Malware Analysis Report

2024-11-13 15:24

Sample ID 240619-c9fx8awhql
Target https://file.io/ZoeSsaHh09if
Tags
execution persistence pyinstaller upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

Threat Level: Likely malicious

The file https://file.io/ZoeSsaHh09if was found to be: Likely malicious.

Malicious Activity Summary

execution persistence pyinstaller upx

Enumerates VirtualBox DLL files

Downloads MZ/PE file

Command and Scripting Interpreter: PowerShell

UPX packed file

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Detects Pyinstaller

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

NTFS ADS

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-19 02:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-19 02:46

Reported

2024-06-19 02:48

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/ZoeSsaHh09if

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\Downloads\blackstar_start.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\Downloads\blackstar_start.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\Notorious\NotoriousPRIVATE.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\Notorious\NotoriousPRIVATE.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Notorious = "C:\\Users\\Admin\\Notorious\\NotoriousPRIVATE.exe" C:\Users\Admin\Downloads\blackstar_start.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 717869.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Notorious\NotoriousPRIVATE.exe N/A
N/A N/A C:\Users\Admin\Notorious\NotoriousPRIVATE.exe N/A
N/A N/A C:\Users\Admin\Notorious\NotoriousPRIVATE.exe N/A
N/A N/A C:\Users\Admin\Notorious\NotoriousPRIVATE.exe N/A
N/A N/A C:\Users\Admin\Notorious\NotoriousPRIVATE.exe N/A
N/A N/A C:\Users\Admin\Notorious\NotoriousPRIVATE.exe N/A
N/A N/A C:\Users\Admin\Notorious\NotoriousPRIVATE.exe N/A
N/A N/A C:\Users\Admin\Notorious\NotoriousPRIVATE.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Notorious\NotoriousPRIVATE.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\blackstar_start.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Notorious\NotoriousPRIVATE.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Notorious\NotoriousPRIVATE.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3576 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3576 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/ZoeSsaHh09if

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1c0c46f8,0x7ffd1c0c4708,0x7ffd1c0c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6496 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x244 0x308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9536 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8

C:\Users\Admin\Downloads\blackstar_start.exe

"C:\Users\Admin\Downloads\blackstar_start.exe"

C:\Users\Admin\Downloads\blackstar_start.exe

"C:\Users\Admin\Downloads\blackstar_start.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Notorious\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\Notorious\activate.bat

C:\Users\Admin\Notorious\NotoriousPRIVATE.exe

"NotoriousPRIVATE.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "blackstar_start.exe"

C:\Users\Admin\Notorious\NotoriousPRIVATE.exe

"NotoriousPRIVATE.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Notorious\""

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6827128435960508890,9412742268728419223,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 file.io udp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 24.107.55.45.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 www.file.io udp
DE 108.138.36.82:443 www.file.io tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 89.192.66.18.in-addr.arpa udp
US 8.8.8.8:53 82.36.138.108.in-addr.arpa udp
US 8.8.8.8:53 hb.vntsm.com udp
US 151.101.195.42:443 hb.vntsm.com tcp
US 151.101.195.42:443 hb.vntsm.com tcp
US 8.8.8.8:53 42.195.101.151.in-addr.arpa udp
US 8.8.8.8:53 hb.vntsm.io udp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 151.101.65.194:443 hb-vntsm-com.global.ssl.fastly.net tcp
US 104.22.46.142:443 hb.vntsm.io tcp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 ad-delivery.net udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 172.67.69.19:443 ad-delivery.net tcp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 194.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 142.46.22.104.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 155.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.exelator.com udp
DE 18.173.187.49:443 cdn.exelator.com tcp
DE 108.138.32.75:443 c.amazon-adsystem.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 mydmp.exelator.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
IE 34.254.143.3:443 mydmp.exelator.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
DE 108.138.36.78:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 8.8.8.8:53 onsite-tag-logs.apps.nielsen.com udp
US 8.8.8.8:53 load77.exelator.com udp
US 18.232.190.181:443 onsite-tag-logs.apps.nielsen.com tcp
GB 195.181.164.17:443 load77.exelator.com tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 2.17.107.226:80 apps.identrust.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 49.187.173.18.in-addr.arpa udp
US 8.8.8.8:53 75.32.138.108.in-addr.arpa udp
US 8.8.8.8:53 3.143.254.34.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 78.36.138.108.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
US 8.8.8.8:53 17.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 181.190.232.18.in-addr.arpa udp
US 8.8.8.8:53 226.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
NL 89.207.16.210:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 a.ad.gt udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 104.22.5.69:443 a.ad.gt tcp
US 8.8.8.8:53 210.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 p.cpx.to udp
US 8.8.8.8:53 secure.quantserve.com udp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
IE 99.81.158.184:443 p.cpx.to tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 104.18.23.145:443 cadmus.script.ac tcp
DE 91.228.74.166:443 secure.quantserve.com tcp
US 8.8.8.8:53 i.clean.gg udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 rules.quantcount.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
US 52.85.65.156:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.edkt.io udp
US 8.8.8.8:53 script.4dex.io udp
IE 52.17.245.47:443 track.venatusmedia.com tcp
US 54.230.228.98:443 rules.quantcount.com tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 34.120.111.33:443 cdn.edkt.io tcp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 apex.go.sonobi.com udp
US 104.26.9.169:443 script.4dex.io tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
DE 52.28.206.233:443 btlr.sharethrough.com tcp
DE 52.28.206.233:443 btlr.sharethrough.com tcp
DE 52.28.206.233:443 btlr.sharethrough.com tcp
DE 52.28.206.233:443 btlr.sharethrough.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 104.18.43.178:443 elb.the-ozone-project.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 34.95.69.49:443 i.clean.gg udp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 s.cpx.to udp
US 8.8.8.8:53 pixel.quantserve.com udp
IE 99.81.158.184:443 s.cpx.to tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 api.edkt.io udp
IE 54.239.33.158:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 34.120.111.33:443 api.edkt.io tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
GB 172.217.16.226:443 cm.g.doubleclick.net tcp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 184.158.81.99.in-addr.arpa udp
US 8.8.8.8:53 166.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 47.245.17.52.in-addr.arpa udp
US 8.8.8.8:53 156.65.85.52.in-addr.arpa udp
US 8.8.8.8:53 98.228.230.54.in-addr.arpa udp
US 8.8.8.8:53 33.111.120.34.in-addr.arpa udp
US 8.8.8.8:53 169.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 178.43.18.104.in-addr.arpa udp
US 8.8.8.8:53 113.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 233.206.28.52.in-addr.arpa udp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 66.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 8.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 158.33.239.54.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 ab4e895c341c3578732f03f928be4218.safeframe.googlesyndication.com udp
US 8.8.8.8:53 tg1.aniview.com udp
GB 172.217.169.65:443 ab4e895c341c3578732f03f928be4218.safeframe.googlesyndication.com tcp
SE 23.34.233.243:443 tg1.aniview.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 ib.3lift.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 cdn1.vntsm.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
US 13.248.245.213:443 eb2.3lift.com tcp
FR 185.93.2.248:443 cdn1.vntsm.com tcp
DE 108.138.36.58:443 ib.3lift.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 player.avplayer.com udp
US 8.8.8.8:53 feed.avplayer.com udp
US 8.8.8.8:53 track4.aniview.com udp
US 8.8.8.8:53 img.3lift.com udp
BE 88.221.83.187:443 www.bing.com tcp
BE 88.221.83.187:443 www.bing.com tcp
US 96.46.186.186:443 track4.aniview.com tcp
DE 108.138.36.86:443 img.3lift.com tcp
NL 2.17.112.34:443 feed.avplayer.com tcp
SE 184.31.15.75:443 player.avplayer.com tcp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 243.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 58.36.138.108.in-addr.arpa udp
US 8.8.8.8:53 248.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 187.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 uploads-ssl.webflow.com udp
DE 18.173.187.77:443 uploads-ssl.webflow.com tcp
DE 18.173.187.77:443 uploads-ssl.webflow.com tcp
DE 18.173.187.77:443 uploads-ssl.webflow.com tcp
SE 184.31.15.75:443 player.avplayer.com tcp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 play.aniview.com udp
SE 184.31.15.75:443 player.aniview.com tcp
US 8.8.8.8:53 content1.avplayer.com udp
SE 23.34.233.243:443 play.aniview.com tcp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 86.36.138.108.in-addr.arpa udp
US 8.8.8.8:53 34.112.17.2.in-addr.arpa udp
US 8.8.8.8:53 75.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 186.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 77.187.173.18.in-addr.arpa udp
US 8.8.8.8:53 go1.aniview.com udp
US 172.240.45.81:443 go1.aniview.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.213.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 81.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
SE 23.34.232.193:443 ads.pubmatic.com tcp
US 151.101.129.108:443 acdn.adnxs.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 bh.contextweb.com udp
US 34.120.133.55:443 api.rlcdn.com tcp
US 52.86.229.235:443 sync.srv.stackadapt.com tcp
US 74.121.140.211:443 sync.mathtag.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 i.liadm.com udp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
NL 185.184.8.90:443 creativecdn.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 34.230.102.114:443 i.liadm.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 34.230.102.114:443 i.liadm.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 sync.go.sonobi.com udp
DE 3.120.213.138:443 match.sharethrough.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 c1.adform.net udp
US 69.166.1.35:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 ap.lijit.com udp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 ssp.disqus.com udp
IE 18.202.148.8:443 ap.lijit.com tcp
US 8.8.8.8:53 sync.aniview.com udp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
BE 104.68.78.171:443 secure-assets.rubiconproject.com tcp
US 52.204.22.109:443 ssp.disqus.com tcp
DK 37.157.5.132:443 c1.adform.net tcp
NL 46.228.174.117:443 sync.1rx.io tcp
FR 178.32.210.230:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 cs.krushmedia.com udp
US 8.8.8.8:53 u.openx.net udp
US 96.46.186.182:443 sync.aniview.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
US 35.244.159.8:443 u.openx.net tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
SE 184.31.15.75:443 content1.avplayer.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 35.244.159.8:443 u.openx.net udp
US 64.74.236.223:443 b1sync.zemanta.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 cs.admanmedia.com udp
BE 23.55.98.169:443 eus.rubiconproject.com tcp
DE 108.138.36.111:443 s.ad.smaato.net tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
DE 51.89.9.252:443 onetag-sys.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 108.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 193.232.34.23.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 235.229.86.52.in-addr.arpa udp
US 8.8.8.8:53 211.140.121.74.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 114.102.230.34.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 138.213.120.3.in-addr.arpa udp
US 8.8.8.8:53 115.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 35.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 8.148.202.18.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 171.78.68.104.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 132.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 230.210.32.178.in-addr.arpa udp
US 8.8.8.8:53 109.22.204.52.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 134.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 s2s.aniview.com udp
US 80.77.87.161:443 cs.admanmedia.com tcp
DE 51.89.9.252:443 onetag-sys.com udp
US 8.8.8.8:53 delivery.redpineapplemedia.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 t.adx.opera.com udp
FR 149.202.238.104:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 104.22.50.98:443 spl.zeotap.com tcp
DE 18.192.161.231:443 rtb.mfadsrvr.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 172.240.45.70:443 s2s.aniview.com tcp
IE 34.242.124.109:443 delivery.redpineapplemedia.com tcp
IE 34.242.124.109:443 delivery.redpineapplemedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
NL 89.149.193.101:443 ssbsync-global.smartadserver.com tcp
US 172.240.45.70:443 s2s.aniview.com tcp
US 8.8.8.8:53 ce.lijit.com udp
IE 18.202.254.222:443 ce.lijit.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
US 8.8.8.8:53 targeting.unrulymedia.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 54.230.228.100:443 hb.yellowblue.io tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
FR 149.202.238.104:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 104.17.43.93:443 gum.aidemsrv.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 169.98.55.23.in-addr.arpa udp
US 8.8.8.8:53 223.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 111.36.138.108.in-addr.arpa udp
US 8.8.8.8:53 161.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 104.238.202.149.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 98.50.22.104.in-addr.arpa udp
US 8.8.8.8:53 231.161.192.18.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 101.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 109.124.242.34.in-addr.arpa udp
US 8.8.8.8:53 70.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 222.254.202.18.in-addr.arpa udp
US 8.8.8.8:53 115.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 100.228.230.54.in-addr.arpa udp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 64.74.236.223:443 b1sync.zemanta.com tcp
US 54.230.228.53:443 api-2-0.spot.im tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
IE 34.251.183.115:443 match.prod.bidr.io tcp
US 54.161.232.244:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 bttrack.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 192.132.33.68:443 bttrack.com tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 ms-cookie-sync.presage.io udp
GB 142.250.187.202:443 imasdk.googleapis.com udp
IE 34.246.11.117:443 ms-cookie-sync.presage.io tcp
FR 149.202.238.104:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 91.130.46.52.in-addr.arpa udp
US 8.8.8.8:53 93.43.17.104.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 115.183.251.34.in-addr.arpa udp
US 8.8.8.8:53 244.232.161.54.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 117.11.246.34.in-addr.arpa udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 216.58.204.70:443 s0.2mdn.net tcp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
US 8.8.8.8:53 track1.avplayer.com udp
US 96.46.186.15:443 track1.avplayer.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
CL 142.251.0.94:443 csi.gstatic.com tcp
CL 142.251.0.94:443 csi.gstatic.com tcp
CL 142.251.0.94:443 csi.gstatic.com tcp
CL 142.251.0.94:443 csi.gstatic.com tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
CL 142.251.0.94:443 csi.gstatic.com tcp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 15.186.46.96.in-addr.arpa udp
CL 142.251.0.94:443 csi.gstatic.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 94.0.251.142.in-addr.arpa udp
US 8.8.8.8:53 ads.eu.criteo.com udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 widget.nl3.eu.criteo.com udp
US 8.8.8.8:53 cat.nl3.eu.criteo.com udp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
NL 178.250.1.9:443 widget.nl3.eu.criteo.com tcp
US 8.8.8.8:53 sync.adotmob.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
NL 178.250.1.3:443 static.criteo.net tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 151.101.130.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 imageproxy.eu.criteo.net udp
US 8.8.8.8:53 csm.eu.criteo.net udp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
US 8.8.8.8:53 17.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 6.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 88.176.137.45.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 49.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 15.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
N/A 127.0.0.1:64602 tcp
N/A 127.0.0.1:64605 tcp
US 52.111.227.11:443 tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
NL 89.149.192.193:443 prg.smartadserver.com tcp
US 8.8.8.8:53 193.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
NL 89.149.192.193:443 prg.smartadserver.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com udp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
NL 89.149.192.193:443 prg.smartadserver.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 89.149.192.193:443 prg.smartadserver.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

\??\pipe\LOCAL\crashpad_3576_VGZCURFDSXFKOUTC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 da3e546b3837890a7a3676dd7f10b0aa
SHA1 86e141483cb303eb3b2c103b061273f8eea7dd8c
SHA256 24e75a62374c3ebe0de7bded73dd5e32e098ebf94766e78ad656e95782f46299
SHA512 1a334ff8fb98aa6d182bd46cebb2465458877639b06d4087a87fc8a5994ad777cce9371e9e42113a0f1f005b895935de6b0b440fb9d40d1bbb2345269fe949e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1475a79138479ec61c1345972823a6f3
SHA1 51b543cc563029e9566c50ba1fbe04688ecf96a3
SHA256 33aa3459008747e578726ac7c79134ca9b43a5607c6e8f77d3aaf741dcc6e893
SHA512 6b6b3c187ae327c650ff9c49965e8a1060f7a5b31d4763adfffeb10fdef442ce0b75145717eeef3d349cd6054db05a54878e1b9f9a18455c1be810184efbcb88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f81335a9b0f87e37fe35f50a07e28643
SHA1 c2ce632d955deddf2a3d872ebc6e077e8437060a
SHA256 400db8295ea5974e71f7d40dc4d35c5b7519c808d87941287d10f659ce886541
SHA512 64ce023b5c1c8d7f0315f756accdef6da8cad5e05230e02b2cc9582efc7dbf8060bb1b031285580779eb39185316ce887cc98deedac8a4b116e0eb8fe6e58bd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 4322f0449af173fb3994d2bef7ecb2e4
SHA1 b6ee5c6f76b8eee448f6b4b2b56fa1ec39653934
SHA256 0502e6e2f3fc54a30dea0eb07eb19a395c7ea6fc273321a49a4cc977a59b7cc9
SHA512 d8bae6131a5a8a1fcabb2d7efebc6cdbba27955fb77484a5d87dbce7a237c0cd5e19b74b4dad28312929ad732d3b80cf3d7f15f059c88438d0bc6ff9535ceeef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 ff2f5ca154017b946b0fb41fb689f4d8
SHA1 c8734581728346d0f3faeeea89fc589cfdbc8cae
SHA256 acd5afb29d1b87e2dcb15e518283c3f8311aa3d74c3452a1c88837ffeb3c3199
SHA512 8c23296846a123c8a9e1c07443ebe620a288c9936e18ba4643b8b1047f3fbf58dd133ad9d2edfa57a4989bafd3481a5bb36cd266d8f2fa1ce7a4e2f05633a39e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 df83944b830309f5896590ca4ef1dac3
SHA1 8e79dc6404f165191df899ee6ce554c8caee31b5
SHA256 d58fb51a43614a6cc8a60dfa05e8a47f92f47619da9dada2dd7d09d55cfd9717
SHA512 071768ad61163f50b7c325c5a2e5905ecc7bda7e20c99071967447e81d41e8d72d0f6218220b7806178369cbd95c47726cbd1b8cfcd00f330810bbda231e2df6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57980a.TMP

MD5 bd9e2d28cdcefa02e84b42c8146ebd40
SHA1 487f71339c81d065957706f510db4753895f1f6d
SHA256 087d32277ac92ac8c281879b10358dcba03553c00f8075a639811b7182a12823
SHA512 80b155f097deefb77651495cdd7df80049dbe95d5fc8d1e9554549e5028d2e5eb71f0706a9f19e56dd7ccabbc105b4a6e941609231c53058529e6c1fe37b82a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fe18a8fb289ed204bc5fb06573999b5c
SHA1 87c7db9c54867efe98b3092ed037dc6cf79a4775
SHA256 bf948261965566eeb59943d75de906f04066090486d49e1a5fa5bb80093d1819
SHA512 55319f0d421d0bce058bb8ae3125d264301c2da854b623c1b6f1ec95962d3a4041f2d4cbba95390da0566b735752f272e4dc1c227733fc31859c2c6c31e5fe42

C:\Users\Admin\Downloads\Unconfirmed 345250.crdownload

MD5 fe8e90d9f4f02701c2de747d6a5d8915
SHA1 db1cdec62475664eaf364c790b7cd13bba740c15
SHA256 849cbc1c2971fb5daec296fec29d2d4684ae919b16f0a1796a0caa2887d7456b
SHA512 90a7d42478cfed3f0e5cf4a939405a5ddb28300ba36e5f4aad8d0e7a5511a787cc69955bafa16119db36f959126fb10939bdf84608457062ba73409c2db63be9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5cbbc187aacb2ba74a2e35a1831540d0
SHA1 6ce6a6c0bb14b94e3300689fa3459638facc2a70
SHA256 27c150b1ea0dbbaf80e9ca3a2bef6171b12c768773711e6fad3ee2ba02767406
SHA512 c50225fa1f6695bd18d395d5727933abf22fad204d2a6c33f4ba3a31df67040e59480d4a7cb85ac55d2660343bf6a0bd6597fc0d326dc47beb78c79d69bfe3ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5e42077b85df235_0

MD5 c98e916ad3c483be47cb0f6b7ed47660
SHA1 0d7403e0442dfb1d4125896fbfbd704d72cf83d0
SHA256 850631cdc619db82616e3674d408475915f410d9aa7e5cc60da88edd545f5893
SHA512 923f038dfb9808b3d7ccab62eefee60f2557af19fbf65e4df91dcb308e0c5af794007ab3d9d605ad1398e8624712cdfe5d041e46558b5b70121b286d53ca356e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 adadafee4d1a92f4080bebae05384ce2
SHA1 6118ebe9d933d1ce668eb13967b424f854b2366a
SHA256 8b9948c0fd8a362e9f85543537666e6ad3c3133cbef2f8785e49ef87988ca196
SHA512 8841f10e9de63512a81cb607fbf84a29c3eda6b79760f556463fd280336250762da88d4b5545a17aa01ed3e211314c048eafcc3b9ef8048d33d6691ff957bb33

C:\Users\Admin\AppData\Local\Temp\_MEI50402\python310.dll

MD5 178a0f45fde7db40c238f1340a0c0ec0
SHA1 dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe
SHA256 9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed
SHA512 4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

C:\Users\Admin\AppData\Local\Temp\_MEI50402\VCRUNTIME140.dll

MD5 870fea4e961e2fbd00110d3783e529be
SHA1 a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA256 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA512 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

memory/6976-1682-0x00007FFD074E0000-0x00007FFD0794E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI50402\base_library.zip

MD5 6d649e03da81ff46a818ab6ee74e27e2
SHA1 90abc7195d2d98bac836dcc05daab68747770a49
SHA256 afede0c40e05ce5a50ff541b074d878b07753b7c1b21d15f69d17f66101ba8fd
SHA512 e39621c9a63c9c72616ae1f960e928ad4e7bad57bfb5172b296a7cc49e8b8e873be44247a475e7e1ded6bc7e17aa351397cdeb40841258e75193586f4649d737

C:\Users\Admin\AppData\Local\Temp\_MEI50402\_ctypes.pyd

MD5 813fc3981cae89a4f93bf7336d3dc5ef
SHA1 daff28bcd155a84e55d2603be07ca57e3934a0de
SHA256 4ac7fb7b354069e71ebf7fcc193c0f99af559010a0ad82a03b49a92deb0f4d06
SHA512 ce93f21b315d96fde96517a7e13f66aa840d4ad1c6e69e68389e235e43581ad543095582ebcb9d2c6dda11c17851b88f5b1ed1d59d354578fe27e7299bbea1cc

C:\Users\Admin\AppData\Local\Temp\_MEI50402\python3.DLL

MD5 c17b7a4b853827f538576f4c3521c653
SHA1 6115047d02fbbad4ff32afb4ebd439f5d529485a
SHA256 d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68
SHA512 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

C:\Users\Admin\AppData\Local\Temp\_MEI50402\libffi-7.dll

MD5 6f818913fafe8e4df7fedc46131f201f
SHA1 bbb7ba3edbd4783f7f973d97b0b568cc69cadac5
SHA256 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56
SHA512 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

memory/6976-1692-0x00007FFD1BE90000-0x00007FFD1BE9F000-memory.dmp

memory/6976-1691-0x00007FFD0AFC0000-0x00007FFD0AFE4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI50402\_bz2.pyd

MD5 93fe6d3a67b46370565db12a9969d776
SHA1 ff520df8c24ed8aa6567dd0141ef65c4ea00903b
SHA256 92ec61ca9ac5742e0848a6bbb9b6b4cda8e039e12ab0f17fb9342d082dde471b
SHA512 5c91b56198a8295086c61b4f4e9f16900a7ec43ca4b84e793bc8a3fc8676048cab576e936515bf2971318c7847f1314674b3336fe83b1734f9f70d09615519ac

memory/6976-1696-0x00007FFD0AF90000-0x00007FFD0AFBD000-memory.dmp

memory/6976-1695-0x00007FFD0B1C0000-0x00007FFD0B1D9000-memory.dmp

memory/6976-1697-0x00007FFD0AF70000-0x00007FFD0AF84000-memory.dmp

memory/6976-1698-0x00007FFD07160000-0x00007FFD074D5000-memory.dmp

memory/6976-1699-0x00007FFD08F90000-0x00007FFD08FA9000-memory.dmp

memory/6976-1700-0x00007FFD1BCC0000-0x00007FFD1BCCD000-memory.dmp

memory/6976-1702-0x00007FFD07070000-0x00007FFD07128000-memory.dmp

memory/6976-1701-0x00007FFD07130000-0x00007FFD0715E000-memory.dmp

memory/6976-1707-0x00007FFD1B3C0000-0x00007FFD1B3CB000-memory.dmp

memory/6976-1706-0x00007FFD06F20000-0x00007FFD07038000-memory.dmp

memory/6976-1705-0x00007FFD07040000-0x00007FFD07063000-memory.dmp

memory/6976-1704-0x00007FFD1BB30000-0x00007FFD1BB3D000-memory.dmp

memory/6976-1703-0x00007FFD074E0000-0x00007FFD0794E000-memory.dmp

memory/6976-1708-0x00007FFD0AFC0000-0x00007FFD0AFE4000-memory.dmp

memory/6976-1711-0x00007FFD15300000-0x00007FFD1530B000-memory.dmp

memory/6976-1710-0x00007FFD1B320000-0x00007FFD1B32B000-memory.dmp

memory/6976-1709-0x00007FFD06EE0000-0x00007FFD06F18000-memory.dmp

memory/6976-1714-0x00007FFD0D6A0000-0x00007FFD0D6AB000-memory.dmp

memory/6976-1713-0x00007FFD0AF90000-0x00007FFD0AFBD000-memory.dmp

memory/6976-1718-0x00007FFD0A8B0000-0x00007FFD0A8BC000-memory.dmp

memory/6976-1717-0x00007FFD0AC20000-0x00007FFD0AC2B000-memory.dmp

memory/6976-1716-0x00007FFD0AF60000-0x00007FFD0AF6C000-memory.dmp

memory/6976-1715-0x00007FFD0AF70000-0x00007FFD0AF84000-memory.dmp

memory/6976-1712-0x00007FFD0D8B0000-0x00007FFD0D8BC000-memory.dmp

memory/6976-1728-0x00007FFD06E80000-0x00007FFD06E8B000-memory.dmp

memory/6976-1727-0x00007FFD06E70000-0x00007FFD06E7C000-memory.dmp

memory/6976-1726-0x00007FFD07070000-0x00007FFD07128000-memory.dmp

memory/6976-1725-0x00007FFD06E90000-0x00007FFD06E9B000-memory.dmp

memory/6976-1724-0x00007FFD08F90000-0x00007FFD08FA9000-memory.dmp

memory/6976-1723-0x00007FFD06EC0000-0x00007FFD06ECE000-memory.dmp

memory/6976-1722-0x00007FFD06EA0000-0x00007FFD06EAC000-memory.dmp

memory/6976-1721-0x00007FFD06EB0000-0x00007FFD06EBC000-memory.dmp

memory/6976-1720-0x00007FFD06ED0000-0x00007FFD06EDD000-memory.dmp

memory/6976-1719-0x00007FFD07160000-0x00007FFD074D5000-memory.dmp

memory/6976-1730-0x00007FFD06E60000-0x00007FFD06E6C000-memory.dmp

memory/6976-1736-0x00007FFD07040000-0x00007FFD07063000-memory.dmp

memory/6976-1738-0x00007FFD06DE0000-0x00007FFD06DF4000-memory.dmp

memory/6976-1737-0x00007FFD06F20000-0x00007FFD07038000-memory.dmp

memory/6976-1735-0x00007FFD06E00000-0x00007FFD06E10000-memory.dmp

memory/6976-1734-0x00007FFD06E10000-0x00007FFD06E25000-memory.dmp

memory/6976-1733-0x00007FFD06E30000-0x00007FFD06E3C000-memory.dmp

memory/6976-1732-0x00007FFD06E40000-0x00007FFD06E52000-memory.dmp

memory/6976-1731-0x00007FFD21A40000-0x00007FFD21A4D000-memory.dmp

memory/6976-1729-0x00007FFD07130000-0x00007FFD0715E000-memory.dmp

memory/6976-1740-0x00007FFD06DC0000-0x00007FFD06DDC000-memory.dmp

memory/6976-1739-0x00007FFD06EE0000-0x00007FFD06F18000-memory.dmp

memory/6976-1741-0x00007FFD06DA0000-0x00007FFD06DB3000-memory.dmp

memory/6976-1744-0x00007FFD06D20000-0x00007FFD06D2E000-memory.dmp

memory/6976-1743-0x00007FFD06D30000-0x00007FFD06D71000-memory.dmp

memory/6976-1742-0x00007FFD06D80000-0x00007FFD06D95000-memory.dmp

memory/6976-1745-0x00007FFD06D10000-0x00007FFD06D1A000-memory.dmp

memory/6976-1746-0x00007FFD06CF0000-0x00007FFD06D0C000-memory.dmp

memory/6976-1748-0x00007FFD06C90000-0x00007FFD06CED000-memory.dmp

memory/6976-1747-0x00007FFD06E70000-0x00007FFD06E7C000-memory.dmp

memory/6976-1749-0x00007FFD06C60000-0x00007FFD06C89000-memory.dmp

memory/6976-1750-0x00007FFD06C30000-0x00007FFD06C5E000-memory.dmp

memory/6976-1752-0x00007FFD06A80000-0x00007FFD06BF1000-memory.dmp

memory/6976-1751-0x00007FFD06C00000-0x00007FFD06C1F000-memory.dmp

memory/6976-1759-0x00007FFD06A10000-0x00007FFD06A1C000-memory.dmp

memory/6976-1768-0x00007FFD06990000-0x00007FFD0699B000-memory.dmp

memory/6976-1772-0x00007FFD06960000-0x00007FFD0696D000-memory.dmp

memory/6976-1771-0x00007FFD06970000-0x00007FFD0697C000-memory.dmp

memory/6976-1774-0x00007FFD06930000-0x00007FFD0693C000-memory.dmp

memory/6976-1775-0x00007FFD06C90000-0x00007FFD06CED000-memory.dmp

memory/6976-1776-0x00007FFD068F0000-0x00007FFD06924000-memory.dmp

memory/6976-1773-0x00007FFD06940000-0x00007FFD06952000-memory.dmp

memory/6976-1770-0x00007FFD06D30000-0x00007FFD06D71000-memory.dmp

memory/6976-1769-0x00007FFD06980000-0x00007FFD0698C000-memory.dmp

memory/6976-1767-0x00007FFD069A0000-0x00007FFD069AB000-memory.dmp

memory/6976-1766-0x00007FFD069B0000-0x00007FFD069BC000-memory.dmp

memory/6976-1765-0x00007FFD069C0000-0x00007FFD069CC000-memory.dmp

memory/6976-1764-0x00007FFD069D0000-0x00007FFD069DE000-memory.dmp

memory/6976-1763-0x00007FFD069E0000-0x00007FFD069ED000-memory.dmp

memory/6976-1762-0x00007FFD069F0000-0x00007FFD069FC000-memory.dmp

memory/6976-1761-0x00007FFD06A00000-0x00007FFD06A0B000-memory.dmp

memory/6976-1760-0x00007FFD06DA0000-0x00007FFD06DB3000-memory.dmp

memory/6976-1758-0x00007FFD06DC0000-0x00007FFD06DDC000-memory.dmp

memory/6976-1757-0x00007FFD06A20000-0x00007FFD06A2B000-memory.dmp

memory/6976-1756-0x00007FFD06A30000-0x00007FFD06A3C000-memory.dmp

memory/6976-1755-0x00007FFD06A40000-0x00007FFD06A4B000-memory.dmp

memory/6976-1754-0x00007FFD06A50000-0x00007FFD06A5B000-memory.dmp

memory/6976-1753-0x00007FFD06A60000-0x00007FFD06A7C000-memory.dmp

memory/6976-1778-0x00007FFD06830000-0x00007FFD068EC000-memory.dmp

memory/6976-1777-0x00007FFD06C60000-0x00007FFD06C89000-memory.dmp

memory/6976-1779-0x00007FFD06C30000-0x00007FFD06C5E000-memory.dmp

memory/6976-1780-0x00007FFD06800000-0x00007FFD0682B000-memory.dmp

memory/6976-1785-0x00007FFD065A0000-0x00007FFD067F4000-memory.dmp

memory/6976-1784-0x00007FFD06A80000-0x00007FFD06BF1000-memory.dmp

memory/6976-1783-0x00007FFD06C00000-0x00007FFD06C1F000-memory.dmp

memory/6976-1795-0x00007FFD06540000-0x00007FFD06595000-memory.dmp

memory/6976-1796-0x00007FFD05E80000-0x00007FFD0615F000-memory.dmp

memory/6976-1797-0x00007FFD01960000-0x00007FFD03A53000-memory.dmp

memory/6976-1798-0x00007FFD06520000-0x00007FFD06537000-memory.dmp

memory/6404-1849-0x0000021426C30000-0x0000021426C31000-memory.dmp

memory/6404-1850-0x0000021426C30000-0x0000021426C31000-memory.dmp

memory/6404-1851-0x0000021426C30000-0x0000021426C31000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tciftwhk.rm1.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/6404-1861-0x0000021426C30000-0x0000021426C31000-memory.dmp

memory/6404-1860-0x0000021426C30000-0x0000021426C31000-memory.dmp

memory/6404-1859-0x0000021426C30000-0x0000021426C31000-memory.dmp

memory/6404-1858-0x0000021426C30000-0x0000021426C31000-memory.dmp

memory/6404-1857-0x0000021426C30000-0x0000021426C31000-memory.dmp

memory/6404-1856-0x0000021426C30000-0x0000021426C31000-memory.dmp

memory/6404-1855-0x0000021426C30000-0x0000021426C31000-memory.dmp

memory/6976-1882-0x00007FFD07040000-0x00007FFD07063000-memory.dmp

memory/6976-1884-0x00007FFD06EE0000-0x00007FFD06F18000-memory.dmp

memory/6976-1881-0x00007FFD1B3C0000-0x00007FFD1B3CB000-memory.dmp

memory/6976-1891-0x00007FFCFCD20000-0x00007FFCFCD95000-memory.dmp

memory/6976-1889-0x00007FFD06DA0000-0x00007FFD06DB3000-memory.dmp

memory/6976-1883-0x00007FFD06F20000-0x00007FFD07038000-memory.dmp

memory/6976-1887-0x00007FFD06DE0000-0x00007FFD06DF4000-memory.dmp

memory/6976-1886-0x00007FFD06E00000-0x00007FFD06E10000-memory.dmp

memory/6976-1885-0x00007FFD06E10000-0x00007FFD06E25000-memory.dmp

memory/6976-1879-0x00007FFD07070000-0x00007FFD07128000-memory.dmp

memory/6976-1880-0x00007FFD1BB30000-0x00007FFD1BB3D000-memory.dmp

memory/6976-1878-0x00007FFD07130000-0x00007FFD0715E000-memory.dmp

memory/6976-1877-0x00007FFD1BCC0000-0x00007FFD1BCCD000-memory.dmp

memory/6976-1876-0x00007FFD08F90000-0x00007FFD08FA9000-memory.dmp

memory/6976-1875-0x00007FFD07160000-0x00007FFD074D5000-memory.dmp

memory/6976-1869-0x00007FFD074E0000-0x00007FFD0794E000-memory.dmp

memory/6976-1888-0x00007FFD06DC0000-0x00007FFD06DDC000-memory.dmp

memory/6976-1890-0x00007FFD06D80000-0x00007FFD06D95000-memory.dmp

memory/6976-1874-0x00007FFD0AF70000-0x00007FFD0AF84000-memory.dmp

memory/6976-1872-0x00007FFD0B1C0000-0x00007FFD0B1D9000-memory.dmp

memory/6976-1871-0x00007FFD1BE90000-0x00007FFD1BE9F000-memory.dmp

memory/6976-1870-0x00007FFD0AFC0000-0x00007FFD0AFE4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 03023033b8e88a5b6bc9a5e85beee816
SHA1 b5f23e2c9c77adb860512d826a3eeae3faf0ca4e
SHA256 d99743947e1472cec5d5640fbc980f2f31383d798ddefeb6bf984bb2e7a8c5f5
SHA512 fe6c30687561f9617791dc4da1a94e3922aa53e02505482b3f701f2d682df33e890180ebb7b682f1769381d13a42f9e228ce55f3ada02c066a38dd6ad777ac9f

memory/6156-4305-0x00007FFD07320000-0x00007FFD0778E000-memory.dmp

memory/6156-4335-0x00007FFD06C80000-0x00007FFD06C8C000-memory.dmp

memory/6156-4334-0x00007FFD06C90000-0x00007FFD06C9C000-memory.dmp

memory/6156-4333-0x00007FFD06CA0000-0x00007FFD06CAB000-memory.dmp

memory/6156-4332-0x00007FFD06CB0000-0x00007FFD06CBB000-memory.dmp

memory/6156-4331-0x00007FFD06EE0000-0x00007FFD06EEC000-memory.dmp

memory/6156-4330-0x00007FFD06EF0000-0x00007FFD06EFC000-memory.dmp

memory/6156-4329-0x00007FFD0A8B0000-0x00007FFD0A8BE000-memory.dmp

memory/6156-4328-0x00007FFD0AC20000-0x00007FFD0AC2D000-memory.dmp

memory/6156-4327-0x00007FFD0AF60000-0x00007FFD0AF6C000-memory.dmp

memory/6156-4326-0x00007FFD0D6A0000-0x00007FFD0D6AB000-memory.dmp

memory/6156-4325-0x00007FFD0D8B0000-0x00007FFD0D8BC000-memory.dmp

memory/6156-4324-0x00007FFD15300000-0x00007FFD1530B000-memory.dmp

memory/6156-4323-0x00007FFD1B320000-0x00007FFD1B32C000-memory.dmp

memory/6156-4322-0x00007FFD1B3C0000-0x00007FFD1B3CB000-memory.dmp

memory/6156-4321-0x00007FFD1BB30000-0x00007FFD1BB3B000-memory.dmp

memory/6156-4320-0x00007FFD06F00000-0x00007FFD06F38000-memory.dmp

memory/6156-4319-0x00007FFD06CC0000-0x00007FFD06DD8000-memory.dmp

memory/6156-4318-0x00007FFD06F40000-0x00007FFD06F63000-memory.dmp

memory/6156-4317-0x00007FFD1BCC0000-0x00007FFD1BCCB000-memory.dmp

memory/6156-4316-0x00007FFD1BE90000-0x00007FFD1BE9D000-memory.dmp

memory/6156-4315-0x00007FFD06DE0000-0x00007FFD06E98000-memory.dmp

memory/6156-4314-0x00007FFD06F70000-0x00007FFD06F9E000-memory.dmp

memory/6156-4313-0x00007FFD21160000-0x00007FFD2116D000-memory.dmp

memory/6156-4312-0x00007FFD08F90000-0x00007FFD08FA9000-memory.dmp

memory/6156-4311-0x00007FFD06FA0000-0x00007FFD07315000-memory.dmp

memory/6156-4310-0x00007FFD0AF70000-0x00007FFD0AF84000-memory.dmp

memory/6156-4309-0x00007FFD0AF90000-0x00007FFD0AFBD000-memory.dmp

memory/6156-4308-0x00007FFD0B1C0000-0x00007FFD0B1D9000-memory.dmp

memory/6156-4307-0x00007FFD21A40000-0x00007FFD21A4F000-memory.dmp

memory/6156-4306-0x00007FFD0AFC0000-0x00007FFD0AFE4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

MD5 099d8e1f3f8203715803f284eebd02a6
SHA1 0275efc65797bcdbe502594f2938e215a7bfe80b
SHA256 1bfdab24a0f2ad3a40a43db5afc6ce4f97e4a4092d35768300399ab99fa07730
SHA512 bc57372f13e4f1aa456b0a77621790bfaebe35665e44bfbe5ee1fc22707ebc98c34fa0fd7679cbc793b520160dbd4c387523f645bda5e6a90edbdbc20e61c7b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2f47c06f038539a09cc3c7d7aa57f7ae
SHA1 15dc48ad2f5ad70188cb5ef2dd0464e681afc442
SHA256 2339c5064ab89cca66d2edc616cc4da10546b7a41cebe343caceec1dbf53f91e
SHA512 64467b013be0907ed3b703a580b7247891f235e8df3a93bf7d2856f756c55a791b9772bdfc51a2071e83a88550cdb132fe812a633b44e94ebab51915b672b51f