 97.209.135.5.in-addr.arpa udp
US 8.8.8.8:53 222.16.128.108.in-addr.arpa udp
US 8.8.8.8:53 8.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 124.58.18.52.in-addr.arpa udp
US 8.8.8.8:53 74.122.95.52.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 247.161.23.2.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.213.2:443 googleads.g.doubleclick.net tcp
GB 216.58.213.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 bid.g.doubleclick.net udp
US 8.8.8.8:53 cdn1.vntsm.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
BE 64.233.184.157:443 bid.g.doubleclick.net tcp
GB 142.250.200.36:443 www.google.com tcp
FR 143.244.56.49:443 cdn1.vntsm.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 st.pubmatic.com udp
GB 2.23.160.192:443 ads.pubmatic.com tcp
GB 142.250.200.36:443 www.google.com udp
NL 185.64.189.221:443 st.pubmatic.com tcp
GB 104.86.110.16:443 player.avplayer.com tcp
GB 216.58.213.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 play.aniview.com udp
US 8.8.8.8:53 simage4.pubmatic.com udp
GB 104.86.110.33:443 content1.avplayer.com tcp
GB 185.64.190.81:443 simage4.pubmatic.com tcp
GB 2.23.161.247:443 play.aniview.com tcp
US 8.8.8.8:53 16.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 104.154.122.92.in-addr.arpa udp
US 8.8.8.8:53 186.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 157.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 49.56.244.143.in-addr.arpa udp
US 8.8.8.8:53 192.160.23.2.in-addr.arpa udp
US 8.8.8.8:53 221.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 33.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 go1.aniview.com udp
US 173.0.146.6:443 go1.aniview.com tcp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 81.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 6.146.0.173.in-addr.arpa udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 ap.lijit.com udp
NL 154.57.158.26:443 ads.stickyadstv.com tcp
NL 154.57.158.26:443 ads.stickyadstv.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
IE 34.250.113.227:443 ap.lijit.com tcp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
GB 104.86.110.33:443 content1.avplayer.com udp
US 8.8.8.8:53 cs.krushmedia.com udp
US 8.8.8.8:53 ssp.disqus.com udp
FR 51.178.195.212:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 onetag-sys.com udp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 3.223.218.208:443 ssp.disqus.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 34.98.64.218:443 u.openx.net tcp
DE 51.38.120.206:443 onetag-sys.com tcp
IE 34.250.113.227:443 ap.lijit.com tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 3.223.218.208:443 ssp.disqus.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.98.64.218:443 u.openx.net tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 8.8.8.8:53 s2s.aniview.com udp
US 8.8.8.8:53 gum.criteo.com udp
GB 104.86.110.33:443 content1.avplayer.com tcp
GB 104.86.110.33:443 content1.avplayer.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 api.rlcdn.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 p.rfihub.com udp
US 96.46.186.176:443 s2s.aniview.com tcp
US 96.46.186.176:443 s2s.aniview.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 54.157.225.250:443 sync.srv.stackadapt.com tcp
US 74.121.140.211:443 sync.mathtag.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
DE 52.57.233.5:443 optimized-by.rubiconproject.com tcp
US 8.8.8.8:53 26.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 212.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 74.121.140.211:443 sync.mathtag.com tcp
US 54.157.225.250:443 sync.srv.stackadapt.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 151.101.1.108:443 acdn.adnxs.com tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 69.166.1.66:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
DE 3.77.194.54:443 match.sharethrough.com tcp
DE 3.77.194.54:443 match.sharethrough.com tcp
US 8.8.8.8:53 sync.aniview.com udp
US 8.8.8.8:53 assets.a-mo.net udp
US 96.46.186.182:443 sync.aniview.com tcp
US 104.19.158.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 targeting.unrulymedia.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
DE 3.77.194.54:443 match.sharethrough.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 34.98.64.218:443 u.openx.net udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 dnacdn.net udp
GB 2.22.5.61:443 eus.rubiconproject.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 8.8.8.8:53 d.turn.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 227.113.250.34.in-addr.arpa udp
US 8.8.8.8:53 208.218.223.3.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 134.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 176.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 5.233.57.52.in-addr.arpa udp
US 8.8.8.8:53 250.225.157.54.in-addr.arpa udp
US 8.8.8.8:53 211.140.121.74.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 54.194.77.3.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
DE 51.38.120.206:443 onetag-sys.com udp
US 96.46.186.182:443 sync.aniview.com tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
NL 46.228.164.13:443 d.turn.com tcp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 96.46.186.182:443 sync.aniview.com tcp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 96.46.186.182:443 sync.aniview.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 81.17.55.109:443 ssbsync-global.smartadserver.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
NL 18.239.94.92:443 s.ad.smaato.net tcp
NL 81.17.55.172:443 rtb-csync.smartadserver.com tcp
DE 3.64.107.104:443 rtb.mfadsrvr.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 b1sync.zemanta.com udp
GB 185.64.190.79:443 image8.pubmatic.com tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 80.77.87.161:443 cs.admanmedia.com tcp
NL 18.239.50.45:443 api-2-0.spot.im tcp
IE 52.19.105.29:443 match.prod.bidr.io tcp
US 64.202.112.255:443 b1sync.zemanta.com tcp
US 64.202.112.255:443 b1sync.zemanta.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 35.214.229.219:443 csync.loopme.me tcp
IE 52.17.239.25:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 public.servenobid.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
NL 18.65.39.129:443 public.servenobid.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 67.202.105.22:443 ssc-cms.33across.com tcp
GB 216.58.204.74:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 115.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 61.5.22.2.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 79.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 109.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 92.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 104.107.64.3.in-addr.arpa udp
US 8.8.8.8:53 161.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 45.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 29.105.19.52.in-addr.arpa udp
US 8.8.8.8:53 25.239.17.52.in-addr.arpa udp
US 8.8.8.8:53 255.112.202.64.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 129.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 104.155.46.52.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 35.173.144.25:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 bttrack.com udp
US 192.132.33.67:443 bttrack.com tcp
GB 216.58.204.74:443 imasdk.googleapis.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 track1.avplayer.com udp
GB 216.58.201.102:443 s0.2mdn.net tcp
US 96.46.186.15:443 track1.avplayer.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 25.144.173.35.in-addr.arpa udp
US 8.8.8.8:53 67.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 15.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
GB 142.250.187.226:443 pubads.g.doubleclick.net tcp
GB 142.250.187.226:443 pubads.g.doubleclick.net tcp
GB 142.250.187.226:443 pubads.g.doubleclick.net tcp
GB 142.250.187.226:443 pubads.g.doubleclick.net tcp
US 8.8.8.8:53 g2.gumgum.com udp
IE 34.240.94.244:443 g2.gumgum.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
PH 142.251.221.35:443 csi.gstatic.com tcp
PH 142.251.221.35:443 csi.gstatic.com tcp
PH 142.251.221.35:443 csi.gstatic.com tcp
PH 142.251.221.35:443 csi.gstatic.com tcp
GB 142.250.187.226:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 ssp-sync.criteo.com udp
PH 142.251.221.35:443 csi.gstatic.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
NL 81.17.55.172:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 wt.rqtrk.eu udp
DE 57.129.18.113:443 wt.rqtrk.eu tcp
PH 142.251.221.35:443 csi.gstatic.com tcp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 244.94.240.34.in-addr.arpa udp
US 8.8.8.8:53 7.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 35.221.251.142.in-addr.arpa udp
US 8.8.8.8:53 113.18.129.57.in-addr.arpa udp
US 8.8.8.8:53 pixel-us-east.rubiconproject.com udp
US 8.43.72.98:443 pixel-us-east.rubiconproject.com tcp
PH 142.251.221.35:443 csi.gstatic.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 cs-rtb.minutemedia-prebid.com udp
NL 18.239.18.13:443 cs-rtb.minutemedia-prebid.com tcp
US 8.8.8.8:53 98.72.43.8.in-addr.arpa udp
US 8.8.8.8:53 sync.adkernel.com udp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 8.8.8.8:53 cdn.dxkulture.com udp
US 172.64.145.29:443 cdn.dxkulture.com tcp
US 8.8.8.8:53 13.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 72.57.245.77.in-addr.arpa udp
US 8.8.8.8:53 29.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 ow.pubmatic.com udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
DE 79.127.216.47:443 id.a-mx.com tcp
NL 213.19.162.71:443 prebid-server.rubiconproject.com tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
US 8.8.8.8:53 rcp.c.appier.net udp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 ads.servenobid.com udp
JP 172.105.203.31:443 rcp.c.appier.net tcp
US 8.8.8.8:53 live.primis.tech udp
IE 34.254.25.105:443 ads.servenobid.com tcp
NL 108.156.60.65:443 live.primis.tech tcp
US 8.8.8.8:53 ce.lijit.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 69.166.1.66:443 sync.go.sonobi.com tcp
JP 172.105.203.31:443 rcp.c.appier.net tcp
US 8.8.8.8:53 hbx.media.net udp
IE 54.154.92.191:443 ce.lijit.com tcp
US 8.8.8.8:53 71.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 116.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 65.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 105.25.254.34.in-addr.arpa udp
GB 2.23.160.20:443 hbx.media.net tcp
DE 162.19.138.120:443 id5-sync.com tcp
US 8.8.8.8:53 c1.adform.net udp
DK 37.157.6.254:443 c1.adform.net tcp
US 8.8.8.8:53 ads.us.e-planning.net udp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
US 8.8.8.8:53 31.203.105.172.in-addr.arpa udp
US 8.8.8.8:53 20.160.23.2.in-addr.arpa udp
US 8.8.8.8:53 191.92.154.54.in-addr.arpa udp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 8.8.8.8:53 ads.dxkulture.com udp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 8.8.8.8:53 tg.socdm.com udp
JP 124.146.153.162:443 tg.socdm.com tcp
JP 124.146.153.162:443 tg.socdm.com tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 match.deepintent.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 54.157.225.250:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 sync.ipredictive.com udp
US 169.197.150.8:443 match.deepintent.com tcp
US 169.197.150.8:443 match.deepintent.com tcp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
US 52.72.254.203:443 sync.ipredictive.com tcp
IE 54.77.123.65:443 pr-bh.ybp.yahoo.com tcp
US 8.8.8.8:53 rtb.gumgum.com udp
US 8.8.8.8:53 usersync.gumgum.com udp
IE 34.247.205.196:443 usersync.gumgum.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
US 8.8.8.8:53 254.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 71.126.55.45.in-addr.arpa udp
US 8.8.8.8:53 3.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 162.153.146.124.in-addr.arpa udp
US 8.8.8.8:53 8.150.197.169.in-addr.arpa udp
US 8.8.8.8:53 196.205.247.34.in-addr.arpa udp
US 8.8.8.8:53 203.254.72.52.in-addr.arpa udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 8.8.8.8:53 pixel.tapad.com udp
US 34.111.113.62:443 pixel.tapad.com tcp
US 8.8.8.8:53 rtb.openx.net udp
US 35.186.253.211:443 rtb.openx.net tcp
US 34.111.113.62:443 pixel.tapad.com udp
US 8.8.8.8:53 sync.ex.co udp
US 35.186.253.211:443 rtb.openx.net udp
US 34.224.42.209:443 sync.ex.co tcp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 209.42.224.34.in-addr.arpa udp
US 8.8.8.8:53 cm.adform.net udp
DK 37.157.3.20:443 cm.adform.net tcp
US 8.8.8.8:53 57.162.23.2.in-addr.arpa udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 35.34.16.2.in-addr.arpa udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 www.file.io udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
FR 185.86.139.116:443 prg.smartadserver.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 172.217.169.3:443 www.google.co.uk udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 st.pubmatic.com udp
US 8.8.8.8:53 116.139.86.185.in-addr.arpa udp
GB 142.250.200.36:443 www.google.com udp
GB 104.86.110.113:443 www.bing.com tcp
US 8.8.8.8:53 113.110.86.104.in-addr.arpa udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
GB 216.58.204.74:443 imasdk.googleapis.com udp
GB 216.58.204.74:443 imasdk.googleapis.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e1b45169ebca0dceadb0f45697799d62
SHA1 803604277318898e6f5c6fb92270ca83b5609cd5
SHA256 4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60
SHA512 357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

\??\pipe\LOCAL\crashpad_1852_BWSTSYCQJURKBJXI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9ffb5f81e8eccd0963c46cbfea1abc20
SHA1 a02a610afd3543de215565bc488a4343bb5c1a59
SHA256 3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc
SHA512 2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 27d58eddb54877fbef27457afb067271
SHA1 96ddf544667a85043abf616fe04b6b4eabb388c6
SHA256 27ccbfad05ca880b964c7499c96723d445eea52cd65b3e56c0206cc48003529f
SHA512 885d1ea6cc105eeeab75611f2593866cf8403594084ab564dcbc72fc23c9fa7fe176f28d189e6444993bb9dbb8c80aa455fe6fec15b3e5c6c1a14a6e6d867a8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dded7addc02129b3d15094e9004c7ca2
SHA1 3167ee07abf5f28d615eb089b5ccf4a3f096e3a1
SHA256 a2595a54be3e4d05d3e49b0acf0b97d05c3b9b9eb96904447eaec690b719caf1
SHA512 0bd4d98df1ca247f3025aa7958d1658ca95f073627057b3fafb2263222d5688ec42e815c7d815cd60d8c0e9bc8258b4dbba20c517280f5af523458d5f8d7a8d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 95294f3c09adea681206f88fc36c7916
SHA1 9667b2003cbf2a4f13fa5978d4df96ac6ea075f1
SHA256 c1b9a5731fe5a54f582016dd82b53bfca3d85b6dc8c006b889006010d01ae801
SHA512 f63b8c5289b001aa83bd19a6b1cbadffed9d0a046e14e22b0f821a0299bd540bd36c065a7cce2d66fe1b13b7c9ae7a129831e2d6375c739955df68c270d25f26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 4322f0449af173fb3994d2bef7ecb2e4
SHA1 b6ee5c6f76b8eee448f6b4b2b56fa1ec39653934
SHA256 0502e6e2f3fc54a30dea0eb07eb19a395c7ea6fc273321a49a4cc977a59b7cc9
SHA512 d8bae6131a5a8a1fcabb2d7efebc6cdbba27955fb77484a5d87dbce7a237c0cd5e19b74b4dad28312929ad732d3b80cf3d7f15f059c88438d0bc6ff9535ceeef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 f956edde726a7fcfeb3719374e05ae21
SHA1 2621a5d035cdf56c2e762cdddcd7ba4147afb46e
SHA256 189fe4b4e8fe5d24df4abded9d160251dec0dc80046ea08edec3d716c0f094e0
SHA512 4dbb6f109f4b5aaca90fd9d898ebea16124065822c7e451ee47ab0f62f18427427817fca5ecc5feb394c3697d3b21ad66dbc4765d69cda227d9f233fbcb8ad14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_sync.a-mo.net_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 40d0f8aa917c8f293288f2d7245d0649
SHA1 1db8f2519aabe8e12f082408cd29c65c6407cf22
SHA256 ed26ab2c89099afb8658b62d4c6ee16f191fe4d2ce82b77bf664bb3b5b56ecd0
SHA512 ac4651427cee8b6a38211debd33e745e2e054a561c7a1288245d0e9e901e910f494170df28b5c6d0003e33744f5584bd939dc6d739e04c0aa5d7202534f0f0be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a93f18510627e0fe74e66988d8b6df5d
SHA1 280d5bbf1dacf4bd09414b2bd6675495e54c945a
SHA256 c8d78cdbc5053baed992507b6aa4a5543037bccd2cd516f40c8c7d5ec8f29f00
SHA512 d5f355411f1e5982f0d99f5061da6261170cd7ca2cd8590062ace600b387be48bfb4d8dcb43c80555a9b89c65658c1d498a92ed5222d80b145cf89ec0e80aa74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578ef2.TMP

MD5 38536ee08c4523ce180a353bade5f0dd
SHA1 aaebdd3f6d666c1f382622155dd0541b50bb6cb2
SHA256 f2a54092997469f0731eb93c9e91694c163c7b5dc82d0db93b3e5247d4be91bb
SHA512 64ab68232990ff141e8ab968414dbd565b5bd22513517c65804b1f4672fc64235392f2894d27718994a0969a76af4d19ed91817fa917ae5c099d9154930ec7af

C:\Users\Admin\Downloads\Unconfirmed 47957.crdownload

MD5 c96630864da44a58d788cea48868142b
SHA1 30af27c3cdc28b7e812581ea315041d986f72efc
SHA256 c42173527d3da78f3bc2fb45dd1b37a1c017696868d354a807e283266dddfee8
SHA512 b0a3bc7b25843bc489c61acc7d31f787cb9a5de67ce09867b09960b0593e56557e951d7021dd6a6b30f20985bc64cf1050ce05e8d2a2ca00feb0344b8a9a928f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5e42077b85df235_0

MD5 5f8538a4c96496a08cbef532c5b0b853
SHA1 f63f4dbc1c578d43801f516a131e40b69157ed9b
SHA256 edff87a04b1982d56adb6e79d3c2c527925988d7ef3a2ed838b51ae00def7c23
SHA512 05aaacba64365dd942a48a981babb8e7571b8215c3ebea6117c57487eb7c5f1d3c9ff0d1586d888614a7c8a90713e1789fab7349fdbd51973013d73c6866fc80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 be64860990a3c9f9a86a42230514a913
SHA1 6876c1fbcbbc014fe0dfb6feb64f0e06caed59ad
SHA256 6622cb9f2fbf9cb4387c4c08e7deb9f0f9df56d9c172e8472fd2947fa0a96256
SHA512 1051f4d682c2f7a8ea07891c33ceb840f3d7d2d868ca9945c483d7c2cd9a76dc6ad09e5e1d125330c5fe49d02022281e3766f26c46ed5afcf2e5861fa51e70cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7959d67fc58d2f4fe03d4649f6097e43
SHA1 08afb41ea3b8e0c7ab005f435d7cac3699be0224
SHA256 99beac05b48d243318e199cae9756f0ab237314b885dd00e195897e92f19d8ee
SHA512 631c6a8e0e5d798327578e7de2b95555b519e5dc5768ea36a8bbee5ab4fa3a1d3863a49dab8f106103d5a04e6e433d24925030a4eb3877007587f4ac829f9c5a

C:\Users\Admin\Downloads\Eclipse RAT\Eclipse.exe

MD5 12004ffe642ec0361cd3d4a8172d41ce
SHA1 a1663cd6053e0887aaa9c975f54b7f7c2fe46944
SHA256 468c505bb1633c5e3f810884c1d1a68f328c656acd95d0fe3fe6663a96995b56
SHA512 5ab7201f7202cb242037000b98e70f507055d702bb96c72aa2b1ff8c906df6a051643e3068685a39e31df2f8b21ab28f5e1c9902e3fefde137dc50546826b5ae

C:\Users\Admin\AppData\Local\Temp\svchost.exe

MD5 2ef91bf37b3da8cad6751b665bd4e6af
SHA1 5c15bbc721f91855388861d378cf9d26a140cead
SHA256 5263ecab05efc0fda51526658fdfa446f6108c009b8c2ddc9dd93ba29ea691b7
SHA512 16f1846fde3d65413d1c478b59761cb5b74c5fa4556c7234858010efc05e81e305c9054895e388e9de85f6a55d05d6ac0236ed85dcdce3b82b0a82b4986eb2a3

memory/968-553-0x00000000003E0000-0x000000000044D000-memory.dmp

C:\Users\Admin\AppData\Roaming\explorer.exe

MD5 ce453607540a4b0e0c88476042d31791
SHA1 9fe09b42424e044a7c11aea2f214a3d86de8f5a1
SHA256 9a10c5b653feff9be0898a0ae18f7479e36275896bd4482f1fec237cf9ce619c
SHA512 f0fdcd4e5fdbc03d4a3bb1eee4b69c6bf2585a609f9fc56739e9320d1072a7935ce126e7dc737ad1592f64023c3a17d0e0dd659a5d3a4ee940ca2301e81912ee

C:\Users\Admin\AppData\Local\Temp\_MEI45682\VCRUNTIME140.dll

MD5 f34eb034aa4a9735218686590cba2e8b
SHA1 2bc20acdcb201676b77a66fa7ec6b53fa2644713
SHA256 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
SHA512 d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

memory/5208-580-0x0000000004CF0000-0x0000000004D26000-memory.dmp

memory/5208-581-0x0000000074040000-0x00000000747F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI45682\python310.dll

MD5 3f782cf7874b03c1d20ed90d370f4329
SHA1 08a2b4a21092321de1dcad1bb2afb660b0fa7749
SHA256 2a382aff16533054e6de7d13b837a24d97ea2957805730cc7b08b75e369f58d6
SHA512 950c039eb23ed64ca8b2f0a9284ebdb6f0efe71dde5bbf0187357a66c3ab0823418edca34811650270eea967f0e541eece90132f9959d5ba5984405630a99857

memory/4284-583-0x00007FF8E1780000-0x00007FF8E1BE6000-memory.dmp

memory/5208-582-0x0000000005410000-0x0000000005A38000-memory.dmp

memory/5412-590-0x0000000002660000-0x0000000002670000-memory.dmp

memory/5412-591-0x0000000002660000-0x0000000002670000-memory.dmp

memory/4284-592-0x00007FF8F49D0000-0x00007FF8F49DF000-memory.dmp

memory/5208-589-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

memory/4284-593-0x00007FF8E23A0000-0x00007FF8E23B8000-memory.dmp

memory/4284-594-0x00007FF8E1CE0000-0x00007FF8E1D0C000-memory.dmp

memory/5412-595-0x0000000074040000-0x00000000747F0000-memory.dmp

memory/4284-596-0x00007FF8E3620000-0x00007FF8E3644000-memory.dmp

memory/5412-597-0x0000000004EB0000-0x0000000004ED2000-memory.dmp

memory/5208-598-0x0000000005BE0000-0x0000000005C46000-memory.dmp

memory/5208-599-0x0000000005C50000-0x0000000005CB6000-memory.dmp

memory/5208-609-0x0000000005CC0000-0x0000000006014000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kkxw1tth.ulw.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5208-628-0x00000000062A0000-0x00000000062BE000-memory.dmp

memory/4284-629-0x00007FF8E1780000-0x00007FF8E1BE6000-memory.dmp

memory/5208-631-0x00000000063F0000-0x000000000643C000-memory.dmp

memory/7724-649-0x00007FF8EC3E0000-0x00007FF8EC846000-memory.dmp

memory/968-650-0x0000000003600000-0x0000000003A00000-memory.dmp

memory/7724-652-0x00007FF8FD700000-0x00007FF8FD724000-memory.dmp

memory/7724-653-0x00007FF8FD6F0000-0x00007FF8FD6FF000-memory.dmp

memory/968-654-0x00007FF902D70000-0x00007FF902F65000-memory.dmp

memory/968-657-0x0000000003600000-0x0000000003A00000-memory.dmp

memory/968-656-0x0000000075030000-0x0000000075245000-memory.dmp

memory/7724-659-0x00007FF8FD6D0000-0x00007FF8FD6E8000-memory.dmp

memory/3564-658-0x0000000000E60000-0x0000000000E69000-memory.dmp

memory/968-662-0x00000000003E0000-0x000000000044D000-memory.dmp

memory/7724-663-0x00007FF8FD6A0000-0x00007FF8FD6CC000-memory.dmp

memory/7724-660-0x00007FF8FD670000-0x00007FF8FD67D000-memory.dmp

memory/968-651-0x0000000003600000-0x0000000003A00000-memory.dmp

memory/3564-664-0x00000000029B0000-0x0000000002DB0000-memory.dmp

memory/7724-665-0x00007FF8FD680000-0x00007FF8FD699000-memory.dmp

memory/3564-666-0x00007FF902D70000-0x00007FF902F65000-memory.dmp

memory/3564-667-0x00000000029B0000-0x0000000002DB0000-memory.dmp

memory/3564-669-0x0000000075030000-0x0000000075245000-memory.dmp

memory/5208-670-0x0000000007830000-0x0000000007EAA000-memory.dmp

memory/5208-673-0x00000000067C0000-0x00000000067DA000-memory.dmp

memory/5412-672-0x0000000006E60000-0x0000000006E92000-memory.dmp

memory/5412-674-0x000000007F0C0000-0x000000007F0D0000-memory.dmp

memory/3564-676-0x00000000029B0000-0x0000000002DB0000-memory.dmp

memory/5208-677-0x0000000008460000-0x0000000008A04000-memory.dmp

memory/5412-675-0x0000000073C20000-0x0000000073C6C000-memory.dmp

memory/5412-687-0x0000000006380000-0x000000000639E000-memory.dmp

memory/5208-690-0x0000000007670000-0x0000000007702000-memory.dmp

memory/5412-689-0x00000000070A0000-0x0000000007143000-memory.dmp

memory/5412-688-0x0000000002660000-0x0000000002670000-memory.dmp

memory/5412-691-0x0000000007220000-0x000000000722A000-memory.dmp

memory/5412-692-0x0000000007420000-0x00000000074B6000-memory.dmp

memory/5412-693-0x00000000073C0000-0x00000000073D1000-memory.dmp

memory/5412-697-0x0000000007400000-0x000000000740E000-memory.dmp

memory/5412-698-0x00000000074C0000-0x00000000074D4000-memory.dmp

memory/5412-699-0x0000000007500000-0x000000000751A000-memory.dmp

memory/5412-700-0x00000000074E0000-0x00000000074E8000-memory.dmp

memory/5412-703-0x0000000074040000-0x00000000747F0000-memory.dmp

memory/5208-705-0x0000000074040000-0x00000000747F0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5b6c777d551fe02b413685351f35470c
SHA1 4e331a56ada5e42d7444d0de10d9e358328b381f
SHA256 1ce1556149d1415ef2754ef06ebf68d68dcc5f036740513a4abb6d368f429e2a
SHA512 f135120806c14cf8260257fa9302ed0ae09293f5a1a7c034829722a1af93e506bbeef9a01119a82d9f4631d5bcbd22ffd04ce1881fe367e288904705e8351316

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c4e4c9deae4c995677e70588ef8df38c
SHA1 d42c013090732efeeb095e26f71e26e3f14abecb
SHA256 a50a6726c31ebf578a82ddb935bfeb1fb777737e82497f58ef0041eb18ff95d8
SHA512 ed11f7a9e4fdc900597832838509e53124ef6c81038dd61814f5f47249ea2c9e073195f64813044c1e3b17c482e86185faf13176471a8aba1788e35a1f2ff131

memory/7724-748-0x00007FF8EC3E0000-0x00007FF8EC846000-memory.dmp

memory/7724-749-0x00007FF8FD700000-0x00007FF8FD724000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 1aea0a3555e0aa11fcdf612aba960b23
SHA1 17a314540bc816ab4c0b4943fd1af3206a66b6c0
SHA256 3b82bca8b33cc0cd589bc17a94c12f6e41b4646a21659ac8e4b5e9a4a16cb513
SHA512 a57237cbd14089734c8f0495c974b9f424d06415fa99756a39e3667adad50020ea5c537b5b9081ff8135e71e529186ef6d455e2bed684fae5d3c7e281f2a3d3c

memory/5684-822-0x0000000000B30000-0x0000000000B9D000-memory.dmp

memory/7716-836-0x0000000073690000-0x0000000073E40000-memory.dmp

memory/7716-837-0x0000000004670000-0x0000000004680000-memory.dmp

memory/7716-844-0x0000000004670000-0x0000000004680000-memory.dmp

memory/3204-845-0x00007FF8E2E00000-0x00007FF8E3266000-memory.dmp

memory/8172-846-0x0000000073690000-0x0000000073E40000-memory.dmp

memory/3204-847-0x00007FF8F47F0000-0x00007FF8F4814000-memory.dmp

memory/7716-858-0x0000000005570000-0x00000000058C4000-memory.dmp

memory/8172-848-0x0000000002BF0000-0x0000000002C00000-memory.dmp

memory/3204-859-0x00007FF8F8180000-0x00007FF8F818F000-memory.dmp

memory/3204-860-0x00007FF8F4620000-0x00007FF8F464C000-memory.dmp

memory/3204-861-0x00007FF8F49D0000-0x00007FF8F49DD000-memory.dmp

memory/3204-862-0x00007FF8F47D0000-0x00007FF8F47E8000-memory.dmp

memory/5684-877-0x00007FF902D70000-0x00007FF902F65000-memory.dmp

memory/5684-880-0x0000000075030000-0x0000000075245000-memory.dmp

memory/6788-886-0x00007FF902D70000-0x00007FF902F65000-memory.dmp

memory/6788-889-0x0000000075030000-0x0000000075245000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5ba006e5306355b8e8ef514d10626057
SHA1 9e50102d0b7ede76f6132163d9047781ac7763fc
SHA256 71529093e9d1eaf1a3f42f7ee2bde40a655bfe96bfcc6f46d2dd503e4bb91cb6
SHA512 7cfcac3498ad943504f5501fab2b637a0f28950928015c31d5ba53253415458e8260f641178c9fd87c97e053ae0b681303916e983fc0ceb850846737f38facd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 31f61292015c32b9f0828047c4e95e87
SHA1 3972523f17e7416400a64aa7c07f45dd39157373
SHA256 936a951d8898298b8844d37928bf1e6055b96a0db69d85328eeb6556034b5e21
SHA512 00a2c3f18511a35138b8d2b9e6e24c10eb9fd3cd36ab12447f99711270630b39c16baed59901327c7a8028671919c7a59770b83713c8a909d9f2a4a83d56664d

memory/1008-1003-0x0000000004200000-0x0000000004600000-memory.dmp

memory/1008-1004-0x00007FF902D70000-0x00007FF902F65000-memory.dmp

memory/1008-1007-0x0000000075030000-0x0000000075245000-memory.dmp

memory/7996-1024-0x0000000002D10000-0x0000000003110000-memory.dmp

memory/7996-1025-0x00007FF902D70000-0x00007FF902F65000-memory.dmp

memory/7996-1028-0x0000000075030000-0x0000000075245000-memory.dmp