Malware Analysis Report

2024-11-30 13:37

Sample ID 240603-2grxfscd34
Target Loader.exe
SHA256 7a217c82459cd9a3d6e190410f511e1c534a6fd19d32f3c5f47baf6c02d807dc
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7a217c82459cd9a3d6e190410f511e1c534a6fd19d32f3c5f47baf6c02d807dc

Threat Level: Shows suspicious behavior

The file Loader.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Unsigned PE

Detects Pyinstaller

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Views/modifies file attributes

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 22:33

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 22:33

Reported

2024-06-03 22:37

Platform

win7-20240221-en

Max time kernel

122s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Loader.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Loader.exe

"C:\Users\Admin\AppData\Local\Temp\Loader.exe"

C:\Users\Admin\AppData\Local\Temp\Loader.exe

"C:\Users\Admin\AppData\Local\Temp\Loader.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI26962\faker\providers\job\es_MX\__init__.py

MD5 eeaa6ca5cb7f4bb1d7e75797f9b5af37
SHA1 0ac3743facacbc2090930b41cf38bcfe2951eb37
SHA256 ce99db30f577944104a7365372ea8363cd9d0087a6e9d88f7b835a1926da336c
SHA512 b492e6fa3eb607683a6c6f5696835aeae5e4c12fd2d44346bfd954d25c0bcf5bda808c175b0b17e26a0d5daf4f91d8588de119f5b747a80b3cfe53f68bbecd7c

C:\Users\Admin\AppData\Local\Temp\_MEI26962\ucrtbase.dll

MD5 28146c66076a266e93956111981cad4e
SHA1 44797bab4d3d3a8ccdb9df3a519cd3dbef838c31
SHA256 ed570898508c9d9186052157106b6dd9722bed47a27ecfeb424386c8970d81da
SHA512 078c8d6595b0afcee215a44ef9caa82f990ef2bf5dadb8fd84d83ac89839abeee1f9ce250e80b77cbbdde5d13688ed345da1f4bf22958490e645c074d2453f85

C:\Users\Admin\AppData\Local\Temp\_MEI26962\api-ms-win-core-file-l1-2-0.dll

MD5 8d1531275b769c1bd485440214bfaf82
SHA1 c8bb901b148522595cd78f1e12f61730bfa3d9df
SHA256 0b7a730b6b10c9d2e2fe1b9b4419b1fc60db9074a0c6f830e1b2da4d0f65fe88
SHA512 55914f424c400208b0d2c4d6cafa355aecf4697d3a6bf4032fe298214ed3565013c969b1e23d91cdf995dad46760c80e3a0a3abc062b3084b2bb4bc83a90995f

C:\Users\Admin\AppData\Local\Temp\_MEI26962\api-ms-win-core-localization-l1-2-0.dll

MD5 ab169047e1a0fcf3c98be20b451cb13e
SHA1 a286836c85ae43ed5c79b9875f97abdadf57b560
SHA256 3cbc6f8cc2a014c9c6e87ca05dd0e9e0884da58afdc53b589b3d7172c4403ed7
SHA512 c8e27ebd9335f7f34919e841f9834fa687f822d4289b47c20283e37f4a499008668bafd12e1f742597a6c8623312fc41881c18a56b9062a2a609dbb55f0cd17c

C:\Users\Admin\AppData\Local\Temp\_MEI26962\api-ms-win-core-processthreads-l1-1-1.dll

MD5 5132f7fe729791081561426904d45e76
SHA1 56fba2baed4123bf4be7be1c5344f95e6bd9db9c
SHA256 a5aa6755860602c58c0edb1353c965e6f0ba58e7276ba6fb5a0b961fb274d125
SHA512 b12e981ddb608049456dbfc0bb77350819f42caf0da457ad778bb9ded3979503ce6713d366547ac3f949ebdc01d0775da1d726fd367b11b8680a472017f59cc6

C:\Users\Admin\AppData\Local\Temp\_MEI26962\api-ms-win-core-timezone-l1-1-0.dll

MD5 1ee744ceca8da8dba0dc27f25125242c
SHA1 4c168b8673cfabbbbcf00195cf0db7b640a0289f
SHA256 c67dd8ed74c0a207c980caa6bb453e62180a71af175feeb42c2c926ecb911e0a
SHA512 d17b8f1419e3f77729c686d4fe79feb08368953e0997ef67217e829456e1c13dde5d9e7a0c35d117d1ae4d40f37e160cb6390b45242c0308d809dfdadb3155f9

C:\Users\Admin\AppData\Local\Temp\_MEI26962\api-ms-win-core-file-l2-1-0.dll

MD5 50d07886dd9136e8da57bfde8fa1f69c
SHA1 17526cd01e870d4087c5aa423e4971c72882e173
SHA256 67fd0522cacfc3f5fb90373dd5fb388b6f63035d9a380cac4a3dd3d7801724ed
SHA512 7d1b12529f35e1bcd7a858fef4001a4a5e0ff15506789fb3ce56b58427d16c32a9c1768b87b2f66a1b37456a05f8e05ae0b0eddfb4335ae0cb8eda00550175c0

C:\Users\Admin\AppData\Local\Temp\_MEI26962\python311.dll

MD5 5a5dd7cad8028097842b0afef45bfbcf
SHA1 e247a2e460687c607253949c52ae2801ff35dc4a
SHA256 a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce
SHA512 e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 22:33

Reported

2024-06-03 22:37

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Loader.exe"

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1080 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Users\Admin\AppData\Local\Temp\Loader.exe
PID 1080 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Users\Admin\AppData\Local\Temp\Loader.exe
PID 4764 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe
PID 4764 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe C:\Windows\system32\cmd.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Loader.exe

"C:\Users\Admin\AppData\Local\Temp\Loader.exe"

C:\Users\Admin\AppData\Local\Temp\Loader.exe

"C:\Users\Admin\AppData\Local\Temp\Loader.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c title MCC Loader 1.0.4

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c title MCC Loader 1.0.4

C:\Windows\SYSTEM32\attrib.exe

attrib +H TOSVDOIAHWOIHSAKLFHWA.txt

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/fzkswm766mu35dz/Katana_SS_Tool.zip/file

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb441746f8,0x7ffb44174708,0x7ffb44174718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5360 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10760 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1001097616551761757,1346007645771966854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 g.bing.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 104.21.63.106:443 www.ezojs.com tcp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
GB 18.154.84.124:443 cdn.amplitude.com tcp
GB 142.250.187.238:443 translate.google.com tcp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 106.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 124.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 g.ezoic.net udp
FR 15.188.219.54:443 g.ezoic.net tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 go.ezodn.com udp
US 104.16.53.110:443 cdn.otnolatrnup.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 api.amplitude.com udp
NL 23.63.101.152:80 apps.identrust.com tcp
US 104.26.2.173:443 www.mediafiredls.com tcp
US 44.224.167.155:443 api.amplitude.com tcp
GB 142.250.179.234:443 translate.googleapis.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 otnolatrnup.com udp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
BE 74.125.71.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 bshr.ezodn.com udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 54.219.188.15.in-addr.arpa udp
US 8.8.8.8:53 110.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 152.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 173.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 155.167.224.44.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 172.67.142.121:443 bshr.ezodn.com tcp
US 8.8.8.8:53 157.71.125.74.in-addr.arpa udp
US 216.239.32.181:443 analytics.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
GB 18.245.143.118:443 tags.crwdcntrl.net tcp
IE 52.49.45.15:443 bcp.crwdcntrl.net tcp
IE 52.48.217.227:443 ad.crwdcntrl.net tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 181.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 15.45.49.52.in-addr.arpa udp
US 8.8.8.8:53 227.217.48.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
FR 15.188.219.54:443 g.ezoic.net tcp
US 8.8.8.8:53 ad16b4654df7b4c630f515944809393b.safeframe.googlesyndication.com udp
GB 172.217.169.65:443 ad16b4654df7b4c630f515944809393b.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 172.67.75.241:443 script.4dex.io tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 172.64.151.101:443 htlb.casalemedia.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
IE 54.155.222.129:443 ap.lijit.com tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
GB 18.245.254.89:443 cdn.prod.uidapi.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 108.138.217.110:443 hb.yellowblue.io tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 172.67.75.241:443 script.4dex.io tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 oajs.openx.net udp
DE 51.38.120.206:443 onetag-sys.com udp
US 34.120.135.53:443 oajs.openx.net tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 id5-sync.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
DE 162.19.138.120:443 id5-sync.com tcp
US 34.120.135.53:443 oajs.openx.net udp
US 8.8.8.8:53 resources.infolinks.com udp
US 172.66.41.9:443 resources.infolinks.com tcp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 241.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 66.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 129.222.155.54.in-addr.arpa udp
US 8.8.8.8:53 89.254.245.18.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 110.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 209.31.22.104.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 9.41.66.172.in-addr.arpa udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 router.infolinks.com udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 dnacdn.net udp
FR 178.250.7.13:443 dnacdn.net tcp
FR 185.235.86.206:443 gem.gbc.criteo.com tcp
NL 185.235.87.229:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 229.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 206.86.235.185.in-addr.arpa udp
US 216.239.32.181:443 analytics.google.com udp
US 8.8.8.8:53 download1323.mediafire.com udp
US 205.196.123.11:443 download1323.mediafire.com tcp
US 205.196.123.11:443 download1323.mediafire.com tcp
US 205.196.123.11:443 download1323.mediafire.com tcp
US 8.8.8.8:53 11.123.196.205.in-addr.arpa udp
US 104.16.53.110:80 otnolatrnup.com tcp
US 104.16.53.110:80 otnolatrnup.com tcp
US 8.8.8.8:53 woreppercomming.com udp
GB 18.165.227.8:443 woreppercomming.com tcp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 www.ovardu.com udp
US 13.248.245.213:443 eb2.3lift.com tcp
US 104.21.96.72:443 www.ovardu.com tcp
GB 2.21.188.239:443 ads.pubmatic.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 172.64.149.180:443 js-sec.indexww.com tcp
NL 79.127.227.46:443 id.a-mx.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
GB 142.250.179.234:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
IE 108.128.26.74:443 ce.lijit.com tcp
US 8.8.8.8:53 assets.a-mo.net udp
US 8.8.8.8:53 8.227.165.18.in-addr.arpa udp
US 8.8.8.8:53 72.96.21.104.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 www.opera.com udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 104.19.159.19:443 assets.a-mo.net tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 static.smilewanted.com udp
DE 35.158.68.76:443 www.opera.com tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 216.200.232.249:443 sync.mathtag.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
NL 89.149.192.245:443 ssbsync-global.smartadserver.com tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
DE 52.29.4.131:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 spl.zeotap.com udp
US 172.67.40.173:443 spl.zeotap.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
GB 142.250.187.226:443 cm.g.doubleclick.net tcp
GB 142.250.187.226:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 239.188.21.2.in-addr.arpa udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 173.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 131.4.29.52.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 46.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 245.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 81.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 76.68.158.35.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 19.159.19.104.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 74.26.128.108.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 161.182.54.209.in-addr.arpa udp
NL 81.17.55.172:443 sync.smartadserver.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
DE 37.252.171.149:443 secure.adnxs.com tcp
US 8.8.8.8:53 ice.360yield.com udp
US 8.8.8.8:53 u.openx.net udp
IE 34.253.100.199:443 ice.360yield.com tcp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 ow.pubmatic.com udp
GB 185.64.190.84:443 ow.pubmatic.com tcp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 us.shb-sync.com udp
US 8.2.110.33:443 us.shb-sync.com tcp
DK 37.157.6.233:443 cm.adform.net tcp
US 8.8.8.8:53 172.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 149.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 199.100.253.34.in-addr.arpa udp
US 8.8.8.8:53 84.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 s.ad.smaato.net udp
GB 108.156.39.10:443 s.ad.smaato.net tcp
US 8.8.8.8:53 sync.a-mo.net udp
NL 145.40.97.67:443 sync.a-mo.net tcp
NL 145.40.97.67:443 sync.a-mo.net tcp
NL 145.40.97.67:443 sync.a-mo.net tcp
US 8.8.8.8:53 233.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 33.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 10.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI10802\faker\providers\job\es_MX\__init__.py

MD5 eeaa6ca5cb7f4bb1d7e75797f9b5af37
SHA1 0ac3743facacbc2090930b41cf38bcfe2951eb37
SHA256 ce99db30f577944104a7365372ea8363cd9d0087a6e9d88f7b835a1926da336c
SHA512 b492e6fa3eb607683a6c6f5696835aeae5e4c12fd2d44346bfd954d25c0bcf5bda808c175b0b17e26a0d5daf4f91d8588de119f5b747a80b3cfe53f68bbecd7c

C:\Users\Admin\AppData\Local\Temp\_MEI10802\ucrtbase.dll

MD5 28146c66076a266e93956111981cad4e
SHA1 44797bab4d3d3a8ccdb9df3a519cd3dbef838c31
SHA256 ed570898508c9d9186052157106b6dd9722bed47a27ecfeb424386c8970d81da
SHA512 078c8d6595b0afcee215a44ef9caa82f990ef2bf5dadb8fd84d83ac89839abeee1f9ce250e80b77cbbdde5d13688ed345da1f4bf22958490e645c074d2453f85

C:\Users\Admin\AppData\Local\Temp\_MEI10802\python311.dll

MD5 5a5dd7cad8028097842b0afef45bfbcf
SHA1 e247a2e460687c607253949c52ae2801ff35dc4a
SHA256 a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce
SHA512 e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

C:\Users\Admin\AppData\Local\Temp\_MEI10802\VCRUNTIME140.dll

MD5 4585a96cc4eef6aafd5e27ea09147dc6
SHA1 489cfff1b19abbec98fda26ac8958005e88dd0cb
SHA256 a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736
SHA512 d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

C:\Users\Admin\AppData\Local\Temp\_MEI10802\base_library.zip

MD5 2f6d57bccf7f7735acb884a980410f6a
SHA1 93a6926887a08dc09cd92864cd82b2bec7b24ec5
SHA256 1b7d326bad406e96a4c83b5a49714819467e3174ed0a74f81c9ebd96d1dd40b3
SHA512 95bcfc66dbe7b6ad324bd2dc2258a3366a3594bfc50118ab37a2a204906109e42192fb10a91172b340cc28c12640513db268c854947fb9ed8426f214ff8889b4

C:\Users\Admin\AppData\Local\Temp\_MEI10802\_ctypes.pyd

MD5 bd36f7d64660d120c6fb98c8f536d369
SHA1 6829c9ce6091cb2b085eb3d5469337ac4782f927
SHA256 ee543453ac1a2b9b52e80dc66207d3767012ca24ce2b44206804767f37443902
SHA512 bd15f6d4492ddbc89fcbadba07fc10aa6698b13030dd301340b5f1b02b74191faf9b3dcf66b72ecf96084656084b531034ea5cadc1dd333ef64afb69a1d1fd56

C:\Users\Admin\AppData\Local\Temp\_MEI10802\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 d8ad62c97e8fd8c00959a8812a763f1d
SHA1 a32c26b69d2a7d900a0de544203aa0f0e225a51a
SHA256 52049f5431f10856708fd7c6ed42beadaae65ae3092c0aa56f79704f6d5ef963
SHA512 87ea1a72a271faae38444969d7e9995c3cd926e5d85562eb33c7d8186274b2df663dd5e31af8c6731d678ae463843f8797b8e586830bb45c1b6b7ef7a1de4b4a

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-synch-l1-2-0.dll

MD5 a9e2fc6fadadca47a3d67174d054cf1f
SHA1 2bfd066deb3cc84fd0cc0b6b13c1266c68bb33dc
SHA256 abd80237d43ce594f6ca781571085b25db7325cf7549c8d95302e302408a9954
SHA512 fa7e9d43c0e7f924f219c1b478a280cb53f3625d4479c92dd6ea1e9ca403d30d854068bfb7310b3fd44f1effae91d88087ef61b4649160516e9264b1e92dde76

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-synch-l1-1-0.dll

MD5 f77da542def06fbb430198b37506a09d
SHA1 d5a86f3e051d8f5647861fc6d0b66f9be2a41980
SHA256 0ecddd0a18b9759f79bc014b121f4fb97cc2299b15fb00bb54117d1f5decde74
SHA512 aa88dab30faebfb2de590c2ca5d4e64507bac1e09693aac38249eaba24d8a41e0d510e7a24cf1709e6bfe32cacb9a9ca8b210fed28868e2efc02e37abe570c07

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-string-l1-1-0.dll

MD5 0519e2e84483ce47c37a160eb4d4232b
SHA1 dc986257568e666f2b84a3d1fc137f55c95426ae
SHA256 3a76a88faa313726977c44656c3004664c6dd171ff58cd935e9a5ca282a04cab
SHA512 931a7c98e72e56217b3ca10bb1c8da59f1a2d797bf1623345386023f42772ebb58e87e61eb142aae272641ee4f0976ed7e9e0b6ee4d8ce18fd6c745e848cf988

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 fe4c5f591405fb55676180a29c079f43
SHA1 4ca10f86a7a27b86c74205af7dfb8a4d05789e33
SHA256 78dffd464d72e82674647840c3361d860244d010f0402d87a7998d8afbf8cce0
SHA512 b3bb7911c33dfde7e04335eae357a8c9481eebbf7a74b341e37bfa54be400905ce1ad951cff21896f9460922290201242b071014925a4de0343a940f9c6a71da

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-profile-l1-1-0.dll

MD5 2cf91da8fcbbb1f9edbd457196cd2b6e
SHA1 3b2ad932dc29a4fbbea664bcfd64050d2f2be037
SHA256 8a1e68d655fb05b18cfaf8f4bdcfbfc53cfaa7cd941e5aadbc1769c461dd1fb9
SHA512 63a12b7f220be481dd5240f44b6cf3a8c2d734dd460c2db551ac1a985e95702ca0c0caf99a0f4d767afb730b5105f9f41be03e491090893d5a16fd871364622f

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-processthreads-l1-1-1.dll

MD5 5132f7fe729791081561426904d45e76
SHA1 56fba2baed4123bf4be7be1c5344f95e6bd9db9c
SHA256 a5aa6755860602c58c0edb1353c965e6f0ba58e7276ba6fb5a0b961fb274d125
SHA512 b12e981ddb608049456dbfc0bb77350819f42caf0da457ad778bb9ded3979503ce6713d366547ac3f949ebdc01d0775da1d726fd367b11b8680a472017f59cc6

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-processthreads-l1-1-0.dll

MD5 6442313028b28d89f68b8e637a7c6510
SHA1 9d010e45f4faaa65a155d13211750517391a21a7
SHA256 bf1fb2e33c4fa6dfa0a50e2ccf1a1976a02d636e4e45406d2587c271b333da14
SHA512 7397599d60b7b1999e739454fbc1f23c511a20370a22aeb272f007778b2e67b9bcf05638a72985be7c9d133af1ea8744c14c0c8a55ad1451251ee35947f9da24

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 4887dd9dbaa261a8b8ba0c5bf5da03b8
SHA1 19b72460ba53f5d8d95edb83f28d8df2e714d344
SHA256 a41e6074348ca71f102eb9207ab8844c6c470f1260003dd453907f77d14a668f
SHA512 aec187be29253306cbb0d4b0d535b1f9a967ba5f9e868e38fc23de931bdc363119094999d143cb19b2231ad7e97907d1de92f8300ec80afd038079ce7dac5a36

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 360557f082d00dfa55bed5bdcb7d9593
SHA1 f00534612643f0093a689d64cfc61e084e942e12
SHA256 6e2b713382e574f24b17e8a1c911e8256d50b82dc044ace459b6e0c679a3dc32
SHA512 41bc1078e1fda3527ae0cd48051a0ec91d8efe4de1b6ff0903779d7c7ec47b5327aaefbd8b5e9c7543aa786521406b15dfe1bcc65fde6fb3d4eae51cc06ec889

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-memory-l1-1-0.dll

MD5 87b17a424c4e5eed9d5794ba33317dd8
SHA1 7862d1b492dea9e6fe9c6e1e1706137825853947
SHA256 706bb10d0517bae082df6c955c3915d1104ec128bb62059f70cf9564541cfc01
SHA512 75f6dff05a6e06cd103b3b65a40149dde45abdefca67e352ee1ad4202da28efe9dfc530ed2a51995fd1ce019512339fd908f1762244ad7449a5d571ebee41e72

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-localization-l1-2-0.dll

MD5 ab169047e1a0fcf3c98be20b451cb13e
SHA1 a286836c85ae43ed5c79b9875f97abdadf57b560
SHA256 3cbc6f8cc2a014c9c6e87ca05dd0e9e0884da58afdc53b589b3d7172c4403ed7
SHA512 c8e27ebd9335f7f34919e841f9834fa687f822d4289b47c20283e37f4a499008668bafd12e1f742597a6c8623312fc41881c18a56b9062a2a609dbb55f0cd17c

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 7dc3a99fa667f8a00e9689133e4e38c8
SHA1 c37c13d833d6a11212dfae32fa19277baf5000f1
SHA256 d8ac0559b5cfbb8414b39d509bf96999567166ff63f4994c5af07cafa3ec4b08
SHA512 e772c4ba5181c2f543029aa3929f0b3ffecc2e25e350a900f798ae58543938c61e45a233593caf6c45ecc21877ed79e0ff2bd5cd2f61e7a3cd16d2e4e9520212

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-interlocked-l1-1-0.dll

MD5 6455ba4882ce135f21239aedf014acf5
SHA1 2db779414b30759d8394184e1f7254818df62ed9
SHA256 57dcbe7343ac4427af6a82ef24dd7afac04bce59b82fe05aa506fde656f513bc
SHA512 81764d46251bcd76f8c127af3f00ecf13f673b46624beb3a5eab5cdc6d69a0dabba91327e30e976a3fbb0dc6280b0fb4e8e7f237615b27c484b8ac5fc084d056

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-heap-l1-1-0.dll

MD5 5ce4e2adef8fc502db7155483584338f
SHA1 9d7aabb46f1cb7cffbc04b324bb4a10c17c45e97
SHA256 23e4d57c2a94c8412308218a091cde0f4aaf3af360449e31fe524b153a08082f
SHA512 0b160aa88aad8e06d157cb4468cc1479ed31e01064cb8cd0900d34e3a708dd0d77dd239e357fa7618eb75325502f5f8fcb90fd9fc6ed2a9c1d7557cdf1876353

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-handle-l1-1-0.dll

MD5 32dda59c16c53eda2027347b5e741e9d
SHA1 e9ad7505f468b62144a8a8551c2d6dc9f2f82a5e
SHA256 595ebe2feac7f57035b0ce803412bb4470d0366637a191cf4e48d5f5fd8bbffb
SHA512 d7c06ce6ebf509b90592d6262ad9950cd8916f715add79a384f688869de596c8e0546d1597380eadc954a9e5dd2a9dbb818899372ab51104e865644269cdec95

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-file-l2-1-0.dll

MD5 50d07886dd9136e8da57bfde8fa1f69c
SHA1 17526cd01e870d4087c5aa423e4971c72882e173
SHA256 67fd0522cacfc3f5fb90373dd5fb388b6f63035d9a380cac4a3dd3d7801724ed
SHA512 7d1b12529f35e1bcd7a858fef4001a4a5e0ff15506789fb3ce56b58427d16c32a9c1768b87b2f66a1b37456a05f8e05ae0b0eddfb4335ae0cb8eda00550175c0

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-file-l1-2-0.dll

MD5 8d1531275b769c1bd485440214bfaf82
SHA1 c8bb901b148522595cd78f1e12f61730bfa3d9df
SHA256 0b7a730b6b10c9d2e2fe1b9b4419b1fc60db9074a0c6f830e1b2da4d0f65fe88
SHA512 55914f424c400208b0d2c4d6cafa355aecf4697d3a6bf4032fe298214ed3565013c969b1e23d91cdf995dad46760c80e3a0a3abc062b3084b2bb4bc83a90995f

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-file-l1-1-0.dll

MD5 a5335665d8992582f89958087b60d3a9
SHA1 97fb0a21234fd243d46d21992e6016bf0af2f3d8
SHA256 9f8d03558282ec8afa80282d0736625db4c28ba2e1d358734fd9c4a29fe4ed1e
SHA512 b286004cc38d2873b1579b097785cbce24fc9d69989a0dedf05ca338981c6a13678bd71903a6a99f38013e1cf43729e48a3e50827f2dddce3695b9192264c477

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-fibers-l1-1-0.dll

MD5 f5fca0b8661f1d2a8e72d3dbc95abe77
SHA1 9c45d68e7c64c39bd6296157fc812d765999be36
SHA256 55fb31da2909865d9b3b980afa37bff007fdb624524dcc337594118641953784
SHA512 6599eceaecda56ed2dada54aa01a8dae8a1c4dce09ab3c54d0b77885b9b5cc24f67bda6f5285a52a08b69d9e759a52781a829cf130d9224955397c41acaae468

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 2b408cfb2c072c30f6c9007623932d25
SHA1 2835982048a9bf3528a532ee766651653f36de8f
SHA256 48435a9a3b4206b595741c34be6198a759569917cecd3c526f0d63ec0a55b0de
SHA512 3a9d593652a5e9a92881120448772d847901b4eeba1a2ce0161a66cf82e94c1dc2ce3acc17a95e595942b3e0854ffc466efb15023b37aad0925ebd0e0bd44771

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-debug-l1-1-0.dll

MD5 d646d8ea7d6c3271337a827551618e14
SHA1 63deaa4158f99509d88e39406cce3b9c57947de7
SHA256 41ff412526664f93fc6997dace8ccf56c709b34bf745e97091eb5e1a7c7e491f
SHA512 af9151905265a89164ed20301961c250271f8804ee087b05a575a15d2cc27084a258bb41eab1bc6376d858fe3f1871ddd32f9f79155624fdd89080037f6ac865

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-datetime-l1-1-0.dll

MD5 8dc8a35c4e043348eceda2657c263e5e
SHA1 d7572375b2ade6a4cdd0910f601340a39da6aba4
SHA256 f1ded4bbe9ac8fe71a3e0b1e72aa15d6fa699f986a6183681b36b38990df9037
SHA512 6275043f611001debad6efbe8b402f9d4a7ee405e6e1306b253ab26616a399400d845cf89355756e3d81dac245c367a5df42dc2880a728560f97ae43d1df4926

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-console-l1-1-0.dll

MD5 09b2a90adc73421c3b7a70bfeff0baac
SHA1 4c9874195e917efb5077887be2f1677e58410861
SHA256 b2093752af55d7708dd9e0540c66a621c128870dee43efdb2a36d5128db463c0
SHA512 fc4b852127a34678d7dc735bef85494847a16a4a6505b8a12722672faf0169f234652ee24278c51ad681187760e41a27fe46348252cf29fbfd2c9a9e561aaecd

C:\Users\Admin\AppData\Local\Temp\_MEI10802\_hashlib.pyd

MD5 4255c44dc64f11f32c961bf275aab3a2
SHA1 c1631b2821a7e8a1783ecfe9a14db453be54c30a
SHA256 e557873d5ad59fd6bd29d0f801ad0651dbb8d9ac21545defe508089e92a15e29
SHA512 7d3a306755a123b246f31994cd812e7922943cdbbc9db5a6e4d3372ea434a635ffd3945b5d2046de669e7983ef2845bd007a441d09cfe05cf346523c12bdad52

C:\Users\Admin\AppData\Local\Temp\_MEI10802\_uuid.pyd

MD5 46e9d7b5d9668c9db5caa48782ca71ba
SHA1 6bbc83a542053991b57f431dd377940418848131
SHA256 f6063622c0a0a34468679413d1b18d1f3be67e747696ab972361faed4b8d6735
SHA512 c5b171ebdb51b1755281c3180b30e88796db8aa96073489613dab96b6959a205846711187266a0ba30782102ce14fbfa4d9f413a2c018494597600482329ebf7

C:\Users\Admin\AppData\Local\Temp\_MEI10802\_ssl.pyd

MD5 208b0108172e59542260934a2e7cfa85
SHA1 1d7ffb1b1754b97448eb41e686c0c79194d2ab3a
SHA256 5160500474ec95d4f3af7e467cc70cb37bec1d12545f0299aab6d69cea106c69
SHA512 41abf6deab0f6c048967ca6060c337067f9f8125529925971be86681ec0d3592c72b9cc85dd8bdee5dd3e4e69e3bb629710d2d641078d5618b4f55b8a60cc69d

C:\Users\Admin\AppData\Local\Temp\_MEI10802\libcrypto-1_1.dll

MD5 e94733523bcd9a1fb6ac47e10a267287
SHA1 94033b405386d04c75ffe6a424b9814b75c608ac
SHA256 f20eb4efd8647b5273fdaafceb8ccb2b8ba5329665878e01986cbfc1e6832c44
SHA512 07dd0eb86498497e693da0f9dd08de5b7b09052a2d6754cfbc2aa260e7f56790e6c0a968875f7803cb735609b1e9b9c91a91b84913059c561bffed5ab2cbb29f

C:\Users\Admin\AppData\Local\Temp\_MEI10802\_socket.pyd

MD5 1eea9568d6fdef29b9963783827f5867
SHA1 a17760365094966220661ad87e57efe09cd85b84
SHA256 74181072392a3727049ea3681fe9e59516373809ced53e08f6da7c496b76e117
SHA512 d9443b70fcdc4d0ea1cb93a88325012d3f99db88c36393a7ded6d04f590e582f7f1640d8b153fe3c5342fa93802a8374f03f6cd37dd40cdbb5ade2e07fad1e09

C:\Users\Admin\AppData\Local\Temp\_MEI10802\_queue.pyd

MD5 f00133f7758627a15f2d98c034cf1657
SHA1 2f5f54eda4634052f5be24c560154af6647eee05
SHA256 35609869edc57d806925ec52cca9bc5a035e30d5f40549647d4da6d7983f8659
SHA512 1c77dd811d2184beedf3c553c3f4da2144b75c6518543f98c630c59cd597fcbf6fd22cfbb0a7b9ea2fdb7983ff69d0d99e8201f4e84a0629bc5733aa09ffc201

C:\Users\Admin\AppData\Local\Temp\_MEI10802\_lzma.pyd

MD5 e5abc3a72996f8fde0bcf709e6577d9d
SHA1 15770bdcd06e171f0b868c803b8cf33a8581edd3
SHA256 1796038480754a680f33a4e37c8b5673cc86c49281a287dc0c5cae984d0cb4bb
SHA512 b347474dc071f2857e1e16965b43db6518e35915b8168bdeff1ead4dff710a1cc9f04ca0ced23a6de40d717eea375eedb0bf3714daf35de6a77f071db33dfae6

C:\Users\Admin\AppData\Local\Temp\_MEI10802\_decimal.pyd

MD5 65b4ab77d6c6231c145d3e20e7073f51
SHA1 23d5ce68ed6aa8eaabe3366d2dd04e89d248328e
SHA256 93eb9d1859edca1c29594491863bf3d72af70b9a4240e0d9dd171f668f4f8614
SHA512 28023446e5ac90e9e618673c879ca46f598a62fbb9e69ef925db334ad9cb1544916caf81e2ecdc26b75964dcedba4ad4de1ba2c42fb838d0df504d963fcf17ee

C:\Users\Admin\AppData\Local\Temp\_MEI10802\_bz2.pyd

MD5 3859239ced9a45399b967ebce5a6ba23
SHA1 6f8ff3df90ac833c1eb69208db462cda8ca3f8d6
SHA256 a4dd883257a7ace84f96bcc6cd59e22d843d0db080606defae32923fc712c75a
SHA512 030e5ce81e36bd55f69d55cbb8385820eb7c1f95342c1a32058f49abeabb485b1c4a30877c07a56c9d909228e45a4196872e14ded4f87adaa8b6ad97463e5c69

C:\Users\Admin\AppData\Local\Temp\_MEI10802\unicodedata.pyd

MD5 aa13ee6770452af73828b55af5cd1a32
SHA1 c01ece61c7623e36a834d8b3c660e7f28c91177e
SHA256 8fbed20e9225ff82132e97b4fefbb5ddbc10c062d9e3f920a6616ab27bb5b0fb
SHA512 b2eeb9a7d4a32e91084fdae302953aac57388a5390f9404d8dfe5c4a8f66ca2ab73253cf5ba4cc55350d8306230dd1114a61e22c23f42fbcc5c0098046e97e0f

C:\Users\Admin\AppData\Local\Temp\_MEI10802\select.pyd

MD5 c97a587e19227d03a85e90a04d7937f6
SHA1 463703cf1cac4e2297b442654fc6169b70cfb9bf
SHA256 c4aa9a106381835cfb5f9badfb9d77df74338bc66e69183757a5a3774ccdaccf
SHA512 97784363f3b0b794d2f9fd6a2c862d64910c71591006a34eedff989ecca669ac245b3dfe68eaa6da621209a3ab61d36e9118ebb4be4c0e72ce80fab7b43bde12

C:\Users\Admin\AppData\Local\Temp\_MEI10802\libssl-1_1.dll

MD5 25bde25d332383d1228b2e66a4cb9f3e
SHA1 cd5b9c3dd6aab470d445e3956708a324e93a9160
SHA256 c8f7237e7040a73c2bea567acc9cec373aadd48654aaac6122416e160f08ca13
SHA512 ca2f2139bb456799c9f98ef8d89fd7c09d1972fa5dd8fc01b14b7af00bf8d2c2175fb2c0c41e49a6daf540e67943aad338e33c1556fd6040ef06e0f25bfa88fa

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-crt-utility-l1-1-0.dll

MD5 9dc2fccadf649a038ef9f4233c4f2a58
SHA1 1a97d6496240a567190cc816a9e7ff0da1056e4e
SHA256 32d55661717f9f7090c4220fa99d5cf3ed712372591935d12d4584eb44d354dc
SHA512 0829d14165ae112f2394a64f0200fa674e3c8708527ca4ec573982b0d049ac31f9147ce44564b0e12f9d4f704ce637a1990503106270d417f0aafc0c5ff5eb67

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-crt-time-l1-1-0.dll

MD5 731bb5b95efffade22fbe82b790afa73
SHA1 b31d46f7762f9af9b0b5a1b8c3449036a475faa3
SHA256 bbcc243488e48b4b77abdcddfa45264bb1311384284db3f5b432abe8c16a6ced
SHA512 cc77510ba367b1be7189b5362ce49925a749587cd3a81ceae0dd7cd6264fcbab8eb688475a7207e6d37b71d8b87fd0a616314597610d5d3eaa49ae9b4143c1b6

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-crt-string-l1-1-0.dll

MD5 e5341ed2725f0076968f08976d7cc32f
SHA1 88e2bf83e6f282b9d96cae288eb3a61d9a22694e
SHA256 5e8e44dc9d9166dd68ddc71af62714daa4106eac603638f83bfaeb316f8bc711
SHA512 d724add4cfa1189789d06f0cf036351d4d05763716dd6cdfa0a3f952cb1b1436c3cbdab1c8800ba06f98f5bbf0b90a3e0d93de6cac0052e15b86295320ff07e0

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-crt-stdio-l1-1-0.dll

MD5 0c513371fb7e1345f2c7a8c737bdb938
SHA1 30a40972e250080b68614e4fe2a721a3cae177c1
SHA256 bf28630e9a216e6f29ef9df48689d8ed364684638c0aa54f09ab53e9367c4cc0
SHA512 43fc864273d0f29a4c0bf7439022dd776a52b721ad74d1f0ddd1f02e87556eb93821f04d72d353fc40a54ef51b19c8b42c41af17240809deb3c2e72121e6678c

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-crt-runtime-l1-1-0.dll

MD5 b4076e1e955e3b9c33f03edb77b67b04
SHA1 fdc44cee07598ab865f8a7ba1e96ed32b87f6525
SHA256 009a2fbcd43b701177c02c779fa01ce7b7e8e9d8ed5db3e305880e086bbf2aa4
SHA512 85766b23f3e95f010734933eb45c61491b268efb0f13e86ddf9fc361a558588968c7884cda5865b717738044bca4f1f9c9295149f70b58b3809dfcd58ea43907

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-crt-process-l1-1-0.dll

MD5 9fdb0d60d5bc511c84f47d84da43a3ca
SHA1 806137977ad4b16b86e333c1453f01f8c3e49690
SHA256 d18f92bcb20f14c8888491e8c38246d97b5f138951dc8e4056c80c6ba5e0c5f2
SHA512 af00d5cee6e3c3ae70d0c35837222f74ab030da72899997cea71c9c1ff9fb3d611e6e6b2a8ca75d59ab4b7ce12382e1e11ffc7cfb1c4cff2eaa2ad7c81fbf5b1

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-crt-math-l1-1-0.dll

MD5 33d4c8d4f8598d32f25c4c78b681c3dc
SHA1 4f9b6b99640472531d1f6c11f030e043916cc6f7
SHA256 bef4d133abe009f50ce9d67f31acd963a1a77f41b0ba71b4707be8f45d974289
SHA512 b163e8d20e99288cc823a649396549671bd9be4dba323966f3567f10e357d90d9318f589c1f45995c332b8a491fd09655caad3a25676e0fda3bcd20e64a11a15

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-crt-locale-l1-1-0.dll

MD5 4cee8303c0994cc97c0b426c719032bd
SHA1 d60d2a4efd2d1db5d3c9f64761ad6bd1802874cd
SHA256 7478756d70840c9bdfc3c38fec5667f309a70970e6d5af058a25e6d9efb2aef1
SHA512 eb13ecd1517e66f0d787d2fd6a88abc6d89d2d3392839d6cd5b277a52fb45dbc2fa4b849a0ee6c6d884d074ad2cdebd9f63511b08f8a746b5eb10978b8fbd646

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-crt-heap-l1-1-0.dll

MD5 1a70583c28fcae749bd262a34ee968c8
SHA1 5e4555f4f4250a7e8b336d25145795e597dd53e0
SHA256 be91f29c0def06c532d900c397ac7b79213f466e3c30cdb2231c7e08a9ee2baa
SHA512 7ddf949b913e2a4e079e303995aaa6b26d06ecb66499270fac3cc6578dc37e03671d8a069c8657f20ecea26e8dc106eaa8b13e045d2b5bceadf4f7bb899d0d30

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 d9e64b48ec7135200f1396e017d1351d
SHA1 65d0e077bb80da2a71c1d2aa5986f4233ab2f04f
SHA256 f66c1e092b1a96333245b18dbd7267d3e712b5cb7bb6c9fbe9de44d304582631
SHA512 51adfecc9ec6c03af264f73645a2f83614ac8b5c453d1fb64e2f32ba8ddb492189762a302ee317eba844776ba49acc27afb760469734672730cd1670251b1fe9

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-crt-environment-l1-1-0.dll

MD5 97d2bdc7b5daf5568f4333513b536adc
SHA1 c16ef9c9a40c4b4d79c019869e8838cc6db897c4
SHA256 cfb7bc2a80acbcc697e3e5d1f7ae43e069554b33ca944b0dffb8f631232cb05c
SHA512 86aea6582762002e3f19fcb4074de18c1f7a0fc9045b647dcde9a996c80085fdb12a47901a6c1cb6571077b32870ddd615425ad3eb6e5424863757743211bd87

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-crt-convert-l1-1-0.dll

MD5 c8ffbe7204e1fe53a396ad8c9c99e9bf
SHA1 8f08f205ca5003b79ce238d257a7a6ea2513b206
SHA256 32d3fbe9d4cd6c7f3adac383d5ca67b36d3c9b2e569b204d54ce0a27b317296d
SHA512 58bcfc777f39f54b141a8474a8e08692e53e41783aa9f168cc3858d5137cca601661bfdefb846618c7c8299c31078c8c7ef508b25bbac88d84898e36dd5d426c

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-crt-conio-l1-1-0.dll

MD5 4e9dd52db3106bd2c7d79c9d29e78f86
SHA1 88b0295fdda5b307be33853572d65d123a8dd8ea
SHA256 312415ce3f3333f09fc207a69768133253c50b3e167ba303923fb357905591b5
SHA512 138dc82cbd5575d41c361a6a1fbf021386f4302ae1d936ac247a86be2bb1249099abc36c0945cdfd91010110c0f367d88d51bdce721e44229446a4e705340f4e

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-util-l1-1-0.dll

MD5 ab75ac7acd7344fb84904f78f7eaf8fb
SHA1 48fddb6e311e8041f15cef98538a8e5bf4ee1eef
SHA256 e5f86dc2e31f3d8133a9bb22ccc57ed93d2154aa28251c1c26a989e4624237d6
SHA512 2cdb373117ae71ee56ba51c45998926cc125311098fbafd467556c40ca4d594f953e01b4d6b4e006eabbf966dfc82bafee4d4c14cd84009fd5e4029a289464bf

C:\Users\Admin\AppData\Local\Temp\_MEI10802\api-ms-win-core-timezone-l1-1-0.dll

MD5 1ee744ceca8da8dba0dc27f25125242c
SHA1 4c168b8673cfabbbbcf00195cf0db7b640a0289f
SHA256 c67dd8ed74c0a207c980caa6bb453e62180a71af175feeb42c2c926ecb911e0a
SHA512 d17b8f1419e3f77729c686d4fe79feb08368953e0997ef67217e829456e1c13dde5d9e7a0c35d117d1ae4d40f37e160cb6390b45242c0308d809dfdadb3155f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 87f7abeb82600e1e640b843ad50fe0a1
SHA1 045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256 b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512 ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1 df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6e71fdce158bc5a14c6f84036fee4947
SHA1 f13f086019d482b556f0653b5518178fce851d7c
SHA256 d0c162e327cc54370227b12cb33e09af9f55252138165794f01fc2ee729febc4
SHA512 c4fcc21619609fef266feae48af2763452ce743b79c567c6d29b891e9d9fbd9306a7fabac204bf0faeec3953406574b2d510c71622f043d7c3adb72be220f555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d94a3510ed65b081cde230209443dfe8
SHA1 d1bdb1ae575178aca3792b1fbdc7876c4406174e
SHA256 61cd3fce241072162c045e2b5cb6403c09581ca1a8729de69802f7717dc32e5e
SHA512 2350e19e94d18474a72d3b028455931c9a497671315e122863c03e78ee24b09857d01ba12b9924c63fc43ceb738540eef682f88e3253085caf2b099e91c7bd01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ae15648c134f9cdf39a2ecaaaa96aab5
SHA1 cdc22384f6f34542913982e25fd4c09b90be559b
SHA256 cad332a07fbea6066dbc025fdbba97836776e6fb7e6b072f4a5437fb35e19e43
SHA512 9a69dd1cf42e0c042914ef2fb4eca44532a14ebc420d517e5ae1179c638cac6453db52f63a90ee6aec40e8289d2f183aee7fb74bc0a28e65c7380994b34b0df2

C:\Users\Admin\Downloads\Katana SS Tool.zip

MD5 7e540cb955b8948b0289faf137d47328
SHA1 0438b6c80704bcd5e476b962631e8f617e353a7f
SHA256 97f88b6d7dcc6341800e4e41c50bd235949f37bd792ec6f26c2787237835ed33
SHA512 69f932f39f535ee2f2ecb80ea8fa49092614f454a07b5b697f835092032d55da2f27efad7b2278ad2d823b07318d08ac28f83aaed8a6faa07074a33f1f3aa34a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5c23004a83a14baba23f3ecd736bb553
SHA1 de55db2b490d9cddfcb0cdb3d127ed0467b1d0de
SHA256 7b3b7f586a333f78b9946259bef8faea67008d0f90cd7b6c49b71dd66dec0566
SHA512 cf9400b7b3944540e238ebbccd9c925f471783c2cef4a89c570f40fc43db4010029d93f6fcfa5dd7abee0f46e02aa831cf0aadc4b1d21021c5ae3415863c16a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\98e0637a-d96a-4482-b9a8-a5a954533575.tmp

MD5 6ba2bcab3be32195a856f2cf7c2cc13c
SHA1 2a328ccf8f0f49a180df13db814cbc82e95f0843
SHA256 482c667e3535c464d002b33f99489a4c33ff3e3cb4bda644d10c0a1a978d7539
SHA512 3a8764d93d482a02fe4b3a311c5e2b14573b9c33a5f1be1836a626a2747217aa33a4270c86b3c9c61b491ba93daf2b51aa33a8504006a72148d74ca1234133ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595e24.TMP

MD5 abe258a003b75d2fb77ba5d0b2dc0503
SHA1 2bf173dca328926fb633fc6dff34d50467be954e
SHA256 f0d39415cdd3a0eab596887a3d13913da5a0226da45ba858a12d559b870b3c0d
SHA512 80ec343af6d899f6d5f4cdcf61373c8e0a2d76e87fb726dc8f34d1bd915b61e5fcda979025734671b7f33efa8551911c5148f7f307f92aa759b0e07d4e4e06ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1397fb9b85b23c919403aeb14c46a369
SHA1 636a67de2e1a89af10dc9042c97c80b24b9f7a23
SHA256 f7bc6e85e9b9d02e09a20c9dd68b350956af65e225e44daa074c490d668cc874
SHA512 38204426b3432aedf1dad58a0288de6423b697ebb1e55a9c53d8b90186c4ed380c224039a170a8bc40b52954991e0646576d9a1cb0b150ad86cf4069385555a8