Analysis Overview
Threat Level: Known bad
The file https://papers-please.en.softonic.com/ was found to be: Known bad.
Malicious Activity Summary
Wannacry
RevengeRAT
Deletes shadow copies
RevengeRat Executable
Downloads MZ/PE file
Executes dropped EXE
Uses the VBS compiler for execution
Reads user/profile data of web browsers
Drops startup file
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetThreadContext
Sets desktop wallpaper using registry
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
Kills process with taskkill
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Enumerates system info in registry
NTFS ADS
Uses Volume Shadow Copy service COM API
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-06 18:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-06 18:27
Reported
2024-08-06 18:31
Platform
win10v2004-20240802-en
Max time kernel
215s
Max time network
216s
Command Line
Signatures
RevengeRAT
Wannacry
Deletes shadow copies
RevengeRat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDFFD7.tmp | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDFFEE.tmp | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\RevengeRAT.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | N/A |
Reads user/profile data of web browsers
Uses the VBS compiler for execution
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r" | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.exe" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2720 set thread context of 3428 | N/A | C:\Users\Admin\Downloads\RevengeRAT.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
| PID 3428 set thread context of 6168 | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
| PID 4452 set thread context of 656 | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
| PID 656 set thread context of 4900 | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{9B131A08-B62A-4A1F-AF9D-4D407BC73737} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\svchost\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 279720.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 606826.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\RevengeRAT.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://papers-please.en.softonic.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff894246f8,0x7fff89424708,0x7fff89424718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=9264 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x480 0x50c
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9476 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,1002099807931776066,6610188275414997995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1404 /prefetch:8
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\WannaCry.exe
"C:\Users\Admin\Downloads\WannaCry.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 314731722969012.bat
C:\Windows\SysWOW64\cscript.exe
cscript //nologo c.vbs
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe f
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im MSExchange*
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Microsoft.Exchange.*
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlserver.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlwriter.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\!Please Read Me!.txt
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe c
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b !WannaDecryptor!.exe v
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe v
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\99wx9r_s.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\o0fbvmfi.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3421.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9F4DC90EA7584EB0B59CA954B7D106A.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\lhozsadd.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES34CD.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc837E7413D9D3494E92B69D6FA33FADC.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\bxipftim.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3579.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7C79A7607E83430DAC3FBDC5B3BD90.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\btq1he0w.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES35F6.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc825A8C44EAD64DE98470A78CA81C29C3.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mmtqqww5.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3692.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc299E980FB7424A74A54BA4E449C394.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ocalscpk.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES371F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcFA0ED97565844AA699FF39615C7AD978.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\8hlrcfsn.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES37AB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB23C433C95824A129925B49C7A989A67.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\1ul71xay.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3857.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc83FC7A7813CE40759BBED1276D237F0.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\peaavrgr.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES38E4.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8BD2107050B84EB88C3AD56A9BF1C8B3.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tfoh0s-m.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3961.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4A969CE76D94C289F505BDC6FC8972F.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\j1ser8vx.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES39FD.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8F4FC91CBC34758ACED33E931D993A4.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mstdvrpj.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3A7A.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8F769A91B5B426B8B6D1D6C97B99A6.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\btitgjpj.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3AE7.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc512EE72E56784136B44A6BC5E9F339CE.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\n9ugbegu.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3B74.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc3E12EACE58014624BE4778106E5C4D58.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\yqsa3iwg.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3BE1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc700D231E2E8C45F0AEB8EE34239EA843.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tekmkrve.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3C3F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2CC85F3C95E94435BF122C7C4A51A92.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\cmf_pyei.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3CDB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc593E300B8584D1B8E779EFE69C44A64.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\bdkpfed_.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3D49.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4CA34CE0B30E4D45BD87A6A73A787432.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\znkdlorn.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3DC6.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc6334D288CB3742C6BE3399BEF71C524F.TMP"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\c6meqp5o.cmdline"
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3E43.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD1B5378E144C4DFB88B978733DEDE7D0.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\m5opz2x0.cmdline"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3ECF.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc12B090242B5D4C208D7C1E8139546E14.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\rsthz5ua.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3F7B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc390B5786A4E446D88FCE87D242D32EBB.TMP"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\4wzbeomo.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE57F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD8CD03E815D44724822DB7B4A87C3B3A.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\w9w1cyn7.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE5ED.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcF9C75948CE145479D86B1608BB637DB.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ua-pj1l2.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE66A.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc17A97232CC3D49F7811C52A371A386.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\o7erc18g.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE6D7.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA3B8949CE4F407A9BE42FE8477355.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\kg4aoviq.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE773.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc69AD56439B15435A87547961AB47335.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\3onulwxo.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE81F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA60E525133EF4D339826749271A41FF.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\wclilkmq.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE89C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcF5AE67AA2AAD4C1593EB877A229242C3.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zcwgnktx.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE919.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc36064302E47541D9B3BB54ECA2227D76.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\_ttrw5c2.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE986.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9533D1C19E3A4FAEA5B34292452F39B.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\murp51v0.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEA03.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc316D1C839BC6472FA3CC695E67B995C.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\nebrubdu.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEA90.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcFAB24E1D0CF40EDBCA1275C8BE9BF7.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\2v6kkw2y.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEB1D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc523530784EB4254A21A6C7FB58C5CB0.TMP"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | papers-please.en.softonic.com | udp |
| US | 151.101.65.91:443 | papers-please.en.softonic.com | tcp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 151.101.65.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.65.91:443 | sc.sftcdn.net | tcp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| FR | 3.160.188.50:443 | sdk.privacy-center.org | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 13.107.21.237:443 | bat.bing.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | tcp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | tcp |
| US | 151.101.65.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.213.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.188.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.179.250.142.in-addr.arpa | udp |
| US | 151.101.1.91:443 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| NL | 142.250.179.142:443 | syndicatedsearch.goog | tcp |
| NL | 142.250.179.162:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 99.86.72.203:443 | www.datadoghq-browser-agent.com | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | 17.97.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.72.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | di-images.sftcdn.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| GB | 52.84.90.40:443 | config.aps.amazon-adsystem.com | tcp |
| NL | 142.250.179.219:443 | storage.googleapis.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | cdn.btmessage.com | udp |
| US | 104.26.7.141:443 | cdn.btmessage.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | api.btmessage.com | udp |
| US | 8.8.8.8:53 | notix.io | udp |
| US | 151.101.65.91:443 | di-images.sftcdn.net | udp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 151.64.8.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.90.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| GB | 108.138.233.47:443 | api.privacy-center.org | tcp |
| US | 8.8.8.8:53 | e78d09934c16fb95f85b774dc4f682c7.safeframe.googlesyndication.com | udp |
| NL | 142.250.179.142:443 | syndicatedsearch.goog | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.193:443 | e78d09934c16fb95f85b774dc4f682c7.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | wct.softonic.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| FR | 204.246.175.43:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 172.67.74.173:443 | wct.softonic.com | tcp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| IE | 34.246.245.91:443 | ap.lijit.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 8.8.8.8:53 | brightcombid.marphezis.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| IE | 54.171.44.102:443 | ad.360yield.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 188.166.203.175:443 | brightcombid.marphezis.com | tcp |
| IE | 63.32.135.176:443 | id.crwdcntrl.net | tcp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| GB | 18.245.143.100:443 | tags.crwdcntrl.net | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | tcp |
| NL | 172.217.168.195:443 | www.google.co.uk | tcp |
| NL | 172.217.168.195:443 | www.google.co.uk | tcp |
| NL | 172.217.168.195:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| NL | 142.250.179.174:443 | ampcid.google.com | tcp |
| FR | 178.250.7.13:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 172.67.74.173:443 | wct.softonic.com | tcp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 47.233.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.175.246.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.245.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.44.171.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.139.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.203.166.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.135.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| NL | 185.235.87.1:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.211:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | 1.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 67.220.228.201:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 129.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.228.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| FR | 23.57.6.8:443 | contextual.media.net | tcp |
| DE | 162.55.236.225:443 | sync.richaudience.com | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| FR | 23.57.5.102:443 | ads.pubmatic.com | tcp |
| FR | 23.57.4.32:443 | acdn.adnxs.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| DE | 162.55.236.225:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 54.205.209.85:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| GB | 2.18.190.83:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.6.57.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.5.57.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.4.57.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.236.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.209.205.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| FR | 51.178.195.213:443 | ssbsync.smartadserver.com | tcp |
| DE | 37.252.171.21:443 | secure.adnxs.com | tcp |
| DE | 37.252.171.21:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| IE | 52.18.22.137:443 | match.prod.bidr.io | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 54.243.109.106:443 | api-2-0.spot.im | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 52.86.169.207:443 | sync.srv.stackadapt.com | tcp |
| IE | 52.215.143.104:443 | jadserve.postrelease.com | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| US | 8.8.8.8:53 | tracker.open-adsyield.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 172.111.38.111:443 | tracker.open-adsyield.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | equativ-match.dotomi.com | udp |
| DK | 37.157.5.84:443 | c1.adform.net | tcp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| NL | 63.215.202.140:443 | equativ-match.dotomi.com | tcp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| FR | 54.230.112.35:443 | s.ad.smaato.net | tcp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 172.67.40.173:443 | spl.zeotap.com | tcp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| NL | 172.217.23.194:443 | cm.g.doubleclick.net | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| NL | 81.17.55.170:443 | ssbsync-global.smartadserver.com | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | 83.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.195.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.22.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.109.243.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.143.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.169.86.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.38.111.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.5.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.197.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.112.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.40.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| NL | 172.217.23.194:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| FR | 23.65.202.55:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 52.46.151.131:443 | s.amazon-adsystem.com | tcp |
| FR | 23.57.5.90:443 | eus.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 8.8.8.8:53 | 170.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.202.65.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.5.57.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.151.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.108.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 157.240.27.27:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | csm.fr3.eu.criteo.net | udp |
| FR | 178.250.7.17:443 | csm.fr3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | 1ea22d09150c15e5eadbc80f2646ee90.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 27.27.240.157.in-addr.arpa | udp |
| NL | 172.217.168.195:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| US | 8.8.8.8:53 | 35.214.240.157.in-addr.arpa | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| IE | 108.128.116.23:443 | ce.lijit.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| IE | 52.18.22.137:443 | match.prod.bidr.io | tcp |
| US | 52.86.169.207:443 | sync.srv.stackadapt.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | www.instant-gaming.com | udp |
| US | 104.18.4.124:443 | www.instant-gaming.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 23.116.128.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.4.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gaming-cdn.com | udp |
| US | 104.18.15.72:443 | gaming-cdn.com | tcp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 104.18.15.72:443 | gaming-cdn.com | tcp |
| US | 104.18.15.72:443 | gaming-cdn.com | tcp |
| US | 104.18.15.72:443 | gaming-cdn.com | tcp |
| US | 104.18.15.72:443 | gaming-cdn.com | tcp |
| US | 104.18.15.72:443 | gaming-cdn.com | tcp |
| US | 104.18.15.72:443 | gaming-cdn.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| FR | 3.160.196.92:443 | widget.trustpilot.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | player.vimeo.com | udp |
| US | 162.159.128.61:443 | player.vimeo.com | tcp |
| US | 8.8.8.8:53 | 72.15.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.196.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fresnel.vimeocdn.com | udp |
| US | 8.8.8.8:53 | f.vimeocdn.com | udp |
| US | 8.8.8.8:53 | i.vimeocdn.com | udp |
| US | 151.101.0.217:443 | i.vimeocdn.com | tcp |
| US | 34.120.202.204:443 | fresnel.vimeocdn.com | tcp |
| FR | 199.232.170.109:443 | f.vimeocdn.com | tcp |
| FR | 199.232.170.109:443 | f.vimeocdn.com | tcp |
| FR | 199.232.170.109:443 | f.vimeocdn.com | tcp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 217.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.202.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.170.232.199.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | bam.nr-data.net | udp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | 71985a2952be9a687555fb93c0fd8163.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | js.adscale.de | udp |
| FR | 18.161.111.66:443 | js.adscale.de | tcp |
| US | 8.8.8.8:53 | 39.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.111.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ih.adscale.de | udp |
| DE | 3.127.163.222:443 | ih.adscale.de | tcp |
| FR | 178.250.7.13:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 185.235.87.1:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.211:443 | gem.gbc.criteo.com | tcp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| US | 8.8.8.8:53 | 222.163.127.3.in-addr.arpa | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | udp |
| US | 104.18.6.198:443 | cd.connatix.com | tcp |
| US | 8.8.8.8:53 | prs.sftcdn.net | udp |
| US | 8.8.8.8:53 | cds.connatix.com | udp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| DE | 178.63.248.57:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | 198.6.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.248.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| DE | 157.90.33.68:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | ins.connatix.com | udp |
| DE | 157.90.33.68:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | lit.connatix.com | udp |
| US | 8.8.8.8:53 | vid.connatix.com | udp |
| US | 8.8.8.8:53 | 68.33.90.157.in-addr.arpa | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| IE | 52.18.22.137:443 | match.prod.bidr.io | tcp |
| US | 52.86.169.207:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | img.connatix.com | udp |
| NL | 172.217.23.202:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | kps2yp94aqw5yi5d2.ay.delivery | udp |
| US | 104.21.41.177:443 | kps2yp94aqw5yi5d2.ay.delivery | tcp |
| NL | 172.217.23.202:443 | imasdk.googleapis.com | udp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| NL | 142.251.39.102:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | 202.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.41.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| NL | 216.58.208.98:443 | pubads.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| FR | 178.32.197.57:443 | rtb-csync.smartadserver.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 142.251.16.120:443 | csi.gstatic.com | tcp |
| US | 142.251.16.120:443 | csi.gstatic.com | tcp |
| NL | 216.58.208.98:443 | pubads.g.doubleclick.net | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 98.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.16.251.142.in-addr.arpa | udp |
| US | 142.251.16.120:443 | csi.gstatic.com | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| FR | 5.196.111.73:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 73.111.196.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| FR | 5.196.111.73:443 | rtb-csync.smartadserver.com | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | vod-adaptive-ak.vimeocdn.com | udp |
| GB | 2.18.190.78:443 | vod-adaptive-ak.vimeocdn.com | tcp |
| GB | 2.18.190.78:443 | vod-adaptive-ak.vimeocdn.com | tcp |
| US | 34.120.202.204:443 | fresnel.vimeocdn.com | udp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 8.8.8.8:53 | 78.190.18.2.in-addr.arpa | udp |
| SE | 2.22.31.152:443 | www.bing.com | tcp |
| SE | 2.22.31.152:443 | www.bing.com | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 8.8.8.8:53 | 152.31.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| SE | 23.3.91.165:443 | th.bing.com | tcp |
| SE | 23.3.91.165:443 | th.bing.com | tcp |
| SE | 23.3.91.165:443 | th.bing.com | tcp |
| SE | 23.3.91.165:443 | th.bing.com | tcp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | 165.91.3.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| SE | 40.126.53.17:443 | login.microsoftonline.com | tcp |
| SE | 40.126.53.17:443 | login.microsoftonline.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 17.53.126.40.in-addr.arpa | udp |
| FR | 5.196.111.73:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.18.190.145:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 145.190.18.2.in-addr.arpa | udp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | s.richaudience.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| DE | 46.4.139.58:443 | s.richaudience.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 3.22.30.40:19521 | 0.tcp.ngrok.io | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.18.190.145:443 | aefd.nelreports.net | udp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:19521 | 0.tcp.ngrok.io | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_1112_QOYLOZRIGKZRMLUM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6120868b7627eac6efee3b7dd0b900d0 |
| SHA1 | b30ca57c2a3ef5d83084daacbbba28165d7f557e |
| SHA256 | 6e6c3c3669a61bfffc57e517834d0d586c2e73e0c20aa1b4122a259a1cc6539d |
| SHA512 | fbee98b3d3dd4e6b7f2f2f8f25a776aa3470228678e3812c0e43f185097f3bb73578a2fd9da2d66c3cf2e7ca4209d709dd6e7748f7fb2fac95042f31a0cf34a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | 3e552d017d45f8fd93b94cfc86f842f2 |
| SHA1 | dbeebe83854328e2575ff67259e3fb6704b17a47 |
| SHA256 | 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6 |
| SHA512 | e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 216c26fe5e733d91ebe9aada72893a71 |
| SHA1 | 4292b20f3ea6c258f7f54405d2a6464aa178cb45 |
| SHA256 | 9fd219a860676eebb9769a004e17c256d7cf376148bfadcf7f7f6e2f2f3829cd |
| SHA512 | d40976df17f25648549ac9152c45894e7cbb10d29ccf24b732fa3c599c01f0e9b78034b11338269c28816d660a2a23d1d511d44b6a1a06b81de1fe73f5c9cb37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 401c1ae0b6d9dd2e57da1c76afc61d4a |
| SHA1 | 72559f3a526f770dae7102b516e6721114f65fc4 |
| SHA256 | e135215e8546a2723ef6381fd06a2b35843906fc38d904034f7d84e2116a9fad |
| SHA512 | 06b0b354db4d5f03a43115fcc1df88e682113f0f9013df8950961454e2be348d27b75e39fe1cfa910beb165f642df33800a508cd487251b2185bc0bc6f26839e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 6931123c52bee278b00ee54ae99f0ead |
| SHA1 | 6907e9544cd8b24f602d0a623cfe32fe9426f81f |
| SHA256 | c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935 |
| SHA512 | 40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a19544dd8e5e4b2_0
| MD5 | de25a2d4dd88a27cf53c4f5a53a0b735 |
| SHA1 | 88610a018f79e646bd2ce085f511cad66bc313ad |
| SHA256 | 1d7ae59997278e07a270d493bd18e7c7b1b6e704cd44ff2ce015939c63e7e8be |
| SHA512 | c3e2151a1868325731d6944b492bb17fd721eddb55e723f57038e5f1c28811ae7a413a712da9c2a58000387dd432004d85ce9855178667a97399e6db2d7e8af3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 0800f316866f3b20e5443bf0b6c133a2 |
| SHA1 | 0c26d720ec1078b683068d5586b3a204ec118bba |
| SHA256 | 8bf6fdda34cb70a0e5abb753af6440a64d37ed2fee81ab1d9c478f7d77aff84e |
| SHA512 | 84d9961ef0b3890094c0809750708d57ab23a9e21f76fbddae37fe04443b44c693dd087e51ed06e5ea2900f1fa7f2bda76f8991d3f8396dacfaf923438e48d75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cb8aa1d6e4ecf0e1_0
| MD5 | b1133f1cf1de13ef688d970721612c14 |
| SHA1 | ae41e2e3b46a20c382ad90e2ac53752cb1ed7ef5 |
| SHA256 | b039f27ffd9b0d5ab1af1b6e4469e0c7bef0ff55f9bdd007b3a65d26ce7ee314 |
| SHA512 | b1ec27b398c85f0f33fb0fc7ca0b08e4a1d539d1eda8d60e5ba3afd25400c868c3febfb7a0a7b909b4199f9c433e03fd8df70f2f374e3f22b9fa682702d1d577 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 7cdacd214f7eaa30897765a989a4d96e |
| SHA1 | aaa6372dc510564392b5c149d0b04edf5deef48f |
| SHA256 | e238fdd1a3724b4cbb5d862fe771264a5352bbaf8aee2c85bfac8242b5940034 |
| SHA512 | 5bd53f1db2c30781cabeab73672ef6bb61d3d40b8c37bf42414ab7ae001918eb897545cfa88d7fc2e936a2b9f5e5b276613f4b5ffb96d71a7032ba3cbb7bfe8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 67e30bbc30fa4e58ef6c33781b4e835c |
| SHA1 | 18125beb2b3f1a747f39ed999ff0edd5a52980ee |
| SHA256 | 1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba |
| SHA512 | 271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 1f28801aaa01f8c1cc2f87e66344e8ad |
| SHA1 | 366e6a11383b097ddbbd560b967074f1b0dc4f8f |
| SHA256 | 0b110f0ac15be93f4bb2272d6c0bf858d4b1fb555663924d19f39a4525b88a52 |
| SHA512 | 0160a192703bf11d0ef36f1d74cff79890befb6e4dc83ba77335eba8d1167eb395feb671f54a45bf7789eec6544c35e24891b6d9132d88879b01d35d5acba0cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | c175a1acfddf2d267654a2cfc96fc395 |
| SHA1 | bcf7d36bc18066ce96332ca69c754f4dd32467f9 |
| SHA256 | f55d1cb1115cdc60d92a99b2666254b4fc73ec80ce2de6cc208f6230a3b54288 |
| SHA512 | 628cac38cf2f49abe25af82f96c980a8e3bea8522b543ffaf78d32c8fca933ad39f21153e2c710dda9a89dc695ec2f801fccb93e56dbd82dd7a9ff77978b93b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | d4f79c8b71f5a580bd6b2cfb715fb8a8 |
| SHA1 | 1f302524b5bdb5248e4f760eaba906321ac0bc7e |
| SHA256 | 8f8aa1da551f73e067ab2f6258842bca9f60874b9d3ca4ce799d96bfac17e60b |
| SHA512 | df8896e8fffe9dcdce4b133850b35ee4d5771bd8bcc2d04d95182026b3e0c1214683f76d42da80e3115096bc9e66d7fb8afa002b21b40c5381d849d40307477f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 4804ed3fd76930d8cfd481e8c692cb56 |
| SHA1 | f736a301068c4ffbf70c541a89c53779f771e875 |
| SHA256 | 311a12f8a9b86f2770786d33ff69fea935958d8b8b5fd6d3ea8d76ac8eb456f3 |
| SHA512 | 41a770ccbf60f15582ba8e830495f3e2f08ec9bd777dc111a8f03abb0be58deffe2f061ff566d0ad875e30205324e4786ab1732141fcff2a8c8608330da0914f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 7651b1187bb58ac4c7be625337b35e5b |
| SHA1 | 307d969ef4137a66fe2793737dc1c546587c7f43 |
| SHA256 | 0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968 |
| SHA512 | a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d2182d73d88fb77fe3d77e786b58ea30 |
| SHA1 | 52ebd5f3057c275b6a239a8a8aa4c470606f2081 |
| SHA256 | 0b70542cd4a7285f479aa9e746e993c2ee3f293617cf69db77195ef69106d3aa |
| SHA512 | 834c00be8363b0d3c93b7e92f2ed398743c33e3e03febf1bf2337917f042e0bffcc49a37388748890977af841b4b5a573b10a24ffd1f07fa21f8772369a0d585 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f663c6935b98ba77712998fdceef73e5 |
| SHA1 | 7d73b78d7807a217a1cff336f90593a92839d33d |
| SHA256 | 2fb3d66b8eaa5eb871e50008faa1f378ac82257bd6bc68605cf8f5bffa471af8 |
| SHA512 | 706a7416c7d0e8e8c4145fb07b874471ce2e8053a5ac6cc7e605c84310cab141e511ba60456acab644308690d483cc61cc09cf19c2a184c4f355cd3180a95ba8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58117f.TMP
| MD5 | 482e5a89af66814e7b021a091bf289b8 |
| SHA1 | 2c5fa1754b93559aa9ba3efc540e24b83213ab18 |
| SHA256 | 65c58a21db894649fdc43e29ac09c01ae36d56c657fe63d813a956bb9b874ecc |
| SHA512 | ac095d1024e17fb6b3fae2ce95d08a5cedfec07a8c0f30b2ddbcd7e18af7cf7be2d04dbe46b1f2fc7f3eae92504fc2b6172915cd26d38c5a4404cfd6a5875848 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 010966f1a7a2d91055444a2388217c70 |
| SHA1 | 2182189e92e5af47929fda40e1f9e4c3ed8a0bea |
| SHA256 | 63dc95b8beb2854e2eccb6408b0131a4076a8ac001f6f32c4235ef9d7f5f1542 |
| SHA512 | 4bb4dd03dc1c9ad3464e5a4dae9f3df3e8d1051f78bf05daf678c62b171cbc8575facfc8ba2f774f5f79edc278077b6b50d2c28cdb1abd40131fafc062fa3d01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 48088bfadab03e26f9c26b67c17c67f9 |
| SHA1 | a34e4ad3237bb344327246425f3ca1bcead96ba6 |
| SHA256 | fe1c8489eaf41a0afc7282d2592131030dbd82f7c1bce0b245c6f619799b41b7 |
| SHA512 | c6d531ae42e980fdd5d6aa42855912925b6ee6ead1f5b2e1e9db1809c3fab6ac117526ba2ff8a16b3d5fab97915f5496e9eaddf98f93d4f6bc7869e718b3c787 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 8d35e5a431f4c2dbc25de5c812df8381 |
| SHA1 | 2904985721547092012996115401e49362898ea7 |
| SHA256 | b70ad694d25e7585319a62a094a2e21f5d2195fdcf1b09fabd444a3045499357 |
| SHA512 | 25155aff6d250435f3def7d8878690d79aea9c5ba98910fb70c7506ec241d860185cd80d564b5060aee4597d8de55306fcfea353da1a348277e043038df826a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 10a8a83c6230c12a4890329a352f3617 |
| SHA1 | 6e3aa832e17bea6716802ee1ce873271349251a1 |
| SHA256 | 3876ec1287afebfe3ade64a0fc5d75b99a2273b37c90309cb0b5ef4b056bc1b4 |
| SHA512 | 49dd17a22eabc653394aa5a6c4eaf28d3d61cec7b7f835555d72a47b75d4983a98b0dcfd15abe426b83c29ccc6df062a46d972a66656872ae43b82286d3f859c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | c7fc68db8eb2e60b41d9eafae56791a4 |
| SHA1 | c95e84a84dd4acc219414dd0a6571dbd21cb8ce4 |
| SHA256 | 130450207e896ed768c4e7ad7f889844fd4cdfa634b981ab837e3626cacc7601 |
| SHA512 | fa0478f2894f8e9d691947d890c781a1440f1468b50c2691cedd293e4f6d6cb21dff2a3d5ad42e966bf719a6bcc047bec3427a5af21b2671fc8d59363252c9c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 8be102e2c9ff27f0c1ad9d93138522f0 |
| SHA1 | 2e9233646304b9cb72f73b09d1e89fdef1d7369c |
| SHA256 | dd46a083bd9e98443f97cf9129cf8d4d782deac0c28e1f7b4a65df000f9e164f |
| SHA512 | e3a570317c4c770a9feff907a7386e5db454ca356ef974a8a141241c4bd24a989fdefca76bc01934768e3ab05ccced4da01a34f3c81d1b41c224b200cfd058a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 42e84ebcf5470237abd1f9e322b751fe |
| SHA1 | a828a45804554507d9e8521c36109e8bc3d5eca2 |
| SHA256 | a9fc7baee3689f0331e46617f60d6e7c3ed631209b7211e7dd09cf20d22a64c1 |
| SHA512 | 36606d42aee5689819dedf221af3c6c0da06aeb9997b9ce84b42db42ab80a0926352219f1e47f2287dcc850fcc96e4eefd5e487e09e1f1228102eced11271e25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 46e6043b3a70e5986f0b72a748d9e3e2 |
| SHA1 | 5d3ac460401a49fb84286e0f8b9edf6167530fa6 |
| SHA256 | 171b12a8c0900d5f0d9e700eb668c02f167ad6f7adce4b9c36201ee10aeae005 |
| SHA512 | c0f875ed0d9e05a7439ac9d160edf59ed3b1b384b87dca5b75de3ba11a47a94d543f108ee60aaf421c965c0635408003535795e0f6601afdef4010d982724385 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | ed6f3488a52d280647a945c2246fffed |
| SHA1 | 0886f5cc792b3e6871e518d4508cb9ee596291be |
| SHA256 | 23c4e914250fa50d586f63ea933645e6d371883236b1ef0584b7716a31eee09a |
| SHA512 | 20121497af10f067992a1bfe44e1177656b04b6b2315373d9ae094992c7062d4b579155b4e508b7c466a5d17ea5e16eb63258174fc33a62090c704e28389d041 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 66ea1c6bf26309f295083e8ffb5f6d2f |
| SHA1 | e48a9abc7cc21f755acf9150ee6b3e9f741226f4 |
| SHA256 | 7b6b7a436f160f8ccefbda751fc1e122e9a1c61fb75eec400159c999f3a4e1ff |
| SHA512 | 8d8e25f27532e16de0b5e08ddec7bc1b04d6fa3729c4fbc4a3ce23707dd9718b73c37cb3859889c41aed78cbb7c815159b9481ae7d496a4c375e96a1f042d57b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cb8aa1d6e4ecf0e1_0
| MD5 | a22c3a33a76abc6ddc014107f18df6b0 |
| SHA1 | 689f46f4ab16407129cb5a0e7b2be4ad5ff3d739 |
| SHA256 | 75045ea030d515749de3896ad951d15631eab7f46cbfc0ee9bfc56b23ea65a62 |
| SHA512 | 7cd62c754cf7ebc5fc22861b82fecdef673c25cc3cdba33588ef75a0600ea7d4613fe047888199e4d77ae4cab050081c78602d8d962ef4a21cc498db8d9bb10d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 8eff0b8045fd1959e117f85654ae7770 |
| SHA1 | 227fee13ceb7c410b5c0bb8000258b6643cb6255 |
| SHA256 | 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571 |
| SHA512 | 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 9c6b5ce6b3452e98573e6409c34dd73c |
| SHA1 | de607fadef62e36945a409a838eb8fc36d819b42 |
| SHA256 | cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc |
| SHA512 | 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e05eba8c1f7ba55c_0
| MD5 | d3e9142eb08e3c4517c9a85e7b1c278b |
| SHA1 | 56cf8f49235b104a3042de5bdc04a97b9d2fd9e8 |
| SHA256 | 22f3194285e32d617170b356458ccce212dd7c8d3f3f386c6596fb766e77cbba |
| SHA512 | 6e6bcc470e5823bfcc170ae72da2b8ef70aa6fd802c4e6224da634b25b690d6080fb1cc0b6cf983a509f036065cec3467341e20a474dfde7e4e412dd29f1f01a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d2d211d3487b95ce1e33a01f8ad7ea7c |
| SHA1 | b62846a2148ead8612b6c1f0e615d0acf5ada526 |
| SHA256 | ba7889d89fa7f430d30910548d6e48b15034e43bf9b784afe33fb486f3b442f2 |
| SHA512 | d468a94f178f8a4b66bce2fad4e217be6ecb098729c9b0073b381492798b9d510e1991d54ac0d0f965be549b77965b9ec085c93ad02a5cc91ed3e75698cf2f2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 98b2f5c77c11a74994ac450055cb8560 |
| SHA1 | 0a2ec2295b23cba6d25cc6f8f5d7b7b5fab7496c |
| SHA256 | ec09e612516aacb06edb8e6ee09e723febb6770a8494b82af4aa593c34ffd28c |
| SHA512 | 9fb4d5f088cb522b03920781ac3f2fd7ba3a9e5c55c08a29b2d789a12ec7e470e2e2f574c3327492a46d0aa2640085b88a6b5669787db89ab5f9a48381431a66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ce571d972523225b673c1db25d2b5aa |
| SHA1 | a85b54bbaff919a6657185ffcc72063355bb6bd0 |
| SHA256 | 1a93e7ef45e7468f216885ddfee70be4f22c83db00b32277af6ef5ea0e3763fc |
| SHA512 | 1c9fb8b133c1981c16a9e1b1d5aa3520238e2f2a45c0470955d0adc6a9c4520fe4a983884908306737f0def8165afcf3bb4de3da39d856b1aabfe65ced8cb8cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | be75757afb4b428e70f8550d19f64d80 |
| SHA1 | e9a1c55ff9a8cd1907bf6a5696cb0c70fa4f883b |
| SHA256 | 3c888fb84b0ef2533ea50bf795a7fe564bb40a1bcf440045356b68f8079c043c |
| SHA512 | b5efa43df9d09925d675ed1c82e085c4b8fb97d3db8b1c9e45b7bf2752f0d937a1d9f49a17e12038cff2dcc65208028aca3b490511d2c6d9b3450546f74746cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 005769e0b36fe19ea9c0fc6fc4e5398f |
| SHA1 | 76176e85aed69bd76f01917ce9e592ded338b898 |
| SHA256 | 5c030c26f46966c2ccd8e4ce2eaf6cf0c680204e8ba8c0cc6ab26b807b42fa81 |
| SHA512 | 3b8cf8db302494fce4c39ca8c5de702ed69dc3de6ccb511809fb11b9b3bde55d9321ede26ee1d87b7ef34cf9cc609aab24fe0cacf4bb2e10bae3dcc41c41c806 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 572dba2eb1940ad33cfe14996a814cb8 |
| SHA1 | b8585a28852c9c18cf794b75f97f37af6c717521 |
| SHA256 | 19e68bf20797dd1669109c9dbb838b94b29c0ab00a8f85fd0df0cc0e037d7b06 |
| SHA512 | ddf9cab3f42e82665a522f8f744b911cfe8012ac795c2b25d88ceeee65a7685df3e393244e73ce0c06816be8bbe9250f2d7523a8beabe6eb8bb5feed4b80c889 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f871c315ee672216dbd9bab677ed26eb |
| SHA1 | ccb8aa163191c8d00ca15fe4d1c3c4c516b90b78 |
| SHA256 | 8779e2f1ebc7de1670b7f3e0c521e0155030d9b6c9212c63542452696ba78271 |
| SHA512 | 0eb39033d41e38e901737c213ee151bdfbe9280602b34a16e2c116ce73f1d9169a3bcd3dcdb288ffc8c57a26e00705066c1ca54bf17e8889428d1d8d50e680c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8e0cdcecc12c0b16d8e67d36af6141e6 |
| SHA1 | d4002efbdeea2cce4e065095f1b81b07f7226cbc |
| SHA256 | cd3d4940d5048d586e229a03c9da7c2a6fad92d852e75c1ef1b5923203e473c6 |
| SHA512 | 525a67497702cc0c51c21b168ceaad966f2c24966cb5890776f08066a922f4429d75e3cca7c183e8e5ea268f0b9304e0feb498d33966440a9057d43710f7fd73 |
C:\Users\Admin\Downloads\Unconfirmed 279720.crdownload
| MD5 | 1d9045870dbd31e2e399a4e8ecd9302f |
| SHA1 | 7857c1ebfd1b37756d106027ed03121d8e7887cf |
| SHA256 | 9b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885 |
| SHA512 | 9419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3ba1faf0a71bb32955fe4152bcce6d06 |
| SHA1 | 3f702081eb5a3a9014a33168fe680a2fcdf2fce5 |
| SHA256 | 56763d8334640adf7a6f79c26ce7b2f9271424c0df067f981531d5bda36c56c6 |
| SHA512 | c6062ebf7b7868fcfdb519a0b249fd35d6535585e5d8cf2d4522d4b4ce89c688fa962c5025bc9404c91ae90f4b3747663e3363cc439c310aa939dc3cca5c0f95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ed1b1345935e74c2f5e7bcc153456602 |
| SHA1 | 3571e30aa3e194d3ea6aefd6dda6281a2adfaa23 |
| SHA256 | b72ea23d14c7d387dfa42342d0b773b11d36d7933de3bff4bd35ef4754e53b0c |
| SHA512 | fc6328b99e3585737a74e5ccbc4eaf18f8e98e1c59f29f3930b07ccead794246a04757e993da2428f56645c76ee3a0a89b1e16b91b3c8570547ec3ef96bf064d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | babd5a2eb8cf4d00ead4feabafa91d2f |
| SHA1 | 15294e7b7b40bcea0dbaf4c77cdec93f6f37d517 |
| SHA256 | 8c56af92608687f4601bda23d23262ed68641cb9b0a481722131336ca04c2251 |
| SHA512 | 189c3a26454e5d7dfc361a8cc23ca635677d8657cdab410414c679aed47bde873c0779ec050037b4adc129c813914a02a1f9fc251017fe4117d6e0793c21feff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f967138de260cba97eb6a87ac20fcdf1 |
| SHA1 | c5868da5383ebe0c0e7366d14c81e577783f88f5 |
| SHA256 | 97652bad1eaa1b8b73d76d5d44f1a3b8cdf7c9aa447c720505d4bf92ac186a82 |
| SHA512 | 89abafaefa3e0666e236846e144afdd4fe1c8bbdc6b4b0fc42225584d4b60ddcc1fc6fb8f90c9a0d00f94b86763ec7dbabffd77bada2c45cb43957739ea81ca4 |
C:\Users\Admin\Downloads\Unconfirmed 606826.crdownload
| MD5 | 5c7fb0927db37372da25f270708103a2 |
| SHA1 | 120ed9279d85cbfa56e5b7779ffa7162074f7a29 |
| SHA256 | be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844 |
| SHA512 | a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4db03bb2a2b08f13003aaabc55c093d4 |
| SHA1 | 010cecbf85334191270178682f85ffd3e3bea75f |
| SHA256 | 06a2c537b043ac26d69f4f1e366ef77187b05ab081c435920801a4999b37b85a |
| SHA512 | c82b43f6fbbfab1883641d595eae937174022655a68c7834a9ccb8003778baafcc194c39fafae91b95b0773872bc25e644ba688d31c107486c44cd3aca2dadaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4126e05440f2d7c2140a673d63448d9b |
| SHA1 | 66bac887d4575e5f9bde4776b7ce6ace3b7de878 |
| SHA256 | 8eeb85f6da9e955e9c674d059ca2da5a373e3e899dbc31036053c3ae7509cc7f |
| SHA512 | f98c8dbab843af4171d7ed808f37ec9a36ff399b1172e33136c118ebf4fd6b2998c30b033d6f9275c06e118727af9bf8f4a1ca536ac8ed8aa0ac31adc1f22278 |
memory/2720-1495-0x000000001B9D0000-0x000000001BE9E000-memory.dmp
memory/2720-1496-0x000000001BF50000-0x000000001BFF6000-memory.dmp
memory/2720-1497-0x000000001C0F0000-0x000000001C152000-memory.dmp
memory/3428-1499-0x0000000000400000-0x0000000000420000-memory.dmp
memory/6168-1500-0x0000000000400000-0x000000000040C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4eb488780a97b62b19f0b4031540bf6c |
| SHA1 | 844282be0d74629cd27f8934a19ce3c6d9ed8310 |
| SHA256 | 53f46697831c0a4ed6bf9e0c0f886f3f34ebbd3a6f4f1d2d5157a38a06baa2c8 |
| SHA512 | 85998c1f9d2460bbbf6a09e731813df11531f4c5b1738204c82ecadc0b83e8393e11a41d79d9f019f15411e50ac3bd6e2e32e2e8d25d8eae3f79a3a43242b138 |
memory/5700-1535-0x0000000010000000-0x0000000010012000-memory.dmp
C:\Users\Admin\Downloads\u.wry
| MD5 | cf1416074cd7791ab80a18f9e7e219d9 |
| SHA1 | 276d2ec82c518d887a8a3608e51c56fa28716ded |
| SHA256 | 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df |
| SHA512 | 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5 |
C:\Users\Admin\Downloads\!Please Read Me!.txt
| MD5 | afa18cf4aa2660392111763fb93a8c3d |
| SHA1 | c219a3654a5f41ce535a09f2a188a464c3f5baf5 |
| SHA256 | 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0 |
| SHA512 | 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b |
C:\Recovery\WindowsRE\!WannaDecryptor!.exe.lnk
| MD5 | d65839197b000441fb7d54ffc45f98cb |
| SHA1 | 8f9cbf8e183e8e5b1092fe8ff9919ffc81d2adf1 |
| SHA256 | f3fcb6945a8489248aac376e574382c999e98b8b5487a25892bc6afbdcffb4b9 |
| SHA512 | 4195d2ec7de6b44f967c2eee1f22cab210513e72ab8a4f9a95d0492ca2e877ed0df7123a519581136a8155720021429a4092b6b92cbb6a5ca26b7bc2c029de95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 64e5e51f9f6e79eb6cd22ab79d4037c9 |
| SHA1 | 58b2fb7df3b951977737e985b31ac8a36a5f3b9c |
| SHA256 | 3da14250757821051ab4418e5043ea225f4fcb99f44ded5595c533e8232dcf25 |
| SHA512 | 3b18c59e85f7f17c7820128476f15d30f9db0faa0e807eb1b8b9d2d0a043df7b5809a494265aa65f85192e097a097169199db4d4803b9bf376c7cecd9f18b70d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8c9cd4d21bf96bfa2a80bd4ac5e40643 |
| SHA1 | 3ad7030b06c6d3875283038e19e10a35946198d7 |
| SHA256 | aa23d9fc6f876161c177ef702695ed3e128ebdde9d8169fb74f5be4b33fbed1d |
| SHA512 | a3d5ef7482ce902e1d8c7218c23d22871967ca5cbf1d8e4b300eab622f449a12e6c41d19a5074a34200fac51f0d6f71fdd6d8893802d8cb4e787be2dd31336c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bfe7a8d97722554b2508cf9a032ec945 |
| SHA1 | 5d0443e1e14f2748ac8a0546474f429cf23424f3 |
| SHA256 | 0aa2593a50ea5a2b6725a406037806cf3b2344a7970859e8bac3cae65cfb1a78 |
| SHA512 | dc8673de0c43b4d0b235f0ac15a09aa0efd4f1b4a58c0fc6c5cf829fca306a24ed0cb1ce02dfbfcb9e986d4cb821cb97310ab3e9820fbc382dfdca439ddbebd3 |
C:\ProgramData\svchost\vcredist2012_x86_1_vcRuntimeAdditional_x86.ico
| MD5 | fde1b01ca49aa70922404cdfcf32a643 |
| SHA1 | b0a2002c39a37a0ccaf219d42f1075471fd8b481 |
| SHA256 | 741fe085e34db44b7c8ae83288697fab1359b028411c45dab2a3ca8b9ea548a5 |
| SHA512 | b6b4af427069602e929c1a6ce9d88c4634f0927b7292efb4070d15fb40ce39fc5ce868452dcd5642b2864730502de7a4c33679c936beb1a86c26a753d3f4dc25 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
memory/988-3300-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp
memory/988-3301-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp
memory/988-3302-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp
memory/988-3312-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp
memory/988-3311-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp
memory/988-3310-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp
memory/988-3309-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp
memory/988-3308-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp
memory/988-3307-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp
memory/988-3306-0x000001FDFEB30000-0x000001FDFEB31000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vbcA3B8949CE4F407A9BE42FE8477355.TMP
| MD5 | 3906bddee0286f09007add3cffcaa5d5 |
| SHA1 | 0e7ec4da19db060ab3c90b19070d39699561aae2 |
| SHA256 | 0deb26dcfb2f74e666344c39bd16544fcaae1a950be704b1fd4e146e77b12c00 |
| SHA512 | 0a73de0e70211323d9a8469ec60042a6892426e30ad798a39864ba123c1905d6e22cb8458a446e2f45ec19cf0233fa18d90e5f87ec987b657a35e35a49fea3b0 |
C:\Users\Admin\AppData\Local\Temp\vbc69AD56439B15435A87547961AB47335.TMP
| MD5 | 85c61c03055878407f9433e0cc278eb7 |
| SHA1 | 15a60f1519aefb81cb63c5993400dd7d31b1202f |
| SHA256 | f0c9936a6fa84969548f9ffb4185b7380ceef7e8b17a3e7520e4acd1e369234b |
| SHA512 | 7099b06ac453208b8d7692882a76baceec3749d5e19abc1287783691a10c739210f6bdc3ee60592de8402ca0b9a864eb6613f77914b76aec1fc35157d0741756 |
C:\Users\Admin\AppData\Local\Temp\vbc36064302E47541D9B3BB54ECA2227D76.TMP
| MD5 | 47df494f2e559672edb5b0c34b15393d |
| SHA1 | 2629682a6b60cb29aead2ef985eb808f2a342a1e |
| SHA256 | 39ef23fa7819a8c04d23e206bcc619bbbec2ac19fe79545fccc358beba415d04 |
| SHA512 | 2a348b83eba04f9546c8d5f6e92f9fecb375cec03f52b3be70f1f911c68d651cef691d2e57be03b8401787065ae2096f1d09641ab7d072a5a8fac78817e87cf1 |
C:\Users\Admin\AppData\Local\Temp\vbc316D1C839BC6472FA3CC695E67B995C.TMP
| MD5 | dac60af34e6b37e2ce48ac2551aee4e7 |
| SHA1 | 968c21d77c1f80b3e962d928c35893dbc8f12c09 |
| SHA256 | 2edc4ef99552bd0fbc52d0792de6aaa85527621f5c56d0340d9a2963cbc9eed6 |
| SHA512 | 1f1badd87be7c366221eaa184ae9b9ae0593a793f37e3c1ce2d4669c83f06de470053550890ad6781b323b201a8b9d45a5e2df5b88e01c460df45278e1228084 |