Malware Analysis Report

2024-10-23 21:31

Sample ID 240806-w33ceswfjl
Target https://papers-please.en.softonic.com/
Tags
revengerat wannacry guest defense_evasion discovery execution impact motw persistence phishing ransomware spyware stealer trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://papers-please.en.softonic.com/ was found to be: Known bad.

Malicious Activity Summary

revengerat wannacry guest defense_evasion discovery execution impact motw persistence phishing ransomware spyware stealer trojan worm

Wannacry

RevengeRAT

Deletes shadow copies

RevengeRat Executable

Downloads MZ/PE file

Executes dropped EXE

Uses the VBS compiler for execution

Reads user/profile data of web browsers

Drops startup file

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Sets desktop wallpaper using registry

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks SCSI registry key(s)

Kills process with taskkill

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Enumerates system info in registry

NTFS ADS

Uses Volume Shadow Copy service COM API

Scheduled Task/Job: Scheduled Task

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-06 18:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-06 18:27

Reported

2024-08-06 18:31

Platform

win10v2004-20240802-en

Max time kernel

215s

Max time network

216s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://papers-please.en.softonic.com/

Signatures

RevengeRAT

trojan revengerat

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

RevengeRat Executable

stealer
Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDFFD7.tmp C:\Users\Admin\Downloads\WannaCry.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDFFEE.tmp C:\Users\Admin\Downloads\WannaCry.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe\:SmartScreen:$DATA C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A

Reads user/profile data of web browsers

spyware stealer

Uses the VBS compiler for execution

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r" C:\Users\Admin\Downloads\WannaCry.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.exe" C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A 0.tcp.ngrok.io N/A N/A
N/A 0.tcp.ngrok.io N/A N/A
N/A 0.tcp.ngrok.io N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{9B131A08-B62A-4A1F-AF9D-4D407BC73737} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\svchost\svchost.exe\:SmartScreen:$DATA C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File created C:\Users\Admin\AppData\Roaming\svchost.exe\:SmartScreen:$DATA C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 279720.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 606826.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RevengeRAT.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1112 wrote to memory of 4000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 4000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1112 wrote to memory of 2112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://papers-please.en.softonic.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff894246f8,0x7fff89424708,0x7fff89424718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=9264 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x480 0x50c

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6244 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9476 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9912 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1404 /prefetch:8

C:\Users\Admin\Downloads\RevengeRAT.exe

"C:\Users\Admin\Downloads\RevengeRAT.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Users\Admin\Downloads\WannaCry.exe

"C:\Users\Admin\Downloads\WannaCry.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 314731722969012.bat

C:\Windows\SysWOW64\cscript.exe

cscript //nologo c.vbs

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe f

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im MSExchange*

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im Microsoft.Exchange.*

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sqlserver.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sqlwriter.exe

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\!Please Read Me!.txt

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe c

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b !WannaDecryptor!.exe v

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe v

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\99wx9r_s.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\o0fbvmfi.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3421.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9F4DC90EA7584EB0B59CA954B7D106A.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\lhozsadd.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES34CD.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc837E7413D9D3494E92B69D6FA33FADC.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\bxipftim.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3579.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7C79A7607E83430DAC3FBDC5B3BD90.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\btq1he0w.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES35F6.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc825A8C44EAD64DE98470A78CA81C29C3.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mmtqqww5.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3692.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc299E980FB7424A74A54BA4E449C394.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ocalscpk.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES371F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcFA0ED97565844AA699FF39615C7AD978.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\8hlrcfsn.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES37AB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB23C433C95824A129925B49C7A989A67.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\1ul71xay.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3857.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc83FC7A7813CE40759BBED1276D237F0.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\peaavrgr.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES38E4.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8BD2107050B84EB88C3AD56A9BF1C8B3.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tfoh0s-m.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3961.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4A969CE76D94C289F505BDC6FC8972F.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\j1ser8vx.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES39FD.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8F4FC91CBC34758ACED33E931D993A4.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mstdvrpj.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3A7A.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8F769A91B5B426B8B6D1D6C97B99A6.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\btitgjpj.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3AE7.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc512EE72E56784136B44A6BC5E9F339CE.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\n9ugbegu.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3B74.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc3E12EACE58014624BE4778106E5C4D58.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\yqsa3iwg.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3BE1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc700D231E2E8C45F0AEB8EE34239EA843.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tekmkrve.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3C3F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2CC85F3C95E94435BF122C7C4A51A92.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\cmf_pyei.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3CDB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc593E300B8584D1B8E779EFE69C44A64.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\bdkpfed_.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3D49.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4CA34CE0B30E4D45BD87A6A73A787432.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\znkdlorn.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3DC6.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc6334D288CB3742C6BE3399BEF71C524F.TMP"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\c6meqp5o.cmdline"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3E43.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD1B5378E144C4DFB88B978733DEDE7D0.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\m5opz2x0.cmdline"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3ECF.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc12B090242B5D4C208D7C1E8139546E14.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\rsthz5ua.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3F7B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc390B5786A4E446D88FCE87D242D32EBB.TMP"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\4wzbeomo.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE57F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD8CD03E815D44724822DB7B4A87C3B3A.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\w9w1cyn7.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE5ED.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcF9C75948CE145479D86B1608BB637DB.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ua-pj1l2.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE66A.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc17A97232CC3D49F7811C52A371A386.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\o7erc18g.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE6D7.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA3B8949CE4F407A9BE42FE8477355.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\kg4aoviq.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE773.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc69AD56439B15435A87547961AB47335.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\3onulwxo.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE81F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA60E525133EF4D339826749271A41FF.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\wclilkmq.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE89C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcF5AE67AA2AAD4C1593EB877A229242C3.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zcwgnktx.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE919.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc36064302E47541D9B3BB54ECA2227D76.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\_ttrw5c2.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE986.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9533D1C19E3A4FAEA5B34292452F39B.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\murp51v0.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEA03.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc316D1C839BC6472FA3CC695E67B995C.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\nebrubdu.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEA90.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcFAB24E1D0CF40EDBCA1275C8BE9BF7.TMP"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\2v6kkw2y.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEB1D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc523530784EB4254A21A6C7FB58C5CB0.TMP"

Network

Country Destination Domain Proto
US 8.8.8.8:53 papers-please.en.softonic.com udp
US 151.101.65.91:443 papers-please.en.softonic.com tcp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 softonic.com udp
US 151.101.65.91:443 sc.sftcdn.net tcp
US 151.101.65.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.clarity.ms udp
FR 3.160.188.50:443 sdk.privacy-center.org tcp
NL 142.250.179.196:443 www.google.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 13.107.21.237:443 bat.bing.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net tcp
US 151.101.65.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.213.232.199.in-addr.arpa udp
US 8.8.8.8:53 50.188.160.3.in-addr.arpa udp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 168.179.250.142.in-addr.arpa udp
US 151.101.1.91:443 sc.sftcdn.net udp
US 8.8.8.8:53 syndicatedsearch.goog udp
NL 142.250.179.142:443 syndicatedsearch.goog tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 99.86.72.203:443 www.datadoghq-browser-agent.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 btloader.com udp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 17.97.161.18.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 203.72.86.99.in-addr.arpa udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 storage.googleapis.com udp
US 8.8.8.8:53 di-images.sftcdn.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
GB 52.84.90.40:443 config.aps.amazon-adsystem.com tcp
NL 142.250.179.219:443 storage.googleapis.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 104.26.7.141:443 cdn.btmessage.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 api.btmessage.com udp
US 8.8.8.8:53 notix.io udp
US 151.101.65.91:443 di-images.sftcdn.net udp
NL 139.45.197.227:443 notix.io tcp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 151.64.8.51.in-addr.arpa udp
US 8.8.8.8:53 40.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 219.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 134.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 141.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 227.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 api.privacy-center.org udp
GB 108.138.233.47:443 api.privacy-center.org tcp
US 8.8.8.8:53 e78d09934c16fb95f85b774dc4f682c7.safeframe.googlesyndication.com udp
NL 142.250.179.142:443 syndicatedsearch.goog udp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.193:443 e78d09934c16fb95f85b774dc4f682c7.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 wct.softonic.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
FR 204.246.175.43:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 172.67.74.173:443 wct.softonic.com tcp
US 8.8.8.8:53 htlb.casalemedia.com udp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
IE 34.246.245.91:443 ap.lijit.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 8.8.8.8:53 brightcombid.marphezis.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
IE 54.171.44.102:443 ad.360yield.com tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
DE 162.19.138.120:443 id5-sync.com tcp
DE 162.19.138.120:443 id5-sync.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 34.120.63.153:443 prebid.media.net tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 188.166.203.175:443 brightcombid.marphezis.com tcp
IE 63.32.135.176:443 id.crwdcntrl.net tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
GB 18.245.143.100:443 tags.crwdcntrl.net tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 2.18.190.81:80 apps.identrust.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
NL 142.250.102.155:443 stats.g.doubleclick.net tcp
NL 172.217.168.195:443 www.google.co.uk tcp
NL 172.217.168.195:443 www.google.co.uk tcp
NL 172.217.168.195:443 www.google.co.uk tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 ampcid.google.com udp
NL 142.250.179.174:443 ampcid.google.com tcp
FR 178.250.7.13:443 gum.criteo.com tcp
US 8.8.8.8:53 lexicon.33across.com udp
US 35.244.193.51:443 lexicon.33across.com tcp
US 172.67.74.173:443 wct.softonic.com tcp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
NL 142.250.102.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 47.233.138.108.in-addr.arpa udp
US 8.8.8.8:53 193.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 43.175.246.204.in-addr.arpa udp
US 8.8.8.8:53 173.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 91.245.246.34.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 102.44.171.54.in-addr.arpa udp
US 8.8.8.8:53 20.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 58.139.4.46.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 175.203.166.188.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 176.135.32.63.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 194.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 97.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 100.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 120.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 155.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
NL 185.235.87.1:443 ag.gbc.criteo.com tcp
FR 185.235.86.211:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
NL 178.250.1.11:443 dnacdn.net tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
US 8.8.8.8:53 1.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 211.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 en.softonic.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.228.201:443 aax-eu.amazon-adsystem.com tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 129.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 201.228.220.67.in-addr.arpa udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
FR 23.57.6.8:443 contextual.media.net tcp
DE 162.55.236.225:443 sync.richaudience.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
FR 23.57.5.102:443 ads.pubmatic.com tcp
FR 23.57.4.32:443 acdn.adnxs.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
DE 162.55.236.225:443 sync.richaudience.com tcp
US 8.8.8.8:53 cacerts.rapidssl.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 67.202.105.23:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 54.205.209.85:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 player.aniview.com udp
DE 51.89.9.252:443 onetag-sys.com tcp
GB 2.18.190.83:443 player.aniview.com tcp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 8.6.57.23.in-addr.arpa udp
US 8.8.8.8:53 102.5.57.23.in-addr.arpa udp
US 8.8.8.8:53 32.4.57.23.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 225.236.55.162.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 23.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 85.209.205.54.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 secure.adnxs.com udp
FR 51.178.195.213:443 ssbsync.smartadserver.com tcp
DE 37.252.171.21:443 secure.adnxs.com tcp
DE 37.252.171.21:443 secure.adnxs.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 image8.pubmatic.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.2.108.175:443 bc-sync.com tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
IE 52.18.22.137:443 match.prod.bidr.io tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 54.243.109.106:443 api-2-0.spot.im tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.2.108.175:443 bc-sync.com tcp
US 52.86.169.207:443 sync.srv.stackadapt.com tcp
IE 52.215.143.104:443 jadserve.postrelease.com tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 8.8.8.8:53 tracker.open-adsyield.com udp
US 8.8.8.8:53 bttrack.com udp
US 172.111.38.111:443 tracker.open-adsyield.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 192.132.33.68:443 bttrack.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 sync.aniview.com udp
US 8.8.8.8:53 c1.adform.net udp
US 172.240.45.78:443 sync.aniview.com tcp
US 8.8.8.8:53 equativ-match.dotomi.com udp
DK 37.157.5.84:443 c1.adform.net tcp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
NL 63.215.202.140:443 equativ-match.dotomi.com tcp
FR 178.32.197.57:443 rtb-csync.smartadserver.com tcp
FR 54.230.112.35:443 s.ad.smaato.net tcp
FR 178.32.197.57:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
DE 51.89.9.252:443 onetag-sys.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 172.67.40.173:443 spl.zeotap.com tcp
US 216.200.232.249:443 sync.mathtag.com tcp
FR 178.32.197.57:443 rtb-csync.smartadserver.com tcp
NL 172.217.23.194:443 cm.g.doubleclick.net tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
NL 81.17.55.170:443 ssbsync-global.smartadserver.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
US 8.8.8.8:53 83.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 213.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 137.22.18.52.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 106.109.243.54.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 104.143.215.52.in-addr.arpa udp
US 8.8.8.8:53 207.169.86.52.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 111.38.111.172.in-addr.arpa udp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 84.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 78.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 140.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 57.197.32.178.in-addr.arpa udp
US 8.8.8.8:53 35.112.230.54.in-addr.arpa udp
US 8.8.8.8:53 173.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 115.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
NL 172.217.23.194:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
FR 23.65.202.55:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 cdn.indexww.com udp
US 52.46.151.131:443 s.amazon-adsystem.com tcp
FR 23.57.5.90:443 eus.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.2.108.175:443 bc-sync.com tcp
US 8.8.8.8:53 170.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 161.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 55.202.65.23.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 90.5.57.23.in-addr.arpa udp
US 8.8.8.8:53 131.151.46.52.in-addr.arpa udp
US 8.8.8.8:53 175.108.2.8.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.27.27:443 connect.facebook.net tcp
US 8.8.8.8:53 csm.fr3.eu.criteo.net udp
FR 178.250.7.17:443 csm.fr3.eu.criteo.net tcp
US 8.8.8.8:53 1ea22d09150c15e5eadbc80f2646ee90.safeframe.googlesyndication.com udp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
NL 172.217.168.195:443 www.google.co.uk udp
US 8.8.8.8:53 www.facebook.com udp
US 130.211.23.194:443 api.btloader.com udp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
NL 139.45.197.227:443 notix.io tcp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 ce.lijit.com udp
IE 108.128.116.23:443 ce.lijit.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.2.108.175:443 bc-sync.com tcp
IE 52.18.22.137:443 match.prod.bidr.io tcp
US 52.86.169.207:443 sync.srv.stackadapt.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 www.instant-gaming.com udp
US 104.18.4.124:443 www.instant-gaming.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 23.116.128.108.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 124.4.18.104.in-addr.arpa udp
US 8.8.8.8:53 gaming-cdn.com udp
US 104.18.15.72:443 gaming-cdn.com tcp
US 8.8.8.8:53 widget.trustpilot.com udp
US 104.18.15.72:443 gaming-cdn.com tcp
US 104.18.15.72:443 gaming-cdn.com tcp
US 104.18.15.72:443 gaming-cdn.com tcp
US 104.18.15.72:443 gaming-cdn.com tcp
US 104.18.15.72:443 gaming-cdn.com tcp
US 104.18.15.72:443 gaming-cdn.com tcp
US 8.8.8.8:53 accounts.google.com udp
FR 3.160.196.92:443 widget.trustpilot.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
US 8.8.8.8:53 player.vimeo.com udp
US 162.159.128.61:443 player.vimeo.com tcp
US 8.8.8.8:53 72.15.18.104.in-addr.arpa udp
US 8.8.8.8:53 92.196.160.3.in-addr.arpa udp
US 8.8.8.8:53 84.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 61.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 fresnel.vimeocdn.com udp
US 8.8.8.8:53 f.vimeocdn.com udp
US 8.8.8.8:53 i.vimeocdn.com udp
US 151.101.0.217:443 i.vimeocdn.com tcp
US 34.120.202.204:443 fresnel.vimeocdn.com tcp
FR 199.232.170.109:443 f.vimeocdn.com tcp
FR 199.232.170.109:443 f.vimeocdn.com tcp
FR 199.232.170.109:443 f.vimeocdn.com tcp
US 8.8.8.8:53 js-agent.newrelic.com udp
US 162.247.243.39:443 js-agent.newrelic.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 217.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 204.202.120.34.in-addr.arpa udp
US 8.8.8.8:53 109.170.232.199.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 bam.nr-data.net udp
US 162.247.243.29:443 bam.nr-data.net tcp
US 8.8.8.8:53 71985a2952be9a687555fb93c0fd8163.safeframe.googlesyndication.com udp
US 8.8.8.8:53 js.adscale.de udp
FR 18.161.111.66:443 js.adscale.de tcp
US 8.8.8.8:53 39.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 29.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 66.111.161.18.in-addr.arpa udp
US 8.8.8.8:53 ih.adscale.de udp
DE 3.127.163.222:443 ih.adscale.de tcp
FR 178.250.7.13:443 gum.criteo.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
NL 185.235.87.1:443 ag.gbc.criteo.com tcp
FR 185.235.86.211:443 gem.gbc.criteo.com tcp
NL 139.45.197.227:443 notix.io tcp
US 8.8.8.8:53 222.163.127.3.in-addr.arpa udp
US 35.244.193.51:443 lexicon.33across.com udp
US 104.18.6.198:443 cd.connatix.com tcp
US 8.8.8.8:53 prs.sftcdn.net udp
US 8.8.8.8:53 cds.connatix.com udp
US 8.8.8.8:53 push-sdk.com udp
DE 178.63.248.57:443 push-sdk.com tcp
US 8.8.8.8:53 198.6.18.104.in-addr.arpa udp
US 8.8.8.8:53 57.248.63.178.in-addr.arpa udp
US 8.8.8.8:53 capi.connatix.com udp
US 8.8.8.8:53 uidsync.net udp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 ins.connatix.com udp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 lit.connatix.com udp
US 8.8.8.8:53 vid.connatix.com udp
US 8.8.8.8:53 68.33.90.157.in-addr.arpa udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.2.108.175:443 bc-sync.com tcp
IE 52.18.22.137:443 match.prod.bidr.io tcp
US 52.86.169.207:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 img.connatix.com udp
NL 172.217.23.202:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 kps2yp94aqw5yi5d2.ay.delivery udp
US 104.21.41.177:443 kps2yp94aqw5yi5d2.ay.delivery tcp
NL 172.217.23.202:443 imasdk.googleapis.com udp
US 8.2.108.175:443 bc-sync.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
NL 142.251.39.102:443 s0.2mdn.net tcp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 177.41.21.104.in-addr.arpa udp
US 8.8.8.8:53 102.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
NL 216.58.208.98:443 pubads.g.doubleclick.net tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
FR 178.32.197.57:443 rtb-csync.smartadserver.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 142.251.16.120:443 csi.gstatic.com tcp
US 142.251.16.120:443 csi.gstatic.com tcp
NL 216.58.208.98:443 pubads.g.doubleclick.net udp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 98.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 120.16.251.142.in-addr.arpa udp
US 142.251.16.120:443 csi.gstatic.com udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
FR 5.196.111.73:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 73.111.196.5.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
FR 5.196.111.73:443 rtb-csync.smartadserver.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 vod-adaptive-ak.vimeocdn.com udp
GB 2.18.190.78:443 vod-adaptive-ak.vimeocdn.com tcp
GB 2.18.190.78:443 vod-adaptive-ak.vimeocdn.com tcp
US 34.120.202.204:443 fresnel.vimeocdn.com udp
US 8.2.108.175:443 bc-sync.com tcp
US 8.8.8.8:53 78.190.18.2.in-addr.arpa udp
SE 2.22.31.152:443 www.bing.com tcp
SE 2.22.31.152:443 www.bing.com tcp
US 8.2.108.175:443 bc-sync.com tcp
US 8.8.8.8:53 152.31.22.2.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
SE 23.3.91.165:443 th.bing.com tcp
SE 23.3.91.165:443 th.bing.com tcp
SE 23.3.91.165:443 th.bing.com tcp
SE 23.3.91.165:443 th.bing.com tcp
US 162.247.243.29:443 bam.nr-data.net tcp
US 8.8.8.8:53 165.91.3.23.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
SE 40.126.53.17:443 login.microsoftonline.com tcp
SE 40.126.53.17:443 login.microsoftonline.com tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 8.8.8.8:53 17.53.126.40.in-addr.arpa udp
FR 5.196.111.73:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.18.190.145:443 aefd.nelreports.net tcp
US 8.8.8.8:53 145.190.18.2.in-addr.arpa udp
NL 185.89.210.20:443 ib.adnxs.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 34.120.63.153:443 prebid.media.net udp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 s.richaudience.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
DE 46.4.139.58:443 s.richaudience.com tcp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
N/A 127.0.0.1:9050 tcp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:9150 tcp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 3.22.30.40:19521 0.tcp.ngrok.io tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 8.8.8.8:53 0.tcp.ngrok.io udp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.18.190.145:443 aefd.nelreports.net udp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp
US 3.17.7.232:19521 0.tcp.ngrok.io tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0446fcdd21b016db1f468971fb82a488
SHA1 726b91562bb75f80981f381e3c69d7d832c87c9d
SHA256 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA512 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

\??\pipe\LOCAL\crashpad_1112_QOYLOZRIGKZRMLUM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9b008261dda31857d68792b46af6dd6d
SHA1 e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA256 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA512 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6120868b7627eac6efee3b7dd0b900d0
SHA1 b30ca57c2a3ef5d83084daacbbba28165d7f557e
SHA256 6e6c3c3669a61bfffc57e517834d0d586c2e73e0c20aa1b4122a259a1cc6539d
SHA512 fbee98b3d3dd4e6b7f2f2f8f25a776aa3470228678e3812c0e43f185097f3bb73578a2fd9da2d66c3cf2e7ca4209d709dd6e7748f7fb2fac95042f31a0cf34a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 3e552d017d45f8fd93b94cfc86f842f2
SHA1 dbeebe83854328e2575ff67259e3fb6704b17a47
SHA256 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512 e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 216c26fe5e733d91ebe9aada72893a71
SHA1 4292b20f3ea6c258f7f54405d2a6464aa178cb45
SHA256 9fd219a860676eebb9769a004e17c256d7cf376148bfadcf7f7f6e2f2f3829cd
SHA512 d40976df17f25648549ac9152c45894e7cbb10d29ccf24b732fa3c599c01f0e9b78034b11338269c28816d660a2a23d1d511d44b6a1a06b81de1fe73f5c9cb37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 401c1ae0b6d9dd2e57da1c76afc61d4a
SHA1 72559f3a526f770dae7102b516e6721114f65fc4
SHA256 e135215e8546a2723ef6381fd06a2b35843906fc38d904034f7d84e2116a9fad
SHA512 06b0b354db4d5f03a43115fcc1df88e682113f0f9013df8950961454e2be348d27b75e39fe1cfa910beb165f642df33800a508cd487251b2185bc0bc6f26839e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 6931123c52bee278b00ee54ae99f0ead
SHA1 6907e9544cd8b24f602d0a623cfe32fe9426f81f
SHA256 c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935
SHA512 40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a19544dd8e5e4b2_0

MD5 de25a2d4dd88a27cf53c4f5a53a0b735
SHA1 88610a018f79e646bd2ce085f511cad66bc313ad
SHA256 1d7ae59997278e07a270d493bd18e7c7b1b6e704cd44ff2ce015939c63e7e8be
SHA512 c3e2151a1868325731d6944b492bb17fd721eddb55e723f57038e5f1c28811ae7a413a712da9c2a58000387dd432004d85ce9855178667a97399e6db2d7e8af3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 0800f316866f3b20e5443bf0b6c133a2
SHA1 0c26d720ec1078b683068d5586b3a204ec118bba
SHA256 8bf6fdda34cb70a0e5abb753af6440a64d37ed2fee81ab1d9c478f7d77aff84e
SHA512 84d9961ef0b3890094c0809750708d57ab23a9e21f76fbddae37fe04443b44c693dd087e51ed06e5ea2900f1fa7f2bda76f8991d3f8396dacfaf923438e48d75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cb8aa1d6e4ecf0e1_0

MD5 b1133f1cf1de13ef688d970721612c14
SHA1 ae41e2e3b46a20c382ad90e2ac53752cb1ed7ef5
SHA256 b039f27ffd9b0d5ab1af1b6e4469e0c7bef0ff55f9bdd007b3a65d26ce7ee314
SHA512 b1ec27b398c85f0f33fb0fc7ca0b08e4a1d539d1eda8d60e5ba3afd25400c868c3febfb7a0a7b909b4199f9c433e03fd8df70f2f374e3f22b9fa682702d1d577

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 7cdacd214f7eaa30897765a989a4d96e
SHA1 aaa6372dc510564392b5c149d0b04edf5deef48f
SHA256 e238fdd1a3724b4cbb5d862fe771264a5352bbaf8aee2c85bfac8242b5940034
SHA512 5bd53f1db2c30781cabeab73672ef6bb61d3d40b8c37bf42414ab7ae001918eb897545cfa88d7fc2e936a2b9f5e5b276613f4b5ffb96d71a7032ba3cbb7bfe8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 67e30bbc30fa4e58ef6c33781b4e835c
SHA1 18125beb2b3f1a747f39ed999ff0edd5a52980ee
SHA256 1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba
SHA512 271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 1f28801aaa01f8c1cc2f87e66344e8ad
SHA1 366e6a11383b097ddbbd560b967074f1b0dc4f8f
SHA256 0b110f0ac15be93f4bb2272d6c0bf858d4b1fb555663924d19f39a4525b88a52
SHA512 0160a192703bf11d0ef36f1d74cff79890befb6e4dc83ba77335eba8d1167eb395feb671f54a45bf7789eec6544c35e24891b6d9132d88879b01d35d5acba0cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 c175a1acfddf2d267654a2cfc96fc395
SHA1 bcf7d36bc18066ce96332ca69c754f4dd32467f9
SHA256 f55d1cb1115cdc60d92a99b2666254b4fc73ec80ce2de6cc208f6230a3b54288
SHA512 628cac38cf2f49abe25af82f96c980a8e3bea8522b543ffaf78d32c8fca933ad39f21153e2c710dda9a89dc695ec2f801fccb93e56dbd82dd7a9ff77978b93b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 d4f79c8b71f5a580bd6b2cfb715fb8a8
SHA1 1f302524b5bdb5248e4f760eaba906321ac0bc7e
SHA256 8f8aa1da551f73e067ab2f6258842bca9f60874b9d3ca4ce799d96bfac17e60b
SHA512 df8896e8fffe9dcdce4b133850b35ee4d5771bd8bcc2d04d95182026b3e0c1214683f76d42da80e3115096bc9e66d7fb8afa002b21b40c5381d849d40307477f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 4804ed3fd76930d8cfd481e8c692cb56
SHA1 f736a301068c4ffbf70c541a89c53779f771e875
SHA256 311a12f8a9b86f2770786d33ff69fea935958d8b8b5fd6d3ea8d76ac8eb456f3
SHA512 41a770ccbf60f15582ba8e830495f3e2f08ec9bd777dc111a8f03abb0be58deffe2f061ff566d0ad875e30205324e4786ab1732141fcff2a8c8608330da0914f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 7651b1187bb58ac4c7be625337b35e5b
SHA1 307d969ef4137a66fe2793737dc1c546587c7f43
SHA256 0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968
SHA512 a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d2182d73d88fb77fe3d77e786b58ea30
SHA1 52ebd5f3057c275b6a239a8a8aa4c470606f2081
SHA256 0b70542cd4a7285f479aa9e746e993c2ee3f293617cf69db77195ef69106d3aa
SHA512 834c00be8363b0d3c93b7e92f2ed398743c33e3e03febf1bf2337917f042e0bffcc49a37388748890977af841b4b5a573b10a24ffd1f07fa21f8772369a0d585

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f663c6935b98ba77712998fdceef73e5
SHA1 7d73b78d7807a217a1cff336f90593a92839d33d
SHA256 2fb3d66b8eaa5eb871e50008faa1f378ac82257bd6bc68605cf8f5bffa471af8
SHA512 706a7416c7d0e8e8c4145fb07b874471ce2e8053a5ac6cc7e605c84310cab141e511ba60456acab644308690d483cc61cc09cf19c2a184c4f355cd3180a95ba8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58117f.TMP

MD5 482e5a89af66814e7b021a091bf289b8
SHA1 2c5fa1754b93559aa9ba3efc540e24b83213ab18
SHA256 65c58a21db894649fdc43e29ac09c01ae36d56c657fe63d813a956bb9b874ecc
SHA512 ac095d1024e17fb6b3fae2ce95d08a5cedfec07a8c0f30b2ddbcd7e18af7cf7be2d04dbe46b1f2fc7f3eae92504fc2b6172915cd26d38c5a4404cfd6a5875848

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 010966f1a7a2d91055444a2388217c70
SHA1 2182189e92e5af47929fda40e1f9e4c3ed8a0bea
SHA256 63dc95b8beb2854e2eccb6408b0131a4076a8ac001f6f32c4235ef9d7f5f1542
SHA512 4bb4dd03dc1c9ad3464e5a4dae9f3df3e8d1051f78bf05daf678c62b171cbc8575facfc8ba2f774f5f79edc278077b6b50d2c28cdb1abd40131fafc062fa3d01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 48088bfadab03e26f9c26b67c17c67f9
SHA1 a34e4ad3237bb344327246425f3ca1bcead96ba6
SHA256 fe1c8489eaf41a0afc7282d2592131030dbd82f7c1bce0b245c6f619799b41b7
SHA512 c6d531ae42e980fdd5d6aa42855912925b6ee6ead1f5b2e1e9db1809c3fab6ac117526ba2ff8a16b3d5fab97915f5496e9eaddf98f93d4f6bc7869e718b3c787

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 8d35e5a431f4c2dbc25de5c812df8381
SHA1 2904985721547092012996115401e49362898ea7
SHA256 b70ad694d25e7585319a62a094a2e21f5d2195fdcf1b09fabd444a3045499357
SHA512 25155aff6d250435f3def7d8878690d79aea9c5ba98910fb70c7506ec241d860185cd80d564b5060aee4597d8de55306fcfea353da1a348277e043038df826a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 10a8a83c6230c12a4890329a352f3617
SHA1 6e3aa832e17bea6716802ee1ce873271349251a1
SHA256 3876ec1287afebfe3ade64a0fc5d75b99a2273b37c90309cb0b5ef4b056bc1b4
SHA512 49dd17a22eabc653394aa5a6c4eaf28d3d61cec7b7f835555d72a47b75d4983a98b0dcfd15abe426b83c29ccc6df062a46d972a66656872ae43b82286d3f859c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 c7fc68db8eb2e60b41d9eafae56791a4
SHA1 c95e84a84dd4acc219414dd0a6571dbd21cb8ce4
SHA256 130450207e896ed768c4e7ad7f889844fd4cdfa634b981ab837e3626cacc7601
SHA512 fa0478f2894f8e9d691947d890c781a1440f1468b50c2691cedd293e4f6d6cb21dff2a3d5ad42e966bf719a6bcc047bec3427a5af21b2671fc8d59363252c9c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 8be102e2c9ff27f0c1ad9d93138522f0
SHA1 2e9233646304b9cb72f73b09d1e89fdef1d7369c
SHA256 dd46a083bd9e98443f97cf9129cf8d4d782deac0c28e1f7b4a65df000f9e164f
SHA512 e3a570317c4c770a9feff907a7386e5db454ca356ef974a8a141241c4bd24a989fdefca76bc01934768e3ab05ccced4da01a34f3c81d1b41c224b200cfd058a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 42e84ebcf5470237abd1f9e322b751fe
SHA1 a828a45804554507d9e8521c36109e8bc3d5eca2
SHA256 a9fc7baee3689f0331e46617f60d6e7c3ed631209b7211e7dd09cf20d22a64c1
SHA512 36606d42aee5689819dedf221af3c6c0da06aeb9997b9ce84b42db42ab80a0926352219f1e47f2287dcc850fcc96e4eefd5e487e09e1f1228102eced11271e25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 46e6043b3a70e5986f0b72a748d9e3e2
SHA1 5d3ac460401a49fb84286e0f8b9edf6167530fa6
SHA256 171b12a8c0900d5f0d9e700eb668c02f167ad6f7adce4b9c36201ee10aeae005
SHA512 c0f875ed0d9e05a7439ac9d160edf59ed3b1b384b87dca5b75de3ba11a47a94d543f108ee60aaf421c965c0635408003535795e0f6601afdef4010d982724385

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 ed6f3488a52d280647a945c2246fffed
SHA1 0886f5cc792b3e6871e518d4508cb9ee596291be
SHA256 23c4e914250fa50d586f63ea933645e6d371883236b1ef0584b7716a31eee09a
SHA512 20121497af10f067992a1bfe44e1177656b04b6b2315373d9ae094992c7062d4b579155b4e508b7c466a5d17ea5e16eb63258174fc33a62090c704e28389d041

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 66ea1c6bf26309f295083e8ffb5f6d2f
SHA1 e48a9abc7cc21f755acf9150ee6b3e9f741226f4
SHA256 7b6b7a436f160f8ccefbda751fc1e122e9a1c61fb75eec400159c999f3a4e1ff
SHA512 8d8e25f27532e16de0b5e08ddec7bc1b04d6fa3729c4fbc4a3ce23707dd9718b73c37cb3859889c41aed78cbb7c815159b9481ae7d496a4c375e96a1f042d57b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cb8aa1d6e4ecf0e1_0

MD5 a22c3a33a76abc6ddc014107f18df6b0
SHA1 689f46f4ab16407129cb5a0e7b2be4ad5ff3d739
SHA256 75045ea030d515749de3896ad951d15631eab7f46cbfc0ee9bfc56b23ea65a62
SHA512 7cd62c754cf7ebc5fc22861b82fecdef673c25cc3cdba33588ef75a0600ea7d4613fe047888199e4d77ae4cab050081c78602d8d962ef4a21cc498db8d9bb10d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e05eba8c1f7ba55c_0

MD5 d3e9142eb08e3c4517c9a85e7b1c278b
SHA1 56cf8f49235b104a3042de5bdc04a97b9d2fd9e8
SHA256 22f3194285e32d617170b356458ccce212dd7c8d3f3f386c6596fb766e77cbba
SHA512 6e6bcc470e5823bfcc170ae72da2b8ef70aa6fd802c4e6224da634b25b690d6080fb1cc0b6cf983a509f036065cec3467341e20a474dfde7e4e412dd29f1f01a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d2d211d3487b95ce1e33a01f8ad7ea7c
SHA1 b62846a2148ead8612b6c1f0e615d0acf5ada526
SHA256 ba7889d89fa7f430d30910548d6e48b15034e43bf9b784afe33fb486f3b442f2
SHA512 d468a94f178f8a4b66bce2fad4e217be6ecb098729c9b0073b381492798b9d510e1991d54ac0d0f965be549b77965b9ec085c93ad02a5cc91ed3e75698cf2f2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 98b2f5c77c11a74994ac450055cb8560
SHA1 0a2ec2295b23cba6d25cc6f8f5d7b7b5fab7496c
SHA256 ec09e612516aacb06edb8e6ee09e723febb6770a8494b82af4aa593c34ffd28c
SHA512 9fb4d5f088cb522b03920781ac3f2fd7ba3a9e5c55c08a29b2d789a12ec7e470e2e2f574c3327492a46d0aa2640085b88a6b5669787db89ab5f9a48381431a66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9ce571d972523225b673c1db25d2b5aa
SHA1 a85b54bbaff919a6657185ffcc72063355bb6bd0
SHA256 1a93e7ef45e7468f216885ddfee70be4f22c83db00b32277af6ef5ea0e3763fc
SHA512 1c9fb8b133c1981c16a9e1b1d5aa3520238e2f2a45c0470955d0adc6a9c4520fe4a983884908306737f0def8165afcf3bb4de3da39d856b1aabfe65ced8cb8cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 be75757afb4b428e70f8550d19f64d80
SHA1 e9a1c55ff9a8cd1907bf6a5696cb0c70fa4f883b
SHA256 3c888fb84b0ef2533ea50bf795a7fe564bb40a1bcf440045356b68f8079c043c
SHA512 b5efa43df9d09925d675ed1c82e085c4b8fb97d3db8b1c9e45b7bf2752f0d937a1d9f49a17e12038cff2dcc65208028aca3b490511d2c6d9b3450546f74746cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 005769e0b36fe19ea9c0fc6fc4e5398f
SHA1 76176e85aed69bd76f01917ce9e592ded338b898
SHA256 5c030c26f46966c2ccd8e4ce2eaf6cf0c680204e8ba8c0cc6ab26b807b42fa81
SHA512 3b8cf8db302494fce4c39ca8c5de702ed69dc3de6ccb511809fb11b9b3bde55d9321ede26ee1d87b7ef34cf9cc609aab24fe0cacf4bb2e10bae3dcc41c41c806

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 572dba2eb1940ad33cfe14996a814cb8
SHA1 b8585a28852c9c18cf794b75f97f37af6c717521
SHA256 19e68bf20797dd1669109c9dbb838b94b29c0ab00a8f85fd0df0cc0e037d7b06
SHA512 ddf9cab3f42e82665a522f8f744b911cfe8012ac795c2b25d88ceeee65a7685df3e393244e73ce0c06816be8bbe9250f2d7523a8beabe6eb8bb5feed4b80c889

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f871c315ee672216dbd9bab677ed26eb
SHA1 ccb8aa163191c8d00ca15fe4d1c3c4c516b90b78
SHA256 8779e2f1ebc7de1670b7f3e0c521e0155030d9b6c9212c63542452696ba78271
SHA512 0eb39033d41e38e901737c213ee151bdfbe9280602b34a16e2c116ce73f1d9169a3bcd3dcdb288ffc8c57a26e00705066c1ca54bf17e8889428d1d8d50e680c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8e0cdcecc12c0b16d8e67d36af6141e6
SHA1 d4002efbdeea2cce4e065095f1b81b07f7226cbc
SHA256 cd3d4940d5048d586e229a03c9da7c2a6fad92d852e75c1ef1b5923203e473c6
SHA512 525a67497702cc0c51c21b168ceaad966f2c24966cb5890776f08066a922f4429d75e3cca7c183e8e5ea268f0b9304e0feb498d33966440a9057d43710f7fd73

C:\Users\Admin\Downloads\Unconfirmed 279720.crdownload

MD5 1d9045870dbd31e2e399a4e8ecd9302f
SHA1 7857c1ebfd1b37756d106027ed03121d8e7887cf
SHA256 9b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885
SHA512 9419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3ba1faf0a71bb32955fe4152bcce6d06
SHA1 3f702081eb5a3a9014a33168fe680a2fcdf2fce5
SHA256 56763d8334640adf7a6f79c26ce7b2f9271424c0df067f981531d5bda36c56c6
SHA512 c6062ebf7b7868fcfdb519a0b249fd35d6535585e5d8cf2d4522d4b4ce89c688fa962c5025bc9404c91ae90f4b3747663e3363cc439c310aa939dc3cca5c0f95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ed1b1345935e74c2f5e7bcc153456602
SHA1 3571e30aa3e194d3ea6aefd6dda6281a2adfaa23
SHA256 b72ea23d14c7d387dfa42342d0b773b11d36d7933de3bff4bd35ef4754e53b0c
SHA512 fc6328b99e3585737a74e5ccbc4eaf18f8e98e1c59f29f3930b07ccead794246a04757e993da2428f56645c76ee3a0a89b1e16b91b3c8570547ec3ef96bf064d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 babd5a2eb8cf4d00ead4feabafa91d2f
SHA1 15294e7b7b40bcea0dbaf4c77cdec93f6f37d517
SHA256 8c56af92608687f4601bda23d23262ed68641cb9b0a481722131336ca04c2251
SHA512 189c3a26454e5d7dfc361a8cc23ca635677d8657cdab410414c679aed47bde873c0779ec050037b4adc129c813914a02a1f9fc251017fe4117d6e0793c21feff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f967138de260cba97eb6a87ac20fcdf1
SHA1 c5868da5383ebe0c0e7366d14c81e577783f88f5
SHA256 97652bad1eaa1b8b73d76d5d44f1a3b8cdf7c9aa447c720505d4bf92ac186a82
SHA512 89abafaefa3e0666e236846e144afdd4fe1c8bbdc6b4b0fc42225584d4b60ddcc1fc6fb8f90c9a0d00f94b86763ec7dbabffd77bada2c45cb43957739ea81ca4

C:\Users\Admin\Downloads\Unconfirmed 606826.crdownload

MD5 5c7fb0927db37372da25f270708103a2
SHA1 120ed9279d85cbfa56e5b7779ffa7162074f7a29
SHA256 be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844
SHA512 a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4db03bb2a2b08f13003aaabc55c093d4
SHA1 010cecbf85334191270178682f85ffd3e3bea75f
SHA256 06a2c537b043ac26d69f4f1e366ef77187b05ab081c435920801a4999b37b85a
SHA512 c82b43f6fbbfab1883641d595eae937174022655a68c7834a9ccb8003778baafcc194c39fafae91b95b0773872bc25e644ba688d31c107486c44cd3aca2dadaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4126e05440f2d7c2140a673d63448d9b
SHA1 66bac887d4575e5f9bde4776b7ce6ace3b7de878
SHA256 8eeb85f6da9e955e9c674d059ca2da5a373e3e899dbc31036053c3ae7509cc7f
SHA512 f98c8dbab843af4171d7ed808f37ec9a36ff399b1172e33136c118ebf4fd6b2998c30b033d6f9275c06e118727af9bf8f4a1ca536ac8ed8aa0ac31adc1f22278

memory/2720-1495-0x000000001B9D0000-0x000000001BE9E000-memory.dmp

memory/2720-1496-0x000000001BF50000-0x000000001BFF6000-memory.dmp

memory/2720-1497-0x000000001C0F0000-0x000000001C152000-memory.dmp

memory/3428-1499-0x0000000000400000-0x0000000000420000-memory.dmp

memory/6168-1500-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4eb488780a97b62b19f0b4031540bf6c
SHA1 844282be0d74629cd27f8934a19ce3c6d9ed8310
SHA256 53f46697831c0a4ed6bf9e0c0f886f3f34ebbd3a6f4f1d2d5157a38a06baa2c8
SHA512 85998c1f9d2460bbbf6a09e731813df11531f4c5b1738204c82ecadc0b83e8393e11a41d79d9f019f15411e50ac3bd6e2e32e2e8d25d8eae3f79a3a43242b138

memory/5700-1535-0x0000000010000000-0x0000000010012000-memory.dmp

C:\Users\Admin\Downloads\u.wry

MD5 cf1416074cd7791ab80a18f9e7e219d9
SHA1 276d2ec82c518d887a8a3608e51c56fa28716ded
SHA256 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df
SHA512 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

C:\Users\Admin\Downloads\!Please Read Me!.txt

MD5 afa18cf4aa2660392111763fb93a8c3d
SHA1 c219a3654a5f41ce535a09f2a188a464c3f5baf5
SHA256 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0
SHA512 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

C:\Recovery\WindowsRE\!WannaDecryptor!.exe.lnk

MD5 d65839197b000441fb7d54ffc45f98cb
SHA1 8f9cbf8e183e8e5b1092fe8ff9919ffc81d2adf1
SHA256 f3fcb6945a8489248aac376e574382c999e98b8b5487a25892bc6afbdcffb4b9
SHA512 4195d2ec7de6b44f967c2eee1f22cab210513e72ab8a4f9a95d0492ca2e877ed0df7123a519581136a8155720021429a4092b6b92cbb6a5ca26b7bc2c029de95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 64e5e51f9f6e79eb6cd22ab79d4037c9
SHA1 58b2fb7df3b951977737e985b31ac8a36a5f3b9c
SHA256 3da14250757821051ab4418e5043ea225f4fcb99f44ded5595c533e8232dcf25
SHA512 3b18c59e85f7f17c7820128476f15d30f9db0faa0e807eb1b8b9d2d0a043df7b5809a494265aa65f85192e097a097169199db4d4803b9bf376c7cecd9f18b70d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8c9cd4d21bf96bfa2a80bd4ac5e40643
SHA1 3ad7030b06c6d3875283038e19e10a35946198d7
SHA256 aa23d9fc6f876161c177ef702695ed3e128ebdde9d8169fb74f5be4b33fbed1d
SHA512 a3d5ef7482ce902e1d8c7218c23d22871967ca5cbf1d8e4b300eab622f449a12e6c41d19a5074a34200fac51f0d6f71fdd6d8893802d8cb4e787be2dd31336c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bfe7a8d97722554b2508cf9a032ec945
SHA1 5d0443e1e14f2748ac8a0546474f429cf23424f3
SHA256 0aa2593a50ea5a2b6725a406037806cf3b2344a7970859e8bac3cae65cfb1a78
SHA512 dc8673de0c43b4d0b235f0ac15a09aa0efd4f1b4a58c0fc6c5cf829fca306a24ed0cb1ce02dfbfcb9e986d4cb821cb97310ab3e9820fbc382dfdca439ddbebd3

C:\ProgramData\svchost\vcredist2012_x86_1_vcRuntimeAdditional_x86.ico

MD5 fde1b01ca49aa70922404cdfcf32a643
SHA1 b0a2002c39a37a0ccaf219d42f1075471fd8b481
SHA256 741fe085e34db44b7c8ae83288697fab1359b028411c45dab2a3ca8b9ea548a5
SHA512 b6b4af427069602e929c1a6ce9d88c4634f0927b7292efb4070d15fb40ce39fc5ce868452dcd5642b2864730502de7a4c33679c936beb1a86c26a753d3f4dc25

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

memory/988-3300-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp

memory/988-3301-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp

memory/988-3302-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp

memory/988-3312-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp

memory/988-3311-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp

memory/988-3310-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp

memory/988-3309-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp

memory/988-3308-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp

memory/988-3307-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp

memory/988-3306-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vbcA3B8949CE4F407A9BE42FE8477355.TMP

MD5 3906bddee0286f09007add3cffcaa5d5
SHA1 0e7ec4da19db060ab3c90b19070d39699561aae2
SHA256 0deb26dcfb2f74e666344c39bd16544fcaae1a950be704b1fd4e146e77b12c00
SHA512 0a73de0e70211323d9a8469ec60042a6892426e30ad798a39864ba123c1905d6e22cb8458a446e2f45ec19cf0233fa18d90e5f87ec987b657a35e35a49fea3b0

C:\Users\Admin\AppData\Local\Temp\vbc69AD56439B15435A87547961AB47335.TMP

MD5 85c61c03055878407f9433e0cc278eb7
SHA1 15a60f1519aefb81cb63c5993400dd7d31b1202f
SHA256 f0c9936a6fa84969548f9ffb4185b7380ceef7e8b17a3e7520e4acd1e369234b
SHA512 7099b06ac453208b8d7692882a76baceec3749d5e19abc1287783691a10c739210f6bdc3ee60592de8402ca0b9a864eb6613f77914b76aec1fc35157d0741756

C:\Users\Admin\AppData\Local\Temp\vbc36064302E47541D9B3BB54ECA2227D76.TMP

MD5 47df494f2e559672edb5b0c34b15393d
SHA1 2629682a6b60cb29aead2ef985eb808f2a342a1e
SHA256 39ef23fa7819a8c04d23e206bcc619bbbec2ac19fe79545fccc358beba415d04
SHA512 2a348b83eba04f9546c8d5f6e92f9fecb375cec03f52b3be70f1f911c68d651cef691d2e57be03b8401787065ae2096f1d09641ab7d072a5a8fac78817e87cf1

C:\Users\Admin\AppData\Local\Temp\vbc316D1C839BC6472FA3CC695E67B995C.TMP

MD5 dac60af34e6b37e2ce48ac2551aee4e7
SHA1 968c21d77c1f80b3e962d928c35893dbc8f12c09
SHA256 2edc4ef99552bd0fbc52d0792de6aaa85527621f5c56d0340d9a2963cbc9eed6
SHA512 1f1badd87be7c366221eaa184ae9b9ae0593a793f37e3c1ce2d4669c83f06de470053550890ad6781b323b201a8b9d45a5e2df5b88e01c460df45278e1228084