Analysis Overview
SHA256
ec57fcc6c15b4b30a1a35365b0875442cba750c93bb31155bad4b589af35e102
Threat Level: Likely malicious
The file Dreem V3.1.zip was found to be: Likely malicious.
Malicious Activity Summary
Event Triggered Execution: Image File Execution Options Injection
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Event Triggered Execution: Component Object Model Hijacking
Checks whether UAC is enabled
Legitimate hosting services abused for malware hosting/C2
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Checks system information in the registry
Drops file in Program Files directory
Browser Information Discovery
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Command and Scripting Interpreter: JavaScript
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
NTFS ADS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-27 13:46
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral7
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:56
Platform
win7-20240729-en
Max time kernel
479s
Max time network
481s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dreem\FastColoredTextBox.dll,#1
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:55
Platform
win10v2004-20240802-en
Max time kernel
415s
Max time network
429s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dreem\MasterAPI.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 174.117.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:50
Platform
win7-20240704-en
Max time kernel
120s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Dreem\Scripts\Blox Fruit Script.js"
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:50
Platform
win10v2004-20240802-en
Max time kernel
122s
Max time network
149s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Dreem\Scripts\Blox Fruit Script.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:50
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
136s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Dreem\Scripts\Infinite Yeild.js"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4412,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=4448 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:53
Platform
win10v2004-20240802-en
Max time kernel
330s
Max time network
210s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Dreem\Scripts\Super Hero Tycoon.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | udp | |
| N/A | 13.69.239.79:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| SE | 192.229.221.95:80 | tcp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:59
Platform
win10v2004-20240802-en
Max time kernel
443s
Max time network
448s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\main.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\main.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2956 wrote to memory of 3548 | N/A | C:\Users\Admin\AppData\Local\Temp\Dreem\Shaakey-idfk12-09d89e6\main.exe | C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\main.exe |
| PID 2956 wrote to memory of 3548 | N/A | C:\Users\Admin\AppData\Local\Temp\Dreem\Shaakey-idfk12-09d89e6\main.exe | C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\main.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Dreem\Shaakey-idfk12-09d89e6\main.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\Shaakey-idfk12-09d89e6\main.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\Shaakey-idfk12-09d89e6\main.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.64.52.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\python312.dll
| MD5 | d521654d889666a0bc753320f071ef60 |
| SHA1 | 5fd9b90c5d0527e53c199f94bad540c1e0985db6 |
| SHA256 | 21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2 |
| SHA512 | 7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3 |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd
| MD5 | fb454c5e74582a805bc5e9f3da8edc7b |
| SHA1 | 782c3fa39393112275120eaf62fc6579c36b5cf8 |
| SHA256 | 74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1 |
| SHA512 | 727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\_bz2.pyd
| MD5 | 5bebc32957922fe20e927d5c4637f100 |
| SHA1 | a94ea93ee3c3d154f4f90b5c2fe072cc273376b3 |
| SHA256 | 3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62 |
| SHA512 | afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6 |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\_hashlib.pyd
| MD5 | da02cefd8151ecb83f697e3bd5280775 |
| SHA1 | 1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7 |
| SHA256 | fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354 |
| SHA512 | a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\_lzma.pyd
| MD5 | 195defe58a7549117e06a57029079702 |
| SHA1 | 3795b02803ca37f399d8883d30c0aa38ad77b5f2 |
| SHA256 | 7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a |
| SHA512 | c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\_socket.pyd
| MD5 | dd8ff2a3946b8e77264e3f0011d27704 |
| SHA1 | a2d84cfc4d6410b80eea4b25e8efc08498f78990 |
| SHA256 | b102522c23dac2332511eb3502466caf842d6bcd092fbc276b7b55e9cc01b085 |
| SHA512 | 958224a974a3449bcfb97faab70c0a5b594fa130adc0c83b4e15bdd7aab366b58d94a4a9016cb662329ea47558645acd0e0cc6df54f12a81ac13a6ec0c895cd8 |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\libssl-3.dll
| MD5 | 19a2aba25456181d5fb572d88ac0e73e |
| SHA1 | 656ca8cdfc9c3a6379536e2027e93408851483db |
| SHA256 | 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006 |
| SHA512 | df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tk86t.dll
| MD5 | 4cdd92e60eb291053d2ad12bf0710749 |
| SHA1 | 31424e8d35459ba43672f05abba1e37c23f74536 |
| SHA256 | b30576b60aee548838243601952a05b70a9fc937f5a607f6b1413cd5ed04d900 |
| SHA512 | 80c3bb58817578708e14ba173bfbe8f62fb54efa22feb8ff08b9eefa4462b74062654f956f965c7caa8aa16295229b58ef9eea8d2c4c94652bde1e61038e6ffe |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\zlib1.dll
| MD5 | fa87d95aa4f9348d3f3b75d62a23658d |
| SHA1 | b8829e2ec83b1950ae013be60ed3e7616ce2ed80 |
| SHA256 | 21feea753a6f991f01bcf9d30afada06eca3a105e97d5d81998ef359c4fc86a3 |
| SHA512 | cb965cfc905b7c588bd2009d4915973a004de658b6153de9fe2ae8b27c5612b56de14b95499ec050b70d16f89f0313cd81a3afa827a30c38aa206e44c11ef283 |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\tcl86t.dll
| MD5 | 108d97000657e7b1b95626350784ed23 |
| SHA1 | 3814e6e5356b26e6e538f2c1803418eb83941e30 |
| SHA256 | 3d2769e69d611314d517fc9aad688a529670af94a7589f728107180ae105218f |
| SHA512 | 9475cd1c8fe2e769ed0e8469d1f19cdf808f930cccc3baf581888a705f195c9be02652168d9c1c25ba850502f94e7eb87687c2c75f0f699c38309bc92b9004a0 |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\_tkinter.pyd
| MD5 | 276791cca50a8b8a334d3f4f9ff520e2 |
| SHA1 | c0d73f309ef98038594c6338c81606a9947bd7f8 |
| SHA256 | a1c74836bad3d9b0aaec8dccd92e552b5ad583bfea7ef21cd40713a265d94f7e |
| SHA512 | ef1ed2eacf86885531fc0963c84c1c99773d963d5a709030df6cfee5027604e1402a55b6fe26019a3ab922fd27895d0e2ef5572a50195372b1bfb1539eac0dd0 |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\vcruntime140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\_wmi.pyd
| MD5 | 8a9a59559c614fc2bcebb50073580c88 |
| SHA1 | 4e4ced93f2cb5fe6a33c1484a705e10a31d88c4d |
| SHA256 | 752fb80edb51f45d3cc1c046f3b007802432b91aef400c985640d6b276a67c12 |
| SHA512 | 9b17c81ff89a41307740371cb4c2f5b0cf662392296a7ab8e5a9eba75224b5d9c36a226dce92884591636c343b8238c19ef61c1fdf50cc5aa2da86b1959db413 |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\_ssl.pyd
| MD5 | c87c5890039c3bdb55a8bc189256315f |
| SHA1 | 84ef3c2678314b7f31246471b3300da65cb7e9de |
| SHA256 | a5d361707f7a2a2d726b20770e8a6fc25d753be30bcbcbbb683ffee7959557c2 |
| SHA512 | e750dc36ae00249ed6da1c9d816f1bd7f8bc84ddea326c0cd0410dbcfb1a945aac8c130665bfacdccd1ee2b7ac097c6ff241bfc6cc39017c9d1cde205f460c44 |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\select.pyd
| MD5 | d0cc9fc9a0650ba00bd206720223493b |
| SHA1 | 295bc204e489572b74cc11801ed8590f808e1618 |
| SHA256 | 411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019 |
| SHA512 | d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\_multiprocessing.pyd
| MD5 | 2bd43e8973882e32c9325ef81898ae62 |
| SHA1 | 1e47b0420a2a1c1d910897a96440f1aeef5fa383 |
| SHA256 | 3c34031b464e7881d8f9d182f7387a86b883581fd020280ec56c1e3ec6f4cc2d |
| SHA512 | 9d51bbd25c836f4f5d1fb9b42853476e13576126b8b521851948bdf08d53b8d4b4f66d2c8071843b01aa5631abdf13dc53c708dba195656a30f262dce30a88ca |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_decimal.pyd
| MD5 | 492c0c36d8ed1b6ca2117869a09214da |
| SHA1 | b741cae3e2c9954e726890292fa35034509ef0f6 |
| SHA256 | b8221d1c9e2c892dd6227a6042d1e49200cd5cb82adbd998e4a77f4ee0e9abf1 |
| SHA512 | b8f1c64ad94db0252d96082e73a8632412d1d73fb8095541ee423df6f00bc417a2b42c76f15d7e014e27baae0ef50311c3f768b1560db005a522373f442e4be0 |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\pydantic_core\_pydantic_core.pyd
| MD5 | 690702355f29deaf8bad019fe8be4bd7 |
| SHA1 | fbd12b4934e0c7a0271eabbc45af2511b37193bc |
| SHA256 | 1f763dbdef13beadf8fc2e4abf4cfed64c3c458730484dfea53e2b12b1fb081e |
| SHA512 | e796e446c56222111e7a1b78d1e389b130d7406eaf66024acac8d57109f201298c93b9ccc3e09c4ccf9f60a4d75a59c417dd3919079dd56be832880aa73ac00d |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\watchfiles\_rust_notify.pyd
| MD5 | 0e84842bd809a278fda8046707c6a41a |
| SHA1 | a8ed45fc64e5ae116a934afc24d2c6a98e5ab560 |
| SHA256 | 5399f94e7b32253749ff2ec0839ddb5f2e76c2bcf12416507411a52986098662 |
| SHA512 | 083c3f33a31fa7a43eda16f95053994f4ebb9ca9eb657deeb1e493a9c0874f2fa0faa95773c4a992b52d572e74c790bba776cd558981219d56f74a8b97cc6537 |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\_uuid.pyd
| MD5 | 50521b577719195d7618a23b3103d8aa |
| SHA1 | 7020d2e107000eaf0eddde74bc3809df2c638e22 |
| SHA256 | acbf831004fb8b8d5340fe5debd9814c49bd282dd765c78faeb6bb5116288c78 |
| SHA512 | 4ee950da8bbbd36932b488ec62fa046ac8fc35783a146edadbe063b8419a63d4dfb5bbd8c45e9e008fe708e6fc4a1fee1202fce92ffc95320547ba714fed95e1 |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\unicodedata.pyd
| MD5 | cc8142bedafdfaa50b26c6d07755c7a6 |
| SHA1 | 0fcab5816eaf7b138f22c29c6d5b5f59551b39fe |
| SHA256 | bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268 |
| SHA512 | c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\_queue.pyd
| MD5 | b7e5fbd7ef3eefff8f502290c0e2b259 |
| SHA1 | 9decba47b1cdb0d511b58c3146d81644e56e3611 |
| SHA256 | dbdabb5fe0ccbc8b951a2c6ec033551836b072cab756aaa56b6f22730080d173 |
| SHA512 | b7568b9df191347d1a8d305bd8ddd27cbfa064121c785fa2e6afef89ec330b60cafc366be2b22409d15c9434f5e46e36c5cbfb10783523fdcac82c30360d36f7 |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\_overlapped.pyd
| MD5 | 7e4553ca5c269e102eb205585cc3f6b4 |
| SHA1 | 73a60dbc7478877689c96c37107e66b574ba59c9 |
| SHA256 | d5f89859609371393d379b5ffd98e5b552078050e8b02a8e2900fa9b4ee8ff91 |
| SHA512 | 65b72bc603e633596d359089c260ee3d8093727c4781bff1ec0b81c8244af68f69ff3141424c5de12355c668ae3366b4385a0db7455486c536a13529c47b54ef |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\_asyncio.pyd
| MD5 | 477dba4d6e059ea3d61fad7b6a7da10e |
| SHA1 | 1f23549e60016eeed508a30479886331b22f7a8b |
| SHA256 | 5bebeb765ab9ef045bc5515166360d6f53890d3ad6fc360c20222d61841410b6 |
| SHA512 | 8119362c2793a4c5da25a63ca68aa3b144db7e4c08c80cbe8c8e7e8a875f1bd0c30e497208ce20961ddb38d3363d164b6e1651d3e030ed7b8ee5f386faf809d2 |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\python3.dll
| MD5 | a07661c5fad97379cf6d00332999d22c |
| SHA1 | dca65816a049b3cce5c4354c3819fef54c6299b0 |
| SHA256 | 5146005c36455e7ede4b8ecc0dc6f6fa8ea6b4a99fedbabc1994ae27dfab9d1b |
| SHA512 | 6ddeb9d89ccb4d2ec5d994d85a55e5e2cc7af745056dae030ab8d72ee7830f672003f4675b6040f123fc64c19e9b48cabd0da78101774dafacf74a88fbd74b4d |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\zstandard\backend_c.pyd
| MD5 | 0fc69d380fadbd787403e03a1539a24a |
| SHA1 | 77f067f6d50f1ec97dfed6fae31a9b801632ef17 |
| SHA256 | 641e0b0fa75764812fff544c174f7c4838b57f6272eaae246eb7c483a0a35afc |
| SHA512 | e63e200baf817717bdcde53ad664296a448123ffd055d477050b8c7efcab8e4403d525ea3c8181a609c00313f7b390edbb754f0a9278232ade7cfb685270aaf0 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\charset_normalizer\md.pyd
| MD5 | d9e0217a89d9b9d1d778f7e197e0c191 |
| SHA1 | ec692661fcc0b89e0c3bde1773a6168d285b4f0d |
| SHA256 | ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0 |
| SHA512 | 3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d |
C:\Users\Admin\AppData\Local\Temp\onefile_2956_133692400909620526\psutil\_psutil_windows.pyd
| MD5 | 3e579844160de8322d574501a0f91516 |
| SHA1 | c8de193854f7fc94f103bd4ac726246981264508 |
| SHA256 | 95f01ce7e37f6b4b281dbc76e9b88f28a03cb02d41383cc986803275a1cd6333 |
| SHA512 | ee2a026e8e70351d395329c78a07acb1b9440261d2557f639e817a8149ba625173ef196aed3d1c986577d78dc1a7ec9fed759c19346c51511474fe6d235b1817 |
memory/3548-122-0x00007FF993330000-0x00007FF99335A000-memory.dmp
Analysis: behavioral24
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:57
Platform
win10v2004-20240802-en
Max time kernel
418s
Max time network
421s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_1336_133692400927749815\main.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_1336_133692400927749815\main.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1336 wrote to memory of 4252 | N/A | C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe | C:\Users\Admin\AppData\Local\Temp\onefile_1336_133692400927749815\main.exe |
| PID 1336 wrote to memory of 4252 | N/A | C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe | C:\Users\Admin\AppData\Local\Temp\onefile_1336_133692400927749815\main.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_1336_133692400927749815\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.201.50.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\onefile_1336_133692400927749815\python312.dll
| MD5 | 3c388ce47c0d9117d2a50b3fa5ac981d |
| SHA1 | 038484ff7460d03d1d36c23f0de4874cbaea2c48 |
| SHA256 | c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb |
| SHA512 | e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35 |
C:\Users\Admin\AppData\Local\Temp\onefile_1336_133692400927749815\vcruntime140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_socket.pyd
| MD5 | dc06f8d5508be059eae9e29d5ba7e9ec |
| SHA1 | d666c88979075d3b0c6fd3be7c595e83e0cb4e82 |
| SHA256 | 7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a |
| SHA512 | 57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\select.pyd
| MD5 | 92b440ca45447ec33e884752e4c65b07 |
| SHA1 | 5477e21bb511cc33c988140521a4f8c11a427bcc |
| SHA256 | 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3 |
| SHA512 | 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ssl.pyd
| MD5 | 5b9b3f978d07e5a9d701f832463fc29d |
| SHA1 | 0fcd7342772ad0797c9cb891bf17e6a10c2b155b |
| SHA256 | d568b3c99bf0fc35a1f3c5f66b4a9d3b67e23a1d3cf0a4d30499d924d805f5aa |
| SHA512 | e4db56c8e0e9ba0db7004463bf30364a4e4ab0b545fb09f40d2dba67b79b6b1c1db07df1f017501e074abd454d1e37a4167f29e7bbb0d4f8958fa0a2e9f4e405 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-3.dll
| MD5 | 19a2aba25456181d5fb572d88ac0e73e |
| SHA1 | 656ca8cdfc9c3a6379536e2027e93408851483db |
| SHA256 | 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006 |
| SHA512 | df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337 |
C:\Users\Admin\AppData\Local\Temp\onefile_1336_133692400927749815\_wmi.pyd
| MD5 | 7ec3fc12c75268972078b1c50c133e9b |
| SHA1 | 73f9cf237fe773178a997ad8ec6cd3ac0757c71e |
| SHA256 | 1a105311a5ed88a31472b141b4b6daa388a1cd359fe705d9a7a4aba793c5749f |
| SHA512 | 441f18e8ce07498bc65575e1ae86c1636e1ceb126af937e2547710131376be7b4cb0792403409a81b5c6d897b239f26ec9f36388069e324249778a052746795e |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\zstandard\backend_c.pyd
| MD5 | 0fc69d380fadbd787403e03a1539a24a |
| SHA1 | 77f067f6d50f1ec97dfed6fae31a9b801632ef17 |
| SHA256 | 641e0b0fa75764812fff544c174f7c4838b57f6272eaae246eb7c483a0a35afc |
| SHA512 | e63e200baf817717bdcde53ad664296a448123ffd055d477050b8c7efcab8e4403d525ea3c8181a609c00313f7b390edbb754f0a9278232ade7cfb685270aaf0 |
C:\Users\Admin\AppData\Local\Temp\onefile_1336_133692400927749815\_hashlib.pyd
| MD5 | eedb6d834d96a3dffffb1f65b5f7e5be |
| SHA1 | ed6735cfdd0d1ec21c7568a9923eb377e54b308d |
| SHA256 | 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2 |
| SHA512 | 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_queue.pyd
| MD5 | 6e0cb85dc94e351474d7625f63e49b22 |
| SHA1 | 66737402f76862eb2278e822b94e0d12dcb063c5 |
| SHA256 | 3f57f29abd86d4dc8f4ca6c3f190ebb57d429143d98f0636ff5117e08ed81f9b |
| SHA512 | 1984b2fc7f9bbdf5ba66716fc60dcfd237f38e2680f2fc61f141ff7e865c0dbdd7cdc47b3bc490b426c6cfe9f3f9e340963abf428ea79eb794b0be7d13001f6a |
C:\Users\Admin\AppData\Local\Temp\onefile_1336_133692400927749815\charset_normalizer\md.pyd
| MD5 | d9e0217a89d9b9d1d778f7e197e0c191 |
| SHA1 | ec692661fcc0b89e0c3bde1773a6168d285b4f0d |
| SHA256 | ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0 |
| SHA512 | 3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\unicodedata.pyd
| MD5 | 16be9a6f941f1a2cb6b5fca766309b2c |
| SHA1 | 17b23ae0e6a11d5b8159c748073e36a936f3316a |
| SHA256 | 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04 |
| SHA512 | 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b |
C:\Users\Admin\AppData\Local\Temp\onefile_1336_133692400927749815\charset_normalizer\md__mypyc.pyd
| MD5 | bf9a9da1cf3c98346002648c3eae6dcf |
| SHA1 | db16c09fdc1722631a7a9c465bfe173d94eb5d8b |
| SHA256 | 4107b1d6f11d842074a9f21323290bbe97e8eed4aa778fbc348ee09cc4fa4637 |
| SHA512 | 7371407d12e632fc8fb031393838d36e6a1fe1e978ced36ff750d84e183cde6dd20f75074f4597742c9f8d6f87af12794c589d596a81b920c6c62ee2ba2e5654 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_bz2.pyd
| MD5 | 223fd6748cae86e8c2d5618085c768ac |
| SHA1 | dcb589f2265728fe97156814cbe6ff3303cd05d3 |
| SHA256 | f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb |
| SHA512 | 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_lzma.pyd
| MD5 | 05e8b2c429aff98b3ae6adc842fb56a3 |
| SHA1 | 834ddbced68db4fe17c283ab63b2faa2e4163824 |
| SHA256 | a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c |
| SHA512 | badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\certifi\cacert.pem
| MD5 | 181ac9a809b1a8f1bc39c1c5c777cf2a |
| SHA1 | 9341e715cea2e6207329e7034365749fca1f37dc |
| SHA256 | 488ba960602bf07cc63f4ef7aec108692fec41820fc3328a8e3f3de038149aee |
| SHA512 | e19a92b94aedcf1282b3ef561bd471ea19ed361334092c55d72425f9183ebd1d30a619e493841b6f75c629f26f28dc682960977941b486c59475f21cf86fff85 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd
| MD5 | bbd5533fc875a4a075097a7c6aba865e |
| SHA1 | ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00 |
| SHA256 | be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570 |
| SHA512 | 23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_tkinter.pyd
| MD5 | 1df0201667b4718637318dbcdc74a574 |
| SHA1 | fd44a9b3c525beffbca62c6abe4ba581b9233db2 |
| SHA256 | 70439ee9a05583d1c4575dce3343b2a1884700d9e0264c3ada9701829483a076 |
| SHA512 | 530431e880f2bc193fae53b6c051bc5f62be08d8ca9294f47f18bb3390dcc0914e8e53d953eee2fcf8e1efbe17d98eb60b3583bccc7e3da5e21ca4dc45adfaf4 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tcl86t.dll
| MD5 | 21dc82dd9cc445f92e0172d961162222 |
| SHA1 | 73bc20b509e1545b16324480d9620ae25364ebf1 |
| SHA256 | c2966941f116fab99f48ab9617196b43a5ee2fd94a8c70761bda56cb334daa03 |
| SHA512 | 3051a9d723fb7fc11f228e9f27bd2644ac5a0a95e7992d60c757240577b92fc31fa373987b338e6bc5707317d20089df4b48d1b188225ff370ad2a68d5ff7ba6 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tk86t.dll
| MD5 | 9fb68a0252e2b6cd99fd0cb6708c1606 |
| SHA1 | 60ab372e8473fad0f03801b6719bf5cccfc2592e |
| SHA256 | c6ffe2238134478d8cb1c695d57e794516f3790e211ff519f551e335230de7de |
| SHA512 | f5de1b1a9dc2d71ae27dfaa7b01e079e4970319b6424b44c47f86360faf0b976ed49dab6ee9f811e766a2684b647711e567cbaa6660f53ba82d724441c4ddd06 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\zlib1.dll
| MD5 | 297e845dd893e549146ae6826101e64f |
| SHA1 | 6c52876ea6efb2bc8d630761752df8c0a79542f1 |
| SHA256 | 837efb838cb91428c8c0dfb65d5af1e69823ff1594780eb8c8e9d78f7c4b2fc1 |
| SHA512 | f6efef5e34ba13f1dfddacfea15f385de91d310d73a6894cabb79c2186accc186c80cef7405658d91517c3c10c66e1acb93e8ad2450d4346f1aa85661b6074c3 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\PIL\_imaging.pyd
| MD5 | ff0f2e5a156a73c3759fe19af09a18ef |
| SHA1 | d0b16481e537d981078afa091f7dc7f4da2b904d |
| SHA256 | b9e41e7137cfc7b873e96ada1c473babfd616d0ad7878221bb68c43b70190067 |
| SHA512 | 0077a54e105bb674f6f75187467ec15837ae1c6d00df3c708b4b1a0f4efe779c634dc2f9885b36e44c1a4f839e000ffd1a8666c23348dae19cf8b05c6182fcaa |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_asyncio.pyd
| MD5 | 28d2a0405be6de3d168f28109030130c |
| SHA1 | 7151eccbd204b7503f34088a279d654cfe2260c9 |
| SHA256 | 2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d |
| SHA512 | b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_overlapped.pyd
| MD5 | ba368245d104b1e016d45e96a54dd9ce |
| SHA1 | b79ef0eb9557a0c7fa78b11997de0bb057ab0c52 |
| SHA256 | 67e6ca6f1645c6928ade6718db28aff1c49a192e8811732b5e99364991102615 |
| SHA512 | 429d7a1f829be98c28e3dca5991edcadff17e91f050d50b608a52ef39f6f1c6b36ab71bfa8e3884167371a4e40348a8cda1a9492b125fb19d1a97c0ccb8f2c7b |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_multiprocessing.pyd
| MD5 | a4281e383ef82c482c8bda50504be04a |
| SHA1 | 4945a2998f9c9f8ce1c078395ffbedb29c715d5d |
| SHA256 | 467b0fef42d70b55abf41d817dff7631faeef84dce64f8aadb5690a22808d40c |
| SHA512 | 661e38b74f8bfdd14e48e65ee060da8ecdf67c0e3ca1b41b6b835339ab8259f55949c1f8685102fd950bf5de11a1b7c263da8a3a4b411f1f316376b8aa4a5683 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\watchfiles\_rust_notify.pyd
| MD5 | 0e84842bd809a278fda8046707c6a41a |
| SHA1 | a8ed45fc64e5ae116a934afc24d2c6a98e5ab560 |
| SHA256 | 5399f94e7b32253749ff2ec0839ddb5f2e76c2bcf12416507411a52986098662 |
| SHA512 | 083c3f33a31fa7a43eda16f95053994f4ebb9ca9eb657deeb1e493a9c0874f2fa0faa95773c4a992b52d572e74c790bba776cd558981219d56f74a8b97cc6537 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\pydantic_core\_pydantic_core.pyd
| MD5 | 690702355f29deaf8bad019fe8be4bd7 |
| SHA1 | fbd12b4934e0c7a0271eabbc45af2511b37193bc |
| SHA256 | 1f763dbdef13beadf8fc2e4abf4cfed64c3c458730484dfea53e2b12b1fb081e |
| SHA512 | e796e446c56222111e7a1b78d1e389b130d7406eaf66024acac8d57109f201298c93b9ccc3e09c4ccf9f60a4d75a59c417dd3919079dd56be832880aa73ac00d |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_decimal.pyd
| MD5 | 3055edf761508190b576e9bf904003aa |
| SHA1 | f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890 |
| SHA256 | e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577 |
| SHA512 | 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248 |
memory/4252-128-0x00007FFAD0A80000-0x00007FFAD0AAA000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:52
Platform
win7-20240704-en
Max time kernel
118s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Dreem\2024 star of the night Api.dll",#1
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:50
Platform
win10v2004-20240802-en
Max time kernel
93s
Max time network
134s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Dreem\2024 star of the night Api.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:57
Platform
win7-20240704-en
Max time kernel
310s
Max time network
319s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dreem\CeleryIn.dll,#1
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 14:00
Platform
win7-20240708-en
Max time kernel
632s
Max time network
751s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Dreem\Dreem.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60bf47e187f8da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "124" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\microsoft.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{056970F1-647B-11EF-9F09-428107983482} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000008e587c72d8404c10d8e3819a39a69e269662395339d97dae0a02367c7a037141000000000e800000000200002000000026fdeae3bf621efc61e20171b7f6a92ee951402970df314da79ed7a597c3802c2000000034041c9c26c2bd9a429c2fd5658ed0d7f3ce2c929778e5868a9828189a41ef5c4000000018a91673da960f00c2bef012ae972b141722a5232908a70c0fe91cbd9a530ba1951ae8f8fa9a7fc21bbe651825e06a1bba5d1b912bf9d9df32c9f1c5f1c2918d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000001401d6aeffd962edf79ecb40a461ce805c0529176ab43a134979509e9746f53f000000000e8000000002000020000000ad86a43e350090166b8c134178c8a8c2d5b8fe209e7b45976a92da9cefb58460900000008aac65f606bf46343d3eea7f6789d56cbc42cc3281425046bb5d0338f87f5c67c1204badb7c373775559429aa68cac344483d8782e6f30649928ad4a7315c60353f176447146f2c4743346873315d8b840385e9b2ddf9f732d94137f98318510562e40e69b774e06dab767d4830e51b1086691814f7ab5efaceafae2c3faeee2f4770d0aa2e036342ac73ff7da08e6684000000054ef698a9b81d7651cdfcb520c57e68eb8800a7895ec278f28c7a2dc6d7d29f2f305390ab646458ecf119d4f46092207289c779190b4150f8e5e93a73a9c3db3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\dotnet.microsoft.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "124" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\microsoft.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\microsoft.com\Total = "124" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430928368" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Dreem\Dreem.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\Dreem.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=Dreem.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.67:443 | js.monitor.azure.com | tcp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| US | 13.107.246.67:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.67:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.67:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.67:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | westus2-0.in.applicationinsights.azure.com | udp |
| US | 20.9.155.148:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 173.222.211.58:80 | crl.microsoft.com | tcp |
| US | 20.9.155.148:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab60B8.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar60CB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3789a646feade20f497ef87ea19efd94 |
| SHA1 | 8243159079c8af14206cecf8ecbc0a0879e67748 |
| SHA256 | 87f31dea32b29b954292cc5785e6954989ff3772a14842f02c6e355e7c204787 |
| SHA512 | bb1fdaac8f935d7389308882cc8a3c40398b83ab35c32a5a4f335d918604be9a3c483dcbd1700dc127c8d872e0a58141ff00df145225d1e1ec042f28b0c70fbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c392b97a898d567eec6658909918b28f |
| SHA1 | 8a9e5496c8a45ea83dbebca32d787f4d37116902 |
| SHA256 | dd5252e320cceaa39435fff049ae9d623a4b3596aa80914d50d2d10dfc4e0f4a |
| SHA512 | 605575644b4070388d31d3fcbc32433d24fcf309e1e8ab2d871ccfb883ec4c191bd4c024e2a1802c24a049cbe36368eccfe816fdd0eada1ccfdb2cac48e592c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f77ff7b376613470c77a36563bfba5bd |
| SHA1 | 21774cf4b11c457e8ca2673855e2cffb02962ef3 |
| SHA256 | 11c778e1bb1f623bb82cc73a4f3d7603e36c255cdc72e15ec55a140ccbd22c24 |
| SHA512 | c4c87ca380cda0c8e976cff7bd8618095554372f4b4d78cd3e8806aa0f4221644df6484e540c4849f1e2da552bb9838f99872b188b0c1b15476bc5fc1de832ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e7e7b3cef84b8c0acb6ed3768d4b688 |
| SHA1 | 739b6551e2a09a2839570d98363de7853d7f5931 |
| SHA256 | 868d4bb36e5432ed292e9c727100e4b8ca60a6f6022d21fb3219a1be682075ac |
| SHA512 | efa519c67a2050dfcdfa369d6744e21cc4d52ad118f9728e913a21ec239e27c2ff81d31fe09fd1558a8547f482035e9de8847eaa98ba64e63a3408a3a8131795 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e47a4f09ba6130f475c87c16f36eb682 |
| SHA1 | bbcdf9629f50de9307fde7de5ef37d1d2530c8d0 |
| SHA256 | 68297fa46d1944a2d279838d511086dbc740513414b144f999ec6a68f9bbbf93 |
| SHA512 | 2ed2779dc0d32c8935d95b4c85e7be431505d10dfee4d44697948702b0dd01fae20d45a35d7621e54cd6ccf677aec3e11ddf512f27f425e21b66f82e669d75d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a7b579da8d6dd6a725ee650114e009f |
| SHA1 | 0034922910e58f8de93e94946cd06b0619abb148 |
| SHA256 | 8f41525ce8e8f141562d0f831b0eb5b728cb28cbcb63413ce6f8f07472541d0d |
| SHA512 | f1b4c1cd0fd5589b2b283316456b5e98086b6b41bd6a7dcaab51ba7e4e0f62575bc85c83203673bfcb5ab3da28202aa244accd750c7efd7af9addc388efb6145 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6dbbef27af57f0458fe3c7ba6c3cb942 |
| SHA1 | f98cc9ed487d22fc5fc23def84718170570f8690 |
| SHA256 | 072d84e5ab51925e7b43f473300583a38526adf533763dd4ecad2e20141c14c6 |
| SHA512 | 9977db22ef5830f262942609571f7083f7627fb59047664cc5537136dcd5955a67cbdd4df24957b41aaad868fdc72424a1c3271528281d007cb7c17d53b0ca32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f9bbdef112cc733072609d5262ca68e |
| SHA1 | 496a6da44f45bb1e7da089ca3020da9af2c25485 |
| SHA256 | 34ce38c6ec1518e5fbd0ca13e79e3f3b2860a95425d1664cc8f7a2732001b62f |
| SHA512 | 0e6152fe37cc7aa8e4910935e5913b301aa8bbab9174e4cdbbf472a8aba37d44ab7b227d6709fe3fb15e17d70ea512ecbf3235965d1d66e1e47af4c4d5e3bded |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d07c0d0f2722f7e90abe110d19261e85 |
| SHA1 | 6985adaf5cd034cb0b712037fec35ea357fc5b11 |
| SHA256 | 1da15432b6b9c6237931c2dd4e710bed9b4dfcf5bac759a99f053cb826f507fb |
| SHA512 | e9cf463402a6fb492fb101598333456c6434e6f20d42c77834a48edf4a20b2c3fe26fe966ab1421ebd2140b025da7d02aad10c6e7d2337f036394c4ac29a1801 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc6f7eb188ce123319ff11949d789116 |
| SHA1 | a37e9566dbb6cce712e0981546128f8414fa1aed |
| SHA256 | 45744e7301a4b6c182d6615f12e90627868af3afa91a8f98f9655462bac20191 |
| SHA512 | 0f593731bbfaea1bc1d2c98046609565884d6de2ca4e4b8604276e8cd53a420235ba4d89297f991669050167ee1d963da7b3a473a6ed9803b95d1d16e470fa64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6f36e4c62ab375f81d0791c5505e654 |
| SHA1 | eea241300ab9bb862569ba55b71a461c6abc6440 |
| SHA256 | 1577f47f22cf56f1dd4dbb551b4f276923a2b2f504fa73903357b755a825f95e |
| SHA512 | 55c1d831e82b8e0b77d69cf923f3b264ee65404b4b203761f02858478531f4de6a7f502191855635ddfcf2917343195c619e361b5fc8b1e30a56a0e44ebb70a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b43bb1074cc42c29fef357d1a01a494 |
| SHA1 | 6307b632236617da02a4cdc6ca11a5dd6ef71061 |
| SHA256 | 725d2545f465c0aa25b667c75d4e1bcd6089ae4e686849b0a03727df8a022014 |
| SHA512 | 613a9b279a6c5ea4d25485db71605b27b3d5c80a79a81718825b19d549bf16f6891f21523d87705ae6f617d209d5f0be734383f0792e48f40e6d702c92da4962 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fcd11746eb7aed56c9641feb251f95f |
| SHA1 | 34013fa8eb2b9e4b03e05b907131d869b91c188e |
| SHA256 | b86b241be3eb40472d422aeb2cc400aedf6313f2124d553abb2b877ec5a937b0 |
| SHA512 | 728593780ef0e4a55930c6472988a268c27bbb47e550a9efc968a02b3291fef0d7975bcf0d8d7bee91b9f4c365289f641d30850cd383004aab2d9e47d6209657 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b21986063ce2b6ed244401c242ddc6fa |
| SHA1 | 7b70bdf68b9c3938cbc075a2c9fdf34a2643674c |
| SHA256 | 03bb6eb565c517240a81ac9eae206c7230646e8b852f4ef1b37960c20f381974 |
| SHA512 | a8959aae04c5744a6af8ee211666036d3b26a95b6c9f08f2cc4859b58b9dfd05c437d5f1cab6614f070bd332a782445896d4fbb6d2259e24b3340278ce11914a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2375319b63500c08936bc3891057d809 |
| SHA1 | 9492b35d9d91ab0181e2d704d828335148bed6ff |
| SHA256 | 9ecef2994924ef122eb00db6096db499954316cf3ab9a9270cbc4cbf5900a908 |
| SHA512 | 87e25a54b5ed2af15a9efd4cf3ff252ee0e3f73d62c18b771b4580751b4a07b333f8e2195d90c0fcdf50316b53a418908e8a3aa1cb5731ea45d39d342a1acc6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 889227294f0f31ae18e1c0daa745dc32 |
| SHA1 | aa3a136b602a53f982a4b3100aa1b31cfff6b623 |
| SHA256 | af245c1954b24f50295c6d8b3dc955fa9bbe5ef42a0cdcfcbb65829f8887eac3 |
| SHA512 | 5d3ae449437fe525f766d04963d2f804c6670448372fb1c9d7e1ee61f1c379e35945a8ad7d2552da8fcdb455cef9a3f5887d8ff3b0b3aab589a8af3b15de3f6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e22e17d6d5fc5f2099f2f5b6b999cc05 |
| SHA1 | a7194fd139e59233a78b1843515d024920fe41b6 |
| SHA256 | beeb43f2ff97742076a05da2cbaadc4663af45db1d46a4882850b6da3a905c18 |
| SHA512 | 8bbe490bcc8609d22bae6b3f152b6d1b42779ff46a7203b899b70035c3ed9754c0a7c177fd0779662630b80493b359c367bd0d25a90194220d06257c2aef4a9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b1df60b46d288383677c20b323392e9 |
| SHA1 | eb52e9f8d1fa4c07194494a42c2cefcd6a842cfb |
| SHA256 | 4a9e8ef04ad599306936d7ea974e1c2cfe127ad8d0b4e9ae2cbafc2033613b80 |
| SHA512 | d15af110eee0c5594873a30a4f4bf47d30d34f15039c52074e9c3feae09de4c5530c50006cb2349fb238028f981cf56fca015e25e9ab29aae450d4cd10aa0753 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3dea4c77b59b19555cedb39f0f0c4dc |
| SHA1 | a2e12a27145d19b25db854d951f48c21c47e11b4 |
| SHA256 | 9c7226e1f35a625f95e8493ab7f62570201f6bcd8eb9fe318f719cbe53b1d06d |
| SHA512 | a89f9c726b90d7ea7adaab1d7e179f53ffb46b84c61a8988be910c07fc9d06c6532bb9095436c679a6f3602a21df11d047e2e1aae8c06fa56d1e379aa740ac6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bacd9911374b8a9800caeb301c5862c |
| SHA1 | 81421512f087c799d18681e0ea9508aa06136dc6 |
| SHA256 | 4aea8a8f503285bce40117239805dcf89ed2aeb08c212a52e8c518e29f98d906 |
| SHA512 | 14291a58f1a167e8a46c943054b9393d8bd19c248f39be66c50addb28a1124f6d5104f60554f3c54c4c77c60a621d2738c4c9a2e0df271a31a3eafe454f42658 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5a1c41b5775fbbf9b17e2ca6a531e65 |
| SHA1 | 51fa5fcc88a243a63851457414bf59f2577cc3c6 |
| SHA256 | 39588c91d7ea10a6b86f6149a297873437cf15fbf20d07d355d44b32f47a4754 |
| SHA512 | 409210049126943cf1f4178c93142ed9f72dde3515d6a134d78521f4bed5c5441cb9323d3cd009a6652f5ff818956373a9adc5c4885a771508846f2c666cbab1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2bcf8ebd7053adf4f8e58e6a79a795b |
| SHA1 | 02b73805dd3aa46a50eb77016a86f2c2d1ec2206 |
| SHA256 | 582bceb121144db56568ec9e8e8c3afef89738b02266a1cf49e9811f96acef92 |
| SHA512 | c3382c530363809f2305b9859ebd8f2b9cca3b948ff230f290be061a28dc81a4312d4097a29c93d241cdf1df96a094054135501e5d7e828fbd0895ec10923889 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b636e74a939489e650c5dc752e428762 |
| SHA1 | ae256957981b2a2b3c8fe3d2a94749d9e990cac6 |
| SHA256 | e1ac5a68983e1615ae6837d35b05288106cf3063702ae770a1fd49f6a60082f3 |
| SHA512 | 0c15ca6560a451c405138badbbaf0a6cc65402861b67b6f082029ac2a60be3545805de3f92924e59aebf706e85c6394731ec11344577d248048080042ef8f775 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97c64c39786d1cf2afb8e7652605ffb6 |
| SHA1 | cb01a10eecdc1e8bf7ac63aefe1345ce6616f98e |
| SHA256 | 2bb1bd05c4a96368e2d52a6d1d4f15eaf1528c268675dc95ab8839ae9386c488 |
| SHA512 | 514631a831de14680cdd3f918d75466b09cb08cacd98f0bacb31262b46f476a64ad15035eeae6b777a2e9a5e83c084d4c73f65f2cfbae3f82bff8bc0bd019ca2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0573a4c11d3ad49222709365a766755d |
| SHA1 | 117d6879d1a1175862bec9f96e7d528f68a481e4 |
| SHA256 | ebdcc2290d00a6c0b5df23d02b9fdff464c2d3c56f99600cd6839b6920df65d2 |
| SHA512 | e649c4582df57fead577024d831dcbf629f319122deccbe8db6bf42ba537a2e2bf15e6c73d976907d85bd7522712d2a39c525adcbcacbaf3dbc545c82b299360 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bb89658ad05eed77f6918f65d07c7a4 |
| SHA1 | b3b4b5f52ed4cde0b7816aeff7f9c6542839428d |
| SHA256 | 5d6b8eacd0f5bb776f5ebe60c21809516a82adf9056f38192fe75424a003ab62 |
| SHA512 | b1122bfc8dcb6e7b6ca8e35ccd831acb7ac929ea9c7a2e9e586ed487a5a16a4e53571d791ebdff560b492c1588ca39910111dcaf64bc96a931173c3e623773d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9661640d6739992a77c3d738d1259c0a |
| SHA1 | 37068ecf0148e2333e494ea2193f47c17966768d |
| SHA256 | 96c5a00f3f06bd88699e1c30ac0012681a1e1afb735d025ec78031b746cb69f8 |
| SHA512 | edb560eca93cae151970d6eb0fcfeb7560f56c1d7b556aaa826594093b6feca29a6bca8b98a35469aad32b75e325f38f81a693fcc5de7c36061eef0ae94cd3bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06ab25b6b91c5a0b684e90ca43bb8378 |
| SHA1 | 89050cf9824b1b2f9ee9597776b1439aeb975734 |
| SHA256 | 1f7358577b1d50ae679a74116c3e0d54a4c2841e40a83e2520f22063cad677d0 |
| SHA512 | fcd8e719a44d15f552f0941bad206623df4185c9484f38dd3a6136295aa983f859afda3f51039bf036935b243aec8202194baf3727a2598a22189f9c899f752b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d608dfb29851b80f49d3262c859c4641 |
| SHA1 | 3ce2823ca5c4f35d602cceb99e3a75b3cd3f1687 |
| SHA256 | f21bd88cb6cc874cb72d71ebe3f7394a1207ec45354a7e92554dfd5411d072e9 |
| SHA512 | 8c55ad8d346e886f4bf1611dd47f29c52a3e95d4cf3128f4b498bf8b55ecae14966914ee1378483d2b11636188706ea5da5053a23029c4c193d4affe3bf5e83d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b49a52fb188099ab06c7dd6354aae632 |
| SHA1 | 08464acb96b65b330778fe1941e1274a29bb8da3 |
| SHA256 | c3443fe29754fb26e4b2d6c7347f6285cbc00ff208034cf294bfa695e394caf0 |
| SHA512 | 36a80a045af925c18cc4292ba9dc29eea5a615c87e294e4fdc4e5946fddd231970e5e3c90e58a4207048f2b53823bc57ee2e486970ddd022fc1b0689eb1e22f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 431f820f3b9c5ab4881107219ce9b0c6 |
| SHA1 | 75251a75ce3149354550561924368f55f82542aa |
| SHA256 | a8bb343763ec3def5db78bec3b65c3d75b22df55f4eb00416f4ceaadc57ed295 |
| SHA512 | 0fd9730505c2de5e9f669db9072bed6fd5bb176c29ca382d648b1dde8d5880800cfcef2e928a02d041035bc064157564d034d109ca462af47964125bd6f425de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e9f34d5013e0dd06eac380cdcf39cfb |
| SHA1 | b257cadac3798b4c0d1d0e0587eed30e1150955b |
| SHA256 | 2c9378b99132bc8659cb390af261fadb0f0814f4a2cbaa59c700eec8fa56611b |
| SHA512 | 592049532e992d73a6b89e55e00d3080847db51640d88941100dfaabb1732a92521248218cc87bf673539be854d8eb5527408c7bdbea4e0c0d952a8ab49202cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2092fc611fc6f00cc509e6617c781c11 |
| SHA1 | 92a42808d4d3d13993901c03a1caeab23dbe4221 |
| SHA256 | c517cef9f5b88f3f23f0a08fc38c3d00083bcd4bba1e63caef555f12136902ab |
| SHA512 | be8459572e89ae11a1fb1a8f1e78af412933098e8972f29ff2d1f7a2f10a6b1605e8b8581f0b9769b7377287425cf62f4a9d164fbfca8d835150baf445d9c5d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 179d20182cbc70f2f00cdbdbf7c64a30 |
| SHA1 | 7532d5861708849a8531a9850f092a1451fe1e10 |
| SHA256 | 691c260b0d5c69c6c4a96f9ea1e49329ad86f3e8aeef2c79575d6c13054e8333 |
| SHA512 | 9e8174ad5f84a18ac9f617c2e21d934619e21edc4a3be4c3361f07cec38e7a5fbc3126aaf63af91fa0ee9d8fa2d86b0d3c03b1dcd7981a9a16d24a11a1c2d7ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf218aa32beaa0b57abe81b1dbdd525f |
| SHA1 | 6186246ec4df3e117bd5d4ad526b99eee6af4d44 |
| SHA256 | 04c8e5a5761fa2359884783fa215daa7edeb2ddbdcbd68b7b424bedde267c722 |
| SHA512 | f28c026114f3ea9784405a842b33a2925f5a380924e58757a8bf2457801f3db0b9c8a9c531b153d32aa1190514124d2e778ef300616159601d0f12cab6b39d15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fed51af30fec963fac72a0c23e838cb4 |
| SHA1 | b7c4f45180561e876eb6a6c9e5024895df313a55 |
| SHA256 | 6f07cad79447215f03e81e04fde63a341e404821906c91502ad15bcf5caa26ba |
| SHA512 | 8b113d2d89ef96043286afc2b9bffa9e1202bce18b19d122b7b56f9ac23cebc375ef8aa93f7fb708394053ae75a8e5905299d7b2be009810bb5b995a9cccc7f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b794521db74a3deb64d217ffdd0a1f6 |
| SHA1 | 0718cb8b3baa405a54fa9710362631cd7d8db6c7 |
| SHA256 | a21c8a3342afe47e0824c6136d536e76f6502d73f86f400c5a73874088c16b51 |
| SHA512 | 34e663c812a292aedfae48ce59de6fd7c34bd72a6c1661caeb9c37625d212359ba7c365e94915db6054a06c70e743ebb52f477b87d1b255d8e58a2651ec1b2f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fb148651a09b84c79e7a40f21c42df6 |
| SHA1 | 6574ad64d2d1bda8e8c45fc257b924d63e324516 |
| SHA256 | 68dcfe69581c1b89233f9f4f9edb4af7b9a970427f340da23509dda71bd69e7b |
| SHA512 | dd5a8d9ab4f905f83422ae526cb506f196ff44122a3e790d4cbc4bec0d775e698db7a0fc072d984423f853bc5eb3b15fd2e5aa91ee77084fd86d4ce5af1dd698 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34971084899e3701d1a3a018e042e858 |
| SHA1 | 3945b36898e37bca19b397decceacba9086a662e |
| SHA256 | 2e29fc2013191236dbb0886f177d085b3e97ac925fe8edae49349cbae6c6775b |
| SHA512 | 75e6625c85d15d3f11efc5e7dc4497d2ae557eb895d3597d19c71a6aed4eadc6a1db21a836f1d66b3bf3db800792105d71f5e1f840b8c510a42823ff6a4564c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f05f3a792596aa674f2777fbc59b6e8 |
| SHA1 | c78fb005c6e31440a604ff6156611836f0829df4 |
| SHA256 | 2708de7fdf56e9010d82897bcb522d79bcc18f4c64b64bac588de649ad10c594 |
| SHA512 | 41c8f2f635110665160940dfbb7508e35bcdf68ef11da893282fa174c32578dca099c08688a30fa91c3c8a61f8aa8a6c0ea1a7cf435b1ade5b5c4c3b61d70365 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fba84bfc00770a2ac6875d5858cc6763 |
| SHA1 | 7e0c91425e160f508bcc7f09838dc560a8a7e50e |
| SHA256 | 3b151e0b12c82d0cbda2d979d4d5faec9576f8adf56c935b43974e90e0e3a23b |
| SHA512 | f2f7481f2d2af629c25c06870349d5d1d30c568bf226f7c969aab0c770d2cbe779e1ad9061a6a468d31e36fecec2c2c1ac98d4aa1c039c1f89657d2c3a44269d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b005752b44e763cd38319812678b408e |
| SHA1 | 5e3d095d4226de30b9ea3a6b078625f517a66b85 |
| SHA256 | 5a74b7915e16515adcc28ed1b29d532a9d0bf6a9a397d0711746e85ead348a20 |
| SHA512 | ffb3e61949474c596353c386bff2f9aeaffe8643522f561c37e50680ac055560f4c3f4d895fa2147c13cc1602e6c2fc5a69af068138aac6d611fcfd52c693f72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38a13ce14ee4430892324b96d7f97d36 |
| SHA1 | f01ad1411bd4d4f9e622034dbd383de0a77a0ccb |
| SHA256 | d9dd513cba6a0dd6366dc305739fd777559dca848f6224aac56d22172b392a1c |
| SHA512 | 47ccccdfda5989d932cf627213dcf875662a5eb595325b9f0a71c25005a1ee4d7dd6415f5cf1a943fa9546dead8481de2cf64071bfebb1cfaea4c339a1542a68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42afdd2d97cf7d06c6a239dfa130bbe3 |
| SHA1 | d579cefe4ec948dc28d21a66daa56106260c41ec |
| SHA256 | ca70d833bcdf8cc51623d249eec17aa2a0e8b2e129f7ff8bcf766c336a23f322 |
| SHA512 | efcc072e26ae4ec5596109a638b7ef9a1f78e76e39714e5276d5b0aab16f7720f447ff26a8864252c89c63f88f363f14d79e942c8cf49b32cf42623c91f40769 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47ab8f19954e8f0775a4c7ecf49451c9 |
| SHA1 | 56194c5f700d1e44f3cef82f39a67bd9515405a7 |
| SHA256 | 1b931af2a7dda7097c1ccf83ee6f5355589bf54d8f53a50688ae58f326901055 |
| SHA512 | a6bbab3fdc3a70a24488e80305a2c9dd90becf45d04d387276327d7142c6048d077c3fdab81527b39e1cd1875029f31d60725bf5333bc57a2f204e7535f17383 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f016f48d86b708475155a6d6520a003 |
| SHA1 | 1f7e44a90af8e7c2fe8fc33efe358977ebf76595 |
| SHA256 | 4777aacd4b85d719c7815df3669656644ae89fa5b176e8f774df0c8ca2583951 |
| SHA512 | e53e986302312b40795a4289f34d7ba42968b5267acc027cd0730f3a926bcc369f45107fac1851317a9517158a2f1feca0ae81730cac8b941d6886d5dbcadd9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0329a25726846ab5a2743bf5c4b5734a |
| SHA1 | 3b1cb0941251571bba60383ac8b27ebb39cbc11d |
| SHA256 | 86f9b057bace3bb6cfa953d74aaefc069c417e9cee1c786c80fa06fec969891f |
| SHA512 | 4d179b9ecf0dde53d2490eac2352f9af136a8e50a708d2b25d023124a2dbf22e891a293010acda8ab41648e860de8e6246f04978688357142a61a8836594245f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\VFGNWAWE\dotnet.microsoft[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n4uupnw\imagestore.dat
| MD5 | 2af250e77f63c1bff9ff2906439c155e |
| SHA1 | 2d987fbc94e259ccd19e2922205058ba9d4fffa3 |
| SHA256 | d0edc8ccb23684d07c373a0f8b088225e9a4125d895127b910e0324a9bd113d7 |
| SHA512 | 8e01f390d3820a1246cdd60387e89f4fa15d34e16c197ec0f3036f084ba9b74fb44609d528490af85dcfbb3c3eede605cc0119f71003526311ebc11ac2b85be7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\favicon[1].ico
| MD5 | 8565042b6db20c23647202bf4b95f11b |
| SHA1 | 9f0829cb3ceef14ac10e0b66338d8b7243a09101 |
| SHA256 | dd7958526f6b8510fc2a9a675056d78e029e62015e8913dda574ff5797ddb969 |
| SHA512 | dbf692b7219a3ea993ab939442a843ffbc7bcfe63bc62117a14ed7e953ffce595393e9f950649aa609a7a9a94b56003ab84cb82edaf2db3e4551434204085b95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d895faeb6119da5e2ffaf92c677ebf3e |
| SHA1 | 15f97979a7a3b0bff7c05c5588927528389363d4 |
| SHA256 | 39c7ade775a5b114f8dfde0cac9c809552051eb133aca5294f5fd913de7bf7d0 |
| SHA512 | 433f1c449bc2b91e33be684846baca31c121fabdd1e18c795ee3e52555b2fda0ecf6d5f55a2bfe7ed9c8a99110b4acd0eeabbca6488cc1bb26b81efe6cf61596 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
Analysis: behavioral6
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 14:01
Platform
win10v2004-20240802-en
Max time kernel
776s
Max time network
781s
Command Line
Signatures
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU2C34.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU2C34.tmp\MicrosoftEdgeUpdate.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Dreem\Dreem.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EU2C34.tmp\MicrosoftEdgeUpdate.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU2C34.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU2C34.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\LayeredClothingEditor\Icon_Play_Dark.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\Controls\DesignSystem\ButtonA.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\ExternalSite\guilded.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\AnimationEditor\icon_showmore.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\DeveloperFramework\StudioTheme\clear.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Settings\Players\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\TagEditor\Close.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\return.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\AssetConfig\CenterPlus.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\AnimationEditor\img_eventMarker_min.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioSharedUI\RoundedCenterBackground.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\AnimationEditor\button_lock.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\New\Unmuted60.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxCrashHandler.exe | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU2C34.tmp\msedgeupdateres_kk.dll | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\RoduxDevtools\StateTabs\Full.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioUIEditor\resizeHandleDropShadow.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\DefaultController\ButtonL3.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU2C34.tmp\msedgeupdateres_ko.dll | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\DeveloperFramework\PageNavigation\button_control_end.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\ExpandArrowSheet.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Settings\Help\AButtonLightSmall.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioSharedUI\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\TerrainEditor\arctic.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\RedSpeakerLight\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\transformOneDegree.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\9SliceEditor\Dragger2OutlinedTop.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\PlayerList\CharacterImageBackground.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ControlsEmulator\PlayStation4_Light.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\InspectMenu\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\PlayStationController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\PlayStationController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\TopBar\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\9-slice\chat-bubble.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\avatar\compositing\CompositLeftArmBase.mesh | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\fonts\TwemojiMozilla.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Settings\Radial\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\TerrainTools\mtrl_mud.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\fonts\Sarpanch-Bold.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\DefaultController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\WarningIcon.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\icons\ic-more-blog.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\Banners\MonsterCat.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\PlayStationController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\DPadLeft.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\ImageSet\LuaApp\img_set_3x_1.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\models\AssetImporter\bonePreviewMesh.mesh | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\AnimationEditor\eventMarker_inner.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\R15Migrator\Icon_DotDotDot.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\Tabs\Shop.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\icons\ic-favorite.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\configs\DateTimeLocaleConfigs\zh-cjv.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\PivotEditor\SelectedPivot.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Dreem\Dreem.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EU2C34.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "Microsoft Edge Update Legacy On Demand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\PROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CLSID\ = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\ = "Google Update Policy Status Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ELEVATION | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\PROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ELEVATION | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\Users\Admin\AppData\Local\Temp\Dreem\Dreem.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 31835.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Dreem\Dreem.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_3956_133692403292101493\main.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_3892_133692403361655813\main.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\main.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_1924_133692403467404317\main.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\main.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_824_133692403583990535\main.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_4596_133692403642718366\main.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\Temp\EU2C34.tmp\MicrosoftEdgeUpdate.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Dreem\Dreem.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Dreem\Dreem.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\Dreem.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffead4846f8,0x7ffead484708,0x7ffead484718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1868 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1104 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Dreem\MasterInject.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\MasterInject.exe"
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_3956_133692403292101493\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_3892_133692403361655813\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_1924_133692403467404317\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_824_133692403583990535\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_4596_133692403642718366\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Dreem\MasterInject.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\MasterInject.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6728 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:8
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EU2C34.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU2C34.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTEyQjNFMkItMkNBRC00M0FGLUE5NEEtN0Q2ODFGQjcwNjlFfSIgdXNlcmlkPSJ7RjBCQTdGQ0ItNzAwRi00QjQwLUJFMTEtNDBDNDE3QjQ5NTBFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4RjczNEM5NC1GMTE0LTRDMkItOTc0Ri03N0JCMEQ4NjA4RTd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4xNSIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzk1NzYzMTkxIiBpbnN0YWxsX3RpbWVfbXM9IjQ4MSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{512B3E2B-2CAD-43AF-A94A-7D681FB7069E}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTEyQjNFMkItMkNBRC00M0FGLUE5NEEtN0Q2ODFGQjcwNjlFfSIgdXNlcmlkPSJ7RjBCQTdGQ0ItNzAwRi00QjQwLUJFMTEtNDBDNDE3QjQ5NTBFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3MTE2MjA5NS0yMUU1LTRCRDAtOEJCRC01Qjk4QkNCMEIwNzF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDAwMzYzMDYyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7077223326480025071,14000373995464679995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 92.123.142.88:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 67.199.248.10:80 | bit.ly | tcp |
| US | 67.199.248.10:80 | bit.ly | tcp |
| US | 8.8.8.8:53 | bitly.com | udp |
| US | 67.199.248.10:80 | bit.ly | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.248.199.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 253.15.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bitly.com | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 24.19.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:8050 | tcp | |
| US | 8.8.8.8:53 | playroblox.com | udp |
| US | 103.224.182.246:80 | playroblox.com | tcp |
| US | 103.224.182.246:80 | playroblox.com | tcp |
| US | 103.224.182.246:80 | playroblox.com | tcp |
| US | 8.8.8.8:53 | ww38.playroblox.com | udp |
| US | 76.223.26.96:80 | ww38.playroblox.com | tcp |
| US | 76.223.26.96:80 | ww38.playroblox.com | tcp |
| US | 8.8.8.8:53 | c.parkingcrew.net | udp |
| DE | 185.53.178.30:80 | c.parkingcrew.net | tcp |
| US | 8.8.8.8:53 | 96.26.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.182.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.above.com | udp |
| US | 8.8.8.8:53 | d38psrni17bvxu.cloudfront.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.68:80 | www.google.com | tcp |
| GB | 99.86.249.202:80 | d38psrni17bvxu.cloudfront.net | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| FR | 216.58.214.174:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | 30.178.53.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.249.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| FR | 142.250.201.162:443 | partner.googleadservices.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.142.122:443 | r.bing.com | tcp |
| GB | 92.123.142.122:443 | r.bing.com | tcp |
| GB | 92.123.142.139:443 | th.bing.com | tcp |
| GB | 92.123.142.139:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.142.123.92.in-addr.arpa | udp |
| US | 204.79.197.200:443 | bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| FR | 20.190.177.21:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 21.177.190.20.in-addr.arpa | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| GB | 92.123.142.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 171.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.en.softonic.com | udp |
| US | 151.101.129.91:443 | roblox.en.softonic.com | tcp |
| US | 151.101.129.91:443 | roblox.en.softonic.com | tcp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 151.101.193.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.193.91:443 | sc.sftcdn.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 151.101.65.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.65.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.65.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.65.91:443 | sc.sftcdn.net | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 151.101.65.91:443 | sc.sftcdn.net | tcp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| GB | 13.224.222.112:443 | sdk.privacy-center.org | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 151.101.193.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.65.91:443 | sc.sftcdn.net | udp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 91.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.222.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.209.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| FR | 216.58.214.174:443 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| GB | 18.172.148.233:443 | www.datadoghq-browser-agent.com | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | di-images.sftcdn.net | udp |
| FR | 172.217.20.187:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 61.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.148.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| GB | 108.156.39.15:443 | config.aps.amazon-adsystem.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | cdn.btmessage.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.7.141:443 | cdn.btmessage.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | api.btmessage.com | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | notix.io | udp |
| US | 151.101.193.91:443 | di-images.sftcdn.net | udp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 13.107.21.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 166.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.64.8.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| GB | 108.138.233.47:443 | api.privacy-center.org | tcp |
| US | 8.8.8.8:53 | 948dc98bce479b22de3280bc905f2bcf.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | wct.softonic.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| FR | 142.250.179.65:443 | 948dc98bce479b22de3280bc905f2bcf.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| GB | 18.245.220.173:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | brightcombid.marphezis.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| FR | 142.250.201.162:443 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 104.26.3.63:443 | wct.softonic.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 185.89.210.90:443 | ib.adnxs.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| IE | 54.228.205.114:443 | ad.360yield.com | tcp |
| IE | 54.194.124.85:443 | ap.lijit.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| FR | 142.250.179.66:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.179.66:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.179.66:443 | googleads.g.doubleclick.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| FR | 142.250.75.226:443 | ep1.adtrafficquality.google | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| NL | 188.166.203.175:443 | brightcombid.marphezis.com | tcp |
| IE | 52.51.104.112:443 | id.crwdcntrl.net | tcp |
| GB | 18.245.143.118:443 | tags.crwdcntrl.net | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 92.123.143.169:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| FR | 142.250.201.163:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| FR | 142.250.201.163:443 | www.google.co.uk | tcp |
| FR | 142.250.201.163:443 | www.google.co.uk | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| FR | 216.58.213.78:443 | ampcid.google.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | tcp |
| US | 104.26.3.63:443 | wct.softonic.com | tcp |
| US | 8.8.8.8:53 | 47.233.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.220.245.18.in-addr.arpa | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 63.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 114.205.228.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.124.194.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.0.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.203.166.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.104.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| FR | 185.235.86.239:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.104:443 | gem.gbc.criteo.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 161.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 151.101.65.108:443 | acdn.adnxs.com | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| GB | 23.46.72.29:443 | contextual.media.net | tcp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 35.169.164.106:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| GB | 92.123.140.19:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| DE | 37.252.171.85:443 | secure.adnxs.com | tcp |
| DE | 37.252.171.85:443 | secure.adnxs.com | tcp |
| US | 23.22.234.152:443 | api-2-0.spot.im | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 52.71.88.198:443 | sync.srv.stackadapt.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| IE | 34.247.108.243:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| NL | 89.149.193.84:443 | ssbsync.smartadserver.com | tcp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 44.225.43.141:443 | jadserve.postrelease.com | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tracker.open-adsyield.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | equativ-match.dotomi.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| IE | 34.247.108.243:443 | match.prod.bidr.io | tcp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| FR | 142.250.201.162:443 | cm.g.doubleclick.net | tcp |
| FR | 178.32.210.230:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 108.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.108.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.72.46.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.164.169.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.86.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.108.247.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.234.22.23.in-addr.arpa | udp |
| US | 172.67.40.173:443 | spl.zeotap.com | tcp |
| US | 8.8.8.8:53 | 198.88.71.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.45.240.172.in-addr.arpa | udp |
| US | 172.111.38.86:443 | tracker.open-adsyield.com | tcp |
| FR | 5.135.209.105:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.207.16.201:443 | equativ-match.dotomi.com | tcp |
| NL | 35.214.249.215:443 | csync.loopme.me | tcp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 44.225.43.141:443 | jadserve.postrelease.com | tcp |
| FR | 5.135.209.105:443 | rtb-csync.smartadserver.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| FR | 142.250.201.162:443 | cm.g.doubleclick.net | udp |
| FR | 5.135.209.105:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| GB | 2.22.101.110:443 | secure-assets.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| FR | 23.33.233.45:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.210.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.40.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.209.135.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.249.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.43.225.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.38.111.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.101.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.155.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.233.33.23.in-addr.arpa | udp |
| US | 199.232.209.91:443 | softonic.com | udp |
| US | 104.26.7.141:443 | api.btmessage.com | tcp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 151.101.65.91:443 | en.softonic.com | udp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| US | 8.8.8.8:53 | bb79c9f8bca6a1a1e0d158610d06f32b.safeframe.googlesyndication.com | udp |
| FR | 142.250.179.66:443 | googleads.g.doubleclick.net | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 54.239.38.253:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| FR | 142.250.201.163:443 | www.google.co.uk | udp |
| IE | 54.239.38.253:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| DK | 157.240.200.14:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 253.38.239.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | track.scoota.co | udp |
| DK | 157.240.200.35:443 | www.facebook.com | tcp |
| DK | 157.240.200.35:443 | www.facebook.com | tcp |
| US | 216.239.32.21:443 | track.scoota.co | tcp |
| US | 8.8.8.8:53 | assets.scoota.co | udp |
| GB | 18.154.84.88:443 | assets.scoota.co | tcp |
| US | 8.8.8.8:53 | 35.200.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.32.239.216.in-addr.arpa | udp |
| GB | 18.154.84.88:443 | assets.scoota.co | tcp |
| US | 8.8.8.8:53 | pixel.adsafeprotected.com | udp |
| IE | 54.154.100.61:443 | pixel.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| GB | 18.245.253.90:443 | static.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | 88.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.100.154.54.in-addr.arpa | udp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 34.247.108.243:443 | match.prod.bidr.io | tcp |
| US | 52.71.88.198:443 | sync.srv.stackadapt.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | dt.adsafeprotected.com | udp |
| US | 44.218.120.49:443 | dt.adsafeprotected.com | tcp |
| US | 44.218.120.49:443 | dt.adsafeprotected.com | tcp |
| US | 44.218.120.49:443 | dt.adsafeprotected.com | tcp |
| US | 44.218.120.49:443 | dt.adsafeprotected.com | tcp |
| US | 44.218.120.49:443 | dt.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | leap.ldplayer.gg | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | 90.253.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.120.218.44.in-addr.arpa | udp |
| GB | 163.181.57.236:443 | leap.ldplayer.gg | tcp |
| GB | 108.156.39.117:443 | s.ad.smaato.net | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| DK | 37.157.6.254:443 | c1.adform.net | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| GB | 163.181.57.235:443 | www.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 236.57.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.57.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| FR | 172.217.20.214:443 | play-lh.googleusercontent.com | tcp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| GB | 79.133.176.186:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | a7e538190882f1dc4514b9c4984f78b4.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | js.adscale.de | udp |
| GB | 18.245.143.7:443 | js.adscale.de | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| FR | 172.217.20.206:443 | fundingchoicesmessages.google.com | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | ih.adscale.de | udp |
| US | 8.8.8.8:53 | 214.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.5.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| DE | 52.57.54.158:443 | ih.adscale.de | tcp |
| FR | 172.217.20.214:443 | play-lh.googleusercontent.com | udp |
| FR | 172.217.20.206:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | res.ldrescdn.com | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| GB | 163.181.57.235:443 | res.ldrescdn.com | tcp |
| GB | 163.181.57.235:443 | res.ldrescdn.com | tcp |
| GB | 163.181.57.235:443 | res.ldrescdn.com | tcp |
| GB | 163.181.57.235:443 | res.ldrescdn.com | tcp |
| GB | 163.181.57.235:443 | res.ldrescdn.com | tcp |
| GB | 163.181.57.235:443 | res.ldrescdn.com | tcp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 158.54.57.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | 49.31.18.104.in-addr.arpa | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 185.235.86.239:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.104:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | apien.ldplayer.net | udp |
| US | 8.8.8.8:53 | invite.ldplayer.net | udp |
| US | 8.8.8.8:53 | usersdk.ldmnq.com | udp |
| US | 8.8.8.8:53 | api.ldshop.gg | udp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| GB | 99.86.114.111:443 | apien.ldplayer.net | tcp |
| SG | 8.222.229.130:443 | api.ldshop.gg | tcp |
| SG | 47.236.4.49:443 | usersdk.ldmnq.com | tcp |
| SG | 8.219.66.74:443 | invite.ldplayer.net | tcp |
| SG | 8.219.66.74:443 | invite.ldplayer.net | tcp |
| SG | 47.236.4.49:443 | usersdk.ldmnq.com | tcp |
| SG | 8.222.229.130:443 | api.ldshop.gg | tcp |
| US | 8.8.8.8:53 | tagan.adlightning.com | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | udp |
| GB | 216.137.44.108:443 | tagan.adlightning.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| GB | 23.49.161.153:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.49.161.153:443 | secure.cdn.fastclick.net | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.114.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.4.236.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.66.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shop.ldrescdn.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| GB | 13.224.222.43:443 | shop.ldrescdn.com | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| NL | 64.158.223.146:443 | proc.ad.cpe.dotomi.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | ldcdn.ldmnq.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| GB | 163.181.57.237:443 | ldcdn.ldmnq.com | tcp |
| US | 172.67.23.234:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | articles-img.sftcdn.net | udp |
| US | 8.8.8.8:53 | 153.161.49.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.36.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.222.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.223.158.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.57.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prs.sftcdn.net | udp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| DE | 157.90.33.68:443 | push-sdk.com | tcp |
| FR | 142.250.75.226:443 | ep1.adtrafficquality.google | udp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| DE | 178.63.248.56:443 | uidsync.net | tcp |
| DE | 178.63.248.56:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | 68.33.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.248.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | 236.72.119.168.in-addr.arpa | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 34.247.108.243:443 | match.prod.bidr.io | tcp |
| US | 52.71.88.198:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| NL | 128.116.21.4:80 | www.roblox.com | tcp |
| NL | 128.116.21.4:80 | www.roblox.com | tcp |
| NL | 128.116.21.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 108.138.217.124:443 | static.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | 124.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| NL | 128.116.21.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| GB | 173.222.211.34:443 | apis.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 34.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| GB | 18.244.155.10:443 | roblox-api.arkoselabs.com | tcp |
| GB | 18.244.155.10:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | 10.155.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prebid-stag.setupad.net | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| NL | 147.75.85.97:443 | prebid.a-mo.net | tcp |
| DK | 37.157.2.229:443 | adx.adform.net | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| US | 172.67.68.162:443 | prebid-stag.setupad.net | tcp |
| US | 172.67.68.162:443 | prebid-stag.setupad.net | tcp |
| NL | 81.17.55.161:443 | prg.smartadserver.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 172.67.68.162:443 | prebid-stag.setupad.net | tcp |
| US | 8.8.8.8:53 | 97.85.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.68.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | setupad-d.openx.net | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | sync.adkernel.com | udp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| US | 172.67.68.162:443 | prebid-stag.setupad.net | tcp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.57.245.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | contacts.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | usermoderation.roblox.com | udp |
| NL | 128.116.21.8:443 | lms.roblox.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | atl1-128-116-99-3.roblox.com | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| US | 8.8.8.8:53 | fra4-128-116-44-3.roblox.com | udp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 8.8.8.8:53 | c0.rbxcdn.com | udp |
| US | 8.8.8.8:53 | aws-us-east-1b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-eu-central-1b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| GB | 92.123.142.144:443 | tr.rbxcdn.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| US | 44.209.73.167:443 | aws-us-east-1b-lms.rbx.com | tcp |
| GB | 18.239.236.85:443 | c0.rbxcdn.com | tcp |
| DE | 18.194.82.69:443 | aws-eu-central-1b-lms.rbx.com | tcp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| GB | 18.239.236.85:443 | c0.rbxcdn.com | tcp |
| DE | 18.194.82.69:443 | aws-eu-central-1b-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | 8.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| US | 8.8.8.8:53 | 144.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.73.209.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.44.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.99.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.236.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.104.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.82.194.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.63.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t3.rbxcdn.com | udp |
| GB | 18.244.114.69:443 | t3.rbxcdn.com | tcp |
| GB | 18.244.114.69:443 | t3.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 69.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | games.roblox.com | udp |
| US | 8.8.8.8:53 | followings.roblox.com | udp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| US | 8.8.8.8:53 | badges.roblox.com | udp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-west-1a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-us-west-2b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 54.241.161.217:443 | aws-us-west-1a-lms.rbx.com | tcp |
| US | 54.218.50.215:443 | aws-us-west-2b-lms.rbx.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| GB | 92.123.140.73:443 | c0ak.rbxcdn.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 54.241.161.217:443 | aws-us-west-1a-lms.rbx.com | tcp |
| US | 54.218.50.215:443 | aws-us-west-2b-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | 73.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.32.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.95.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.161.241.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.50.218.54.in-addr.arpa | udp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 3.45.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| NL | 128.116.21.8:443 | lms.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| GB | 173.222.211.57:443 | setup.rbxcdn.com | tcp |
| GB | 173.222.211.57:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 57.211.222.173.in-addr.arpa | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| NL | 188.166.203.175:443 | brightcombid.marphezis.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| IE | 18.203.117.181:443 | ap.lijit.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| IE | 3.251.24.2:443 | ad.360yield.com | tcp |
| NL | 185.89.210.180:443 | ib.adnxs.com | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 181.117.203.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.24.251.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| NL | 128.116.21.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| GB | 18.165.242.53:443 | clientsettingscdn.roblox.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| GB | 173.222.211.57:443 | setup.rbxcdn.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 53.242.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| N/A | 127.0.0.1:60551 | tcp | |
| N/A | 127.0.0.1:60555 | tcp | |
| N/A | 127.0.0.1:58037 | tcp | |
| GB | 173.222.211.57:443 | setup.rbxcdn.com | tcp |
| GB | 173.222.211.57:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 23.102.129.60:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 60.129.102.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| NL | 188.166.203.175:443 | brightcombid.marphezis.com | tcp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| IE | 54.171.59.74:443 | ap.lijit.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| GB | 18.245.189.34:443 | aax.amazon-adsystem.com | tcp |
| IE | 52.208.45.33:443 | ad.360yield.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| GB | 18.245.189.34:443 | aax.amazon-adsystem.com | tcp |
| IE | 52.208.45.33:443 | ad.360yield.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | udp |
Files
memory/1956-0-0x0000000074E7E000-0x0000000074E7F000-memory.dmp
memory/1956-1-0x0000000000310000-0x0000000000428000-memory.dmp
memory/1956-2-0x0000000005370000-0x0000000005914000-memory.dmp
memory/1956-3-0x0000000004E60000-0x0000000004EF2000-memory.dmp
memory/1956-4-0x0000000004E40000-0x0000000004E4A000-memory.dmp
memory/1956-5-0x0000000074E70000-0x0000000075620000-memory.dmp
memory/1956-6-0x0000000074E70000-0x0000000075620000-memory.dmp
memory/1956-7-0x0000000074E7E000-0x0000000074E7F000-memory.dmp
memory/1956-8-0x0000000074E70000-0x0000000075620000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 27304926d60324abe74d7a4b571c35ea |
| SHA1 | 78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1 |
| SHA256 | 7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de |
| SHA512 | f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd |
\??\pipe\LOCAL\crashpad_1316_FPSOURQIIKACQROS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c25108dab7f2aa6c79fc564b95aa998 |
| SHA1 | b8265eab3c53bb321662159170ffdb52306690c2 |
| SHA256 | e452a4cf55986b50217c8d28e57d54f2d50ab286a30bc94bade41746c9068f78 |
| SHA512 | 58572378ca4e9a96a5dcd6c324f2e2762f2662bad78ddf896c6ce610adcfa1d9c08357320edc24e768468bc45e8e9b0a40ed0bd51d04ebf95c9d46a14899294a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9db9ae07da2e26b265067917645e490c |
| SHA1 | 505b82a0754cec2b87f79628543ceda3368d0ca4 |
| SHA256 | 38acae793ba832da377f741f352015ad74d453e5c7aab69a5c639c3ef6535d79 |
| SHA512 | abec3e9821a4341176196053cc7631034cdcb068db1cb49a376126a3715e92c13c7f7bebaa597050b02b8277241d7cf0bfe49f3c3ecee382d82b4481fcbe7342 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d129c4a2abf80475be3f58881aaac9a7 |
| SHA1 | f08556e716c7d952fcd06d494f147ce756b9553e |
| SHA256 | 19291ef4e71d15bffe404dc9157ea7e629e5ef4f48ec1c9dd387f72034d72cfd |
| SHA512 | 8c0855a3818166922d6c87ae708adfa915924da0712b0949ef0534b4d26ae03029d9d2094ec92b69735c4db38e5d9a2704b4f23bbe59706a9b318c99d36bd661 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | df9b14ad3ec736eafdcb81c660206151 |
| SHA1 | 574646d93b93a90bdecad1ddfcd3687c84058686 |
| SHA256 | c6fa8318c825a58d27a260b5e16be813f4459a92d4f9612f9909663bd5a9e1b8 |
| SHA512 | c6383a13884d884570721cf9aab3656fe1b5693f6a614bbd4e33b708c7741fd861a999bcb9c6f788e1abe4dc0111199575fe893252fa2a3cdc5779cfad340572 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b94db96cac6b4c1af53d6cc5381f47dd |
| SHA1 | c2b70c4a1718aa438c00956134e7c6c5e2eb01e6 |
| SHA256 | 432b0b14a03911363224d996525251ab11062afcceaff8c2d27585fc5d5fac79 |
| SHA512 | cf92eb3d68a35ae2e8d795df8ea0f78db912904dfbb4532f510b22a19976babfe1dd4ff25d54b6e03de8ebd23d154bdee44fb0ed54bc48d96bf7ad52b710e8d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 296c06901372be7881f18a7bb2979007 |
| SHA1 | 281c139c103e420ae0364fa47fbc3e0f121a940b |
| SHA256 | d5d5d4dde5c9ce561463c705ae40671dd108fb4cb36c57c31c845d7196d13cf8 |
| SHA512 | 3e0138657f4b8a28f71e0e99bd67022313d8dbf01f270832c473185039931ba0deb5135e9fab62547e694a047a1525c0f7497758a3036ac9ab113bf4966e5e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c8a83a6d2f32bbed4555deb52c3ed6f0 |
| SHA1 | 598d66d179dbdffded4ae289cf80addd354079fb |
| SHA256 | f526a9b6ed61b430da8852cba8fe8dec303581007400afa08a0cb968cf998a36 |
| SHA512 | 0c981fd88e6e63f0197edda398b914f446463195cf6f9a5501719168ebb93beb463f2006ab54f7af29fa0e6157e9e9deaa0ee24fbc74f8228db86aa292b55f4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c2cb9d594434d0b5e1f4ce7d25adf5fd |
| SHA1 | d06addae3bd6e510116d17b7e4629273fdb97ab3 |
| SHA256 | cd688bbd3362c401efb849d54b5ba0fd7f7c76ce203a74b6e09050ff05a07e4d |
| SHA512 | 105db8929c9a7749dac879adffb2020086f7c34a9a4db55533909c8072e795b763fc49173bac8a95b6aa6143e97bfc9eaed421e1dbd71c997757a83e4087fd9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ccba9a48d13e5f755e35738d8151640d |
| SHA1 | 4ceee44dcc5356aa1a287d000eae0f6a37ec645d |
| SHA256 | d43129b338c8bf3492587364a7f5c1edba05bf7eaf1a0118f42afa49ba10628c |
| SHA512 | fcce85e0616fc756dc8b9db5b97a86397e5d9f4c2c641c5a0d694d81d04d1e8ddb704ff9e3f3b927f102959f28aa2daaade4796583b60d6021e2ecb84eda1262 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7992ed2af12da84aef53081db1a112b4 |
| SHA1 | 2d929c9f1dbf6e26d5b9d115873e203d2c616485 |
| SHA256 | 269c1422820d8649b13f9f1c6f77ea35474853911809cf1fbfcd759c760ff689 |
| SHA512 | 1e03d8e540547be38690b2e881e4ab0f51cd9b8de63825c681880d33de5b3fbff86d55232ebad556e9a632068bcecc74587308daf0bfcaf3ebe9a5552b85126b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 63253ee4cc7e784e653952a141aadaa2 |
| SHA1 | 8a3f4c13925cfc71044606aa1a4815ecee825cea |
| SHA256 | 1a855f3f8c348038359268fc7a5f0a2edbf862e79a1c47d4a6aefd5fb7f997e1 |
| SHA512 | 012cfb7ec55e848182d32b2f8b4199753642c83041878a3b3f7e0f5acebfa5358da0e6820e78bf0fabd48135b771aa325fa51e87a1bbdcd01ce7f98b9b48f712 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c7edb01fd5e12fcd609d7fd2d05dda27 |
| SHA1 | 74ae1bebdac67de463f3043dbfdacb9a7891a7f1 |
| SHA256 | 1abb461531024db9fe7b728d44f6e49cd10189e9025d4704597ec8f35d0130a9 |
| SHA512 | cd655637216744bf5239408501df0faa5ef64ad18a600261c94b3a996a23740604cdef29dd0f6468e7272d021a2406cd36172f5d2382693fab0942329aa6b955 |
memory/1956-217-0x0000000009090000-0x00000000090E8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 78fabb7d7ee999ce7f5e82e3b84beeb9 |
| SHA1 | 8410a789b1d0aa1ba0e76d299988710f59f65a30 |
| SHA256 | 31220182ce9f6f3214ff6f2bdc48d9941ef53c04bde9898aa12a567fdaea7c8f |
| SHA512 | 66e247b06ef59acc41ed3f47707843c47b3f79503610595894bbce92cf6bbcb9bce32342a69a0e6c047af24886ddae619766c2b9fa5d50ceae48ccf6eb3c879f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 702b2bec3cf50dcea32ad63e4729a9ba |
| SHA1 | f7c853642677443cc1a145e08f885c0a2f183db2 |
| SHA256 | 8f3aabc1d67a21af9ce067ccbe040757dc7ee1aaf3f2d20f0fc516c0f736b04b |
| SHA512 | 0f5e4d6674453a390fc41b8a68479cb063816ec9b35f99b6a4913ade7424db8b3a9464d4cacca49d0a6241317960fc333707e56402822a8d988089af206e94d6 |
memory/1956-236-0x0000000006140000-0x000000000614C000-memory.dmp
memory/1956-237-0x0000000006150000-0x000000000615A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_3956_133692403292101493\python312.dll
| MD5 | 3c388ce47c0d9117d2a50b3fa5ac981d |
| SHA1 | 038484ff7460d03d1d36c23f0de4874cbaea2c48 |
| SHA256 | c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb |
| SHA512 | e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35 |
C:\Users\Admin\AppData\Local\Temp\onefile_3956_133692403292101493\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_socket.pyd
| MD5 | dc06f8d5508be059eae9e29d5ba7e9ec |
| SHA1 | d666c88979075d3b0c6fd3be7c595e83e0cb4e82 |
| SHA256 | 7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a |
| SHA512 | 57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\select.pyd
| MD5 | 92b440ca45447ec33e884752e4c65b07 |
| SHA1 | 5477e21bb511cc33c988140521a4f8c11a427bcc |
| SHA256 | 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3 |
| SHA512 | 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ssl.pyd
| MD5 | 5b9b3f978d07e5a9d701f832463fc29d |
| SHA1 | 0fcd7342772ad0797c9cb891bf17e6a10c2b155b |
| SHA256 | d568b3c99bf0fc35a1f3c5f66b4a9d3b67e23a1d3cf0a4d30499d924d805f5aa |
| SHA512 | e4db56c8e0e9ba0db7004463bf30364a4e4ab0b545fb09f40d2dba67b79b6b1c1db07df1f017501e074abd454d1e37a4167f29e7bbb0d4f8958fa0a2e9f4e405 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-3.dll
| MD5 | 19a2aba25456181d5fb572d88ac0e73e |
| SHA1 | 656ca8cdfc9c3a6379536e2027e93408851483db |
| SHA256 | 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006 |
| SHA512 | df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_wmi.pyd
| MD5 | 7ec3fc12c75268972078b1c50c133e9b |
| SHA1 | 73f9cf237fe773178a997ad8ec6cd3ac0757c71e |
| SHA256 | 1a105311a5ed88a31472b141b4b6daa388a1cd359fe705d9a7a4aba793c5749f |
| SHA512 | 441f18e8ce07498bc65575e1ae86c1636e1ceb126af937e2547710131376be7b4cb0792403409a81b5c6d897b239f26ec9f36388069e324249778a052746795e |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\onefile_3956_133692403292101493\_hashlib.pyd
| MD5 | eedb6d834d96a3dffffb1f65b5f7e5be |
| SHA1 | ed6735cfdd0d1ec21c7568a9923eb377e54b308d |
| SHA256 | 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2 |
| SHA512 | 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad |
C:\Users\Admin\AppData\Local\Temp\onefile_3956_133692403292101493\zstandard\backend_c.pyd
| MD5 | 0fc69d380fadbd787403e03a1539a24a |
| SHA1 | 77f067f6d50f1ec97dfed6fae31a9b801632ef17 |
| SHA256 | 641e0b0fa75764812fff544c174f7c4838b57f6272eaae246eb7c483a0a35afc |
| SHA512 | e63e200baf817717bdcde53ad664296a448123ffd055d477050b8c7efcab8e4403d525ea3c8181a609c00313f7b390edbb754f0a9278232ade7cfb685270aaf0 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_queue.pyd
| MD5 | 6e0cb85dc94e351474d7625f63e49b22 |
| SHA1 | 66737402f76862eb2278e822b94e0d12dcb063c5 |
| SHA256 | 3f57f29abd86d4dc8f4ca6c3f190ebb57d429143d98f0636ff5117e08ed81f9b |
| SHA512 | 1984b2fc7f9bbdf5ba66716fc60dcfd237f38e2680f2fc61f141ff7e865c0dbdd7cdc47b3bc490b426c6cfe9f3f9e340963abf428ea79eb794b0be7d13001f6a |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\charset_normalizer\md.pyd
| MD5 | d9e0217a89d9b9d1d778f7e197e0c191 |
| SHA1 | ec692661fcc0b89e0c3bde1773a6168d285b4f0d |
| SHA256 | ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0 |
| SHA512 | 3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\charset_normalizer\md__mypyc.pyd
| MD5 | bf9a9da1cf3c98346002648c3eae6dcf |
| SHA1 | db16c09fdc1722631a7a9c465bfe173d94eb5d8b |
| SHA256 | 4107b1d6f11d842074a9f21323290bbe97e8eed4aa778fbc348ee09cc4fa4637 |
| SHA512 | 7371407d12e632fc8fb031393838d36e6a1fe1e978ced36ff750d84e183cde6dd20f75074f4597742c9f8d6f87af12794c589d596a81b920c6c62ee2ba2e5654 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\unicodedata.pyd
| MD5 | 16be9a6f941f1a2cb6b5fca766309b2c |
| SHA1 | 17b23ae0e6a11d5b8159c748073e36a936f3316a |
| SHA256 | 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04 |
| SHA512 | 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b |
C:\Users\Admin\AppData\Local\Temp\onefile_3956_133692403292101493\_lzma.pyd
| MD5 | 05e8b2c429aff98b3ae6adc842fb56a3 |
| SHA1 | 834ddbced68db4fe17c283ab63b2faa2e4163824 |
| SHA256 | a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c |
| SHA512 | badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3 |
C:\Users\Admin\AppData\Local\Temp\onefile_3956_133692403292101493\_bz2.pyd
| MD5 | 223fd6748cae86e8c2d5618085c768ac |
| SHA1 | dcb589f2265728fe97156814cbe6ff3303cd05d3 |
| SHA256 | f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb |
| SHA512 | 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\certifi\cacert.pem
| MD5 | 181ac9a809b1a8f1bc39c1c5c777cf2a |
| SHA1 | 9341e715cea2e6207329e7034365749fca1f37dc |
| SHA256 | 488ba960602bf07cc63f4ef7aec108692fec41820fc3328a8e3f3de038149aee |
| SHA512 | e19a92b94aedcf1282b3ef561bd471ea19ed361334092c55d72425f9183ebd1d30a619e493841b6f75c629f26f28dc682960977941b486c59475f21cf86fff85 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd
| MD5 | bbd5533fc875a4a075097a7c6aba865e |
| SHA1 | ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00 |
| SHA256 | be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570 |
| SHA512 | 23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_tkinter.pyd
| MD5 | 1df0201667b4718637318dbcdc74a574 |
| SHA1 | fd44a9b3c525beffbca62c6abe4ba581b9233db2 |
| SHA256 | 70439ee9a05583d1c4575dce3343b2a1884700d9e0264c3ada9701829483a076 |
| SHA512 | 530431e880f2bc193fae53b6c051bc5f62be08d8ca9294f47f18bb3390dcc0914e8e53d953eee2fcf8e1efbe17d98eb60b3583bccc7e3da5e21ca4dc45adfaf4 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tcl86t.dll
| MD5 | 21dc82dd9cc445f92e0172d961162222 |
| SHA1 | 73bc20b509e1545b16324480d9620ae25364ebf1 |
| SHA256 | c2966941f116fab99f48ab9617196b43a5ee2fd94a8c70761bda56cb334daa03 |
| SHA512 | 3051a9d723fb7fc11f228e9f27bd2644ac5a0a95e7992d60c757240577b92fc31fa373987b338e6bc5707317d20089df4b48d1b188225ff370ad2a68d5ff7ba6 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tk86t.dll
| MD5 | 9fb68a0252e2b6cd99fd0cb6708c1606 |
| SHA1 | 60ab372e8473fad0f03801b6719bf5cccfc2592e |
| SHA256 | c6ffe2238134478d8cb1c695d57e794516f3790e211ff519f551e335230de7de |
| SHA512 | f5de1b1a9dc2d71ae27dfaa7b01e079e4970319b6424b44c47f86360faf0b976ed49dab6ee9f811e766a2684b647711e567cbaa6660f53ba82d724441c4ddd06 |
C:\Users\Admin\AppData\Local\Temp\onefile_3956_133692403292101493\zlib1.dll
| MD5 | 297e845dd893e549146ae6826101e64f |
| SHA1 | 6c52876ea6efb2bc8d630761752df8c0a79542f1 |
| SHA256 | 837efb838cb91428c8c0dfb65d5af1e69823ff1594780eb8c8e9d78f7c4b2fc1 |
| SHA512 | f6efef5e34ba13f1dfddacfea15f385de91d310d73a6894cabb79c2186accc186c80cef7405658d91517c3c10c66e1acb93e8ad2450d4346f1aa85661b6074c3 |
memory/5060-352-0x00007FFEBE550000-0x00007FFEBE57A000-memory.dmp
memory/2468-440-0x00007FFEBE190000-0x00007FFEBE1BA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\_cffi_backend.pyd
| MD5 | 0572b13646141d0b1a5718e35549577c |
| SHA1 | eeb40363c1f456c1c612d3c7e4923210eae4cdf7 |
| SHA256 | d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7 |
| SHA512 | 67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842 |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\_win32sysloader.pyd
| MD5 | 7cff63d632a7024e62db2a2bce9a1b24 |
| SHA1 | 6a0bc8add112cc66ee4fd1c907f2f7e49b6bd1cf |
| SHA256 | df8ba0c5b50ca3b5c0b3857f926118efbeb9744b8f382809858ba426bf4a2268 |
| SHA512 | 3fc02cb3bbd71b75bdc492dc2c89c9d59839aa484cfaff3fd6537ae8bb3427969cd9ef90978f5cb25a87af8d2cae96e2184fdc59115e947a05aa9e0378807227 |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\_elementtree.pyd
| MD5 | b479ed301e990690a30fc855e6b45f94 |
| SHA1 | 177b508a602c5662350dae853b5e9db1475908a7 |
| SHA256 | 0c488e6883a70cd54a71a9e28796f87ef6cc0d288260a965cbb24bf1d7309a20 |
| SHA512 | d410355bfe39a7666e7297d3654b0b8dd3919d4ae3bbf7d258acdf76276ecc3ba3718f09ba708e3103d367ea6d352e98b6de265e3746b973b421e0a68b8d37a8 |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\pyexpat.pyd
| MD5 | 5e911ca0010d5c9dce50c58b703e0d80 |
| SHA1 | 89be290bebab337417c41bab06f43effb4799671 |
| SHA256 | 4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b |
| SHA512 | e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5 |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\pythoncom312.dll
| MD5 | a2cc25338a9bb825237ef1653511a36a |
| SHA1 | 433ded40bab01ded8758141045e3e6658d435685 |
| SHA256 | 698b9b005243163c245bfa22357b383e107a1d21a8c420d2ef458662e410422f |
| SHA512 | 8d55d3f908e2407662e101238dacdbd84ae197e6e951618171deeac9cfb3f4cb12425212dbfd691a0b930da43e1a344c5004de7e89d3aec47e9063a5312fa74b |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\win32clipboard.pyd
| MD5 | 01c9936ead560347ebad0b628331d4d0 |
| SHA1 | 9242df0a2af96af6c921c70cef93ce7c77ac1784 |
| SHA256 | 716affdf4b3ae017d88cb52f7ada2a9b936e19a8362fe32bcfa1c44b9e418e86 |
| SHA512 | 6ff23c7205001471d779595635e26989c24a458c10a232f71bcec4082c89aa1bee9a5c1703a0edd7414c88a95d49fe588ae2c844bc423bcaacc9b40c34a955b3 |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\win32evtlog.pyd
| MD5 | e789d89b5dbdb33d2022cd7fb11c2b90 |
| SHA1 | 0839ee5cdf5b24264fb65ccbd32005ec683d81a9 |
| SHA256 | 7caa0a481e17cff16e1129628fef036101fedc06c843b9a39ee062c7c88d5b5d |
| SHA512 | 6a0ee3015a2825a75c92e285cd3346a657f57055e05bc40b961712e2ec1674e5bb9720ce48b957044d62483d39618612a757c23aa3f5a8680fc8e6fe2785f5b9 |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\PIL\_imagingft.pyd
| MD5 | 5fc0e5da57115cb24dd939d339676814 |
| SHA1 | f837b094781ccd14295deb3feace3a16522ed624 |
| SHA256 | bf914fe4affbaa43aa81e20e5c050a8082ed81ff36413aa6d7b28c1f17a36b6f |
| SHA512 | f9b31695a95165b82e4de0fa409154d42b05f8802a74677f8707a9b5552d124ccae73db0ec1d2fd6cb5fe66caf20cf27f91ae813a5ea4419bbd3d96718caabb2 |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\PIL\_imagingmath.pyd
| MD5 | 3ff6dd84e279e61656db569e9a7689fa |
| SHA1 | 58e828aee13d698fe99bbf2e45dc87b0aef41267 |
| SHA256 | 7f3530e6ce99582cb275be15bbc7be5e0bc3c1aeeabf1b6c3af09f9668f65284 |
| SHA512 | f433a7d58eef67ab2805b542c559a97736c3bcc67a2760efabb2eef80577ba4bd3cc5076294e5dbd219d1728d6293a0bb4e0a1b9ae4f8bb359835a41ffc09b76 |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\aiohttp\_http_writer.pyd
| MD5 | 298c09cdb73ccdbea4af7dfd8c3f4c6a |
| SHA1 | dde21d42bbad3a661d233885b3648b2324461880 |
| SHA256 | ee33769db55edd1c1081c97914559e4629446fd688b6de676eb12ad63c3ed48c |
| SHA512 | cecf679c7e4faf1d0c2be7b90252bc616557161dcc3cb7600f92bb9eb39eb2697520f787f6f1aed36ffd206990cd75b99178662cdd2f15a4ebd2b9224422532f |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\aiohttp\_http_parser.pyd
| MD5 | eb838f04e3f68266bf681800235f93be |
| SHA1 | 260a4caebee45a07cf5394a8fc8dbb76f3176344 |
| SHA256 | cd5463f593c4f0bb9fced6a868c449f237e2fba1a1cc8224b288c39674ce2bea |
| SHA512 | 4fe67a57e8cebf1c665b9b006f19baa8cd38f3a1f3c15cf60bb1dc92c26bb87564eb225a732e8babccdb1d375c5e49bf99850a3f23a9f2846f6485205282422d |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\aiohttp\_helpers.pyd
| MD5 | 46b9a0dc3c81fb53e6d3d0c0b665ad34 |
| SHA1 | 84dcf992d3d39ad118d799a6db241e264efe3a63 |
| SHA256 | 1fdae029896a54522f75291d2ce84a6b296bb0264ea8f2d2b9a46fbec16fee1e |
| SHA512 | 88424e43cda11d75feb4bb4af2a323c08feae4ac4251f5eee077fb62a9ced84632bc24c6523e6bd12a8a54b93160e510a631b30c725883149e61b10fbf5d84d5 |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\PIL\_webp.pyd
| MD5 | 89fb0bcc6336a7f70371f6780676c78d |
| SHA1 | 7448018e565afb73b4c8da63815526df23945c05 |
| SHA256 | d35b0433b128e9dbf900cac0f8f73e78735de717b46c8ca3bd15a94da135620d |
| SHA512 | e2498fa3a306a1a541d124471d2e776b8671441d71cb83a8ad5812e74f9342a25e2f67ea4ddb86ea48601db2dae8ff4ee0ed8ae44b16de0efdd30ae6745040ed |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\PIL\_imagingcms.pyd
| MD5 | 6a141b845c2b4144ed0dbc7f53ff6803 |
| SHA1 | 60b665279b562741d0289aa07b735d7af8f2b173 |
| SHA256 | a0bb33298dcc52da966f7a934c4838e32e20438eb8db929d4ad12fd042fd0922 |
| SHA512 | 99f992f09adbb3d6be9446a709c068faf5514bcfe05490c86d5c220974c8c0d06b2ed76ef055e997c755a9e916e1411fc4083a7f5c8d520cf2a46ec84cca5aeb |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\aiohttp\_websocket.pyd
| MD5 | 79d28e2d26261ab3615e91ca6c25d66d |
| SHA1 | 79bcf07bac4f6ae124fda93b5fb79fd7b99d5ac3 |
| SHA256 | b96f6d3509f8420020c21e5448617ace540454585f1f3ac0f0f82f46d40ecd18 |
| SHA512 | e29aaa2a809c062dfb6a0db5eb9b2e36ac142df4e132dffd04374f97cac955aeba853b78f21052699c9198832c6cae123042b26f77ddb986a4a80bb3d75ef0b2 |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\httptools\parser\url_parser.pyd
| MD5 | 60ce3acbf7943e051c8e5e44f95daecc |
| SHA1 | a70aa3a7a34bb6b5183b7b756328591eaefcb7dc |
| SHA256 | de0940893905c0d957b4d66f05c2a6f1a6e167577098cb16aef52d7d008bc71c |
| SHA512 | 572ab441179214fbae9a9c22f217ece224563f639793ae41a5fc14f9452990182bd342eaf56ff227ff65ec29eb30b1ae16b440c2d0afa0f6cb878cf1c8b86762 |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\httptools\parser\parser.pyd
| MD5 | 197a20d55b9e4e581d30b80e063313f0 |
| SHA1 | 2ec6246cf938af720bd297a79acf96e869c48bf9 |
| SHA256 | 45cf440b9f42ef54944ef77282574b44668f259a2d356f7ad53b6dfd61ac7d4b |
| SHA512 | 6ef2cb8f2a2c2b133b62c7695c38d40b5e66b3988f330599e2d5909b316fd62426db55f9e5c4543c40758657085b9d8690d29d54150d02c556c200f1aa9db041 |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\frozenlist\_frozenlist.pyd
| MD5 | d7193bea71087b94502c6b3a40120b04 |
| SHA1 | 51aa3825a885a528356ba339f599c557e9973ec3 |
| SHA256 | 886375bc6f0ff2bbd1e8280f8f1cb29c93f94b8e25b5076043cd796654c3a193 |
| SHA512 | c65cef39362a75814d40132f4f54f25f258c484dd011b12ae7051fa52865f025c960e4a3130c699b7eb1be375a3d2c3c3b733d6543338d7e40aad0488d305056 |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\multidict\_multidict.pyd
| MD5 | ab3685f651c7821bbf03baf1d436b617 |
| SHA1 | f6306217ecaf5fa1dc8c78260d02dd2716903316 |
| SHA256 | 1ef9e6eaff88cdcc0a32346b7b266a0e1d19716ecac07f16a189a7057ce971f9 |
| SHA512 | 08e4d615ce5f9c565d54a16b1f475b6ad746b5d8e7f17248d235b5acd474333036bb33671c887bb64794b56ec910af28efbb7bed8bdea2eddd4bcd81c1b1fb70 |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\yarl\_quoting_c.pyd
| MD5 | 44eb05d3c409e626ad417ed117068160 |
| SHA1 | dc0c4446e0601a2d341a09cda68ce6d2e466c040 |
| SHA256 | f306e375e186c011585dea2bc875530fb7d734861db388764a2aa307b1b68df3 |
| SHA512 | 51194721d5ed968d40394f784a4708e6282d7c28b45b387165ae44eb5798f58432e85f743f798dae2c79722c88f5e8bb61c31ea37110781aa2368c6b4a4a45a2 |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\yaml\_yaml.pyd
| MD5 | 55b11a967b77c25af37bd020db5fb3fe |
| SHA1 | 9449ace86d400d031833db471b6cf3a641de6457 |
| SHA256 | 087881df55b9fe1d90bd11f89b6c9516dfd20ac330e40f97dbcc188b0cb034e6 |
| SHA512 | 7bba1567792899108a26913c0e2114ee0ac92f88a4b821b9cedad6be47518fdea1e1999a25049f18869b0fed28fcdd8e69a11e865c16557509e4e2101930fcd3 |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\websockets\speedups.pyd
| MD5 | aeed28bc093d2134425b4547a4420bce |
| SHA1 | 4b73cd31ba8aa7ca4b9b69987ef9df9c749121d3 |
| SHA256 | 51a536d4ac626826b1536bc2f522d0410829acd47a0284babc849d501a25a330 |
| SHA512 | 92ab3fd601be9386e11d4a50b11616871426ec5dda957ac5510373b0d457dfe614d12195e1ac6499ebfa7f3330bbcec4017b802e401ecd8853c42932e0b55b4e |
C:\Users\Admin\AppData\Local\Temp\onefile_1196_133692403398556984\zstandard\_cffi.pyd
| MD5 | afa2b9e9c7153750794acfdf4bd0e416 |
| SHA1 | 19c521d35dcf6bc1546e11ece12904043be16fdb |
| SHA256 | 14db1d573f7ba8f41563bbc7cda6f1a46e5f86c1b7096d298593971a0b1c6c60 |
| SHA512 | 38e2ec7f45c6ac7cbc0d5ab7ca94ddf47fc72067507d699fa32f42aa8a4187579724645e45042929140c832c83457011ef83914e397d6f8713a6e018b2823c6b |
memory/3488-528-0x00007FFEBE190000-0x00007FFEBE1BA000-memory.dmp
memory/1936-616-0x00007FFEBE190000-0x00007FFEBE1BA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\_asyncio.pyd
| MD5 | 28d2a0405be6de3d168f28109030130c |
| SHA1 | 7151eccbd204b7503f34088a279d654cfe2260c9 |
| SHA256 | 2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d |
| SHA512 | b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0 |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\win32api.pyd
| MD5 | 3a80fea23a007b42cef8e375fc73ad40 |
| SHA1 | 04319f7552ea968e2421c3936c3a9ee6f9cf30b2 |
| SHA256 | b70d69d25204381f19378e1bb35cc2b8c8430aa80a983f8d0e8e837050bb06ef |
| SHA512 | a63bed03f05396b967858902e922b2fbfb4cf517712f91cfaa096ff0539cf300d6b9c659ffee6bf11c28e79e23115fd6b9c0b1aa95db1cbd4843487f060ccf40 |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\PIL\_imaging.pyd
| MD5 | ff0f2e5a156a73c3759fe19af09a18ef |
| SHA1 | d0b16481e537d981078afa091f7dc7f4da2b904d |
| SHA256 | b9e41e7137cfc7b873e96ada1c473babfd616d0ad7878221bb68c43b70190067 |
| SHA512 | 0077a54e105bb674f6f75187467ec15837ae1c6d00df3c708b4b1a0f4efe779c634dc2f9885b36e44c1a4f839e000ffd1a8666c23348dae19cf8b05c6182fcaa |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\win32process.pyd
| MD5 | e3ad93e6ef7b66887b2055b0951847d5 |
| SHA1 | 68ee4247077229ef117ac9b639ee12bf5fd6364b |
| SHA256 | 681875cdc970134c36f178b57b26cf279e72e2a80bc9f31a2f7740f2d6834b5d |
| SHA512 | f0c0cf1b75ce6e9ec8af50433fd35c1ccbb497654fef4606916ac430b438e51a1dd3d94b847f13d7dad85ea2a93813c0a1fc33808af0c1ccf621c87d25725e0f |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\win32gui.pyd
| MD5 | 4ee5cfb68e56a5ba61248ae92c60e8c0 |
| SHA1 | 50f064a2cb91284130f99637d2756ac07af85b01 |
| SHA256 | e3698280ff0c7769c1cdacf302688735cf4ab632989e1312d2a45747e79f5df2 |
| SHA512 | b173c595a8f7d66000ae5bf88abc7d411a5af01c5ac2ef73a162199f2f77404654a7f08a9e3e2f3319f5002459cbcb953311641af525f627e077ebeb7240dc4f |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\xxhash\_xxhash.pyd
| MD5 | f9c864d191ed68d70e32762e1fd202cd |
| SHA1 | 57c03e53f089a982b9b47f395e9bd35743b55358 |
| SHA256 | b3bb9549b73af9454daa84336bfa1e1b57ea0eb619dd7270c21051dda6d4520c |
| SHA512 | 2f597be2589de6fd2f685a020c374dcf7f36338a5f682c72d36617dfce11e284ebec82ebb901162335a774466e4657b6e82b3027b4d396d6d47473322e3c8fd5 |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\watchfiles\_rust_notify.pyd
| MD5 | 0e84842bd809a278fda8046707c6a41a |
| SHA1 | a8ed45fc64e5ae116a934afc24d2c6a98e5ab560 |
| SHA256 | 5399f94e7b32253749ff2ec0839ddb5f2e76c2bcf12416507411a52986098662 |
| SHA512 | 083c3f33a31fa7a43eda16f95053994f4ebb9ca9eb657deeb1e493a9c0874f2fa0faa95773c4a992b52d572e74c790bba776cd558981219d56f74a8b97cc6537 |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\pydantic_core\_pydantic_core.pyd
| MD5 | 690702355f29deaf8bad019fe8be4bd7 |
| SHA1 | fbd12b4934e0c7a0271eabbc45af2511b37193bc |
| SHA256 | 1f763dbdef13beadf8fc2e4abf4cfed64c3c458730484dfea53e2b12b1fb081e |
| SHA512 | e796e446c56222111e7a1b78d1e389b130d7406eaf66024acac8d57109f201298c93b9ccc3e09c4ccf9f60a4d75a59c417dd3919079dd56be832880aa73ac00d |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\psutil\_psutil_windows.pyd
| MD5 | 3e579844160de8322d574501a0f91516 |
| SHA1 | c8de193854f7fc94f103bd4ac726246981264508 |
| SHA256 | 95f01ce7e37f6b4b281dbc76e9b88f28a03cb02d41383cc986803275a1cd6333 |
| SHA512 | ee2a026e8e70351d395329c78a07acb1b9440261d2557f639e817a8149ba625173ef196aed3d1c986577d78dc1a7ec9fed759c19346c51511474fe6d235b1817 |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\pywintypes312.dll
| MD5 | 26d752c8896b324ffd12827a5e4b2808 |
| SHA1 | 447979fa03f78cb7210a4e4ba365085ab2f42c22 |
| SHA256 | bd33548dbdbb178873be92901b282bad9c6817e3eac154ca50a666d5753fd7ec |
| SHA512 | 99c87ab9920e79a03169b29a2f838d568ca4d4056b54a67bc51caf5c0ff5a4897ed02533ba504f884c6f983ebc400743e6ad52ac451821385b1e25c3b1ebcee0 |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\python3.dll
| MD5 | 79b02450d6ca4852165036c8d4eaed1f |
| SHA1 | ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4 |
| SHA256 | d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123 |
| SHA512 | 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416 |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\_uuid.pyd
| MD5 | 353e11301ea38261e6b1cb261a81e0fe |
| SHA1 | 607c5ebe67e29eabc61978fb52e4ec23b9a3348e |
| SHA256 | d132f754471bd8a6f6d7816453c2e542f250a4d8089b657392fe61a500ae7899 |
| SHA512 | fa990b3e9619d59ae3ad0aeffca7a3513ab143bfd0ac9277e711519010f7c453258a4b041be86a275f3c365e980fc857c23563f3b393d1e3a223973a673e88c5 |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\_overlapped.pyd
| MD5 | ba368245d104b1e016d45e96a54dd9ce |
| SHA1 | b79ef0eb9557a0c7fa78b11997de0bb057ab0c52 |
| SHA256 | 67e6ca6f1645c6928ade6718db28aff1c49a192e8811732b5e99364991102615 |
| SHA512 | 429d7a1f829be98c28e3dca5991edcadff17e91f050d50b608a52ef39f6f1c6b36ab71bfa8e3884167371a4e40348a8cda1a9492b125fb19d1a97c0ccb8f2c7b |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\_multiprocessing.pyd
| MD5 | a4281e383ef82c482c8bda50504be04a |
| SHA1 | 4945a2998f9c9f8ce1c078395ffbedb29c715d5d |
| SHA256 | 467b0fef42d70b55abf41d817dff7631faeef84dce64f8aadb5690a22808d40c |
| SHA512 | 661e38b74f8bfdd14e48e65ee060da8ecdf67c0e3ca1b41b6b835339ab8259f55949c1f8685102fd950bf5de11a1b7c263da8a3a4b411f1f316376b8aa4a5683 |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133692403509261604\_decimal.pyd
| MD5 | 3055edf761508190b576e9bf904003aa |
| SHA1 | f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890 |
| SHA256 | e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577 |
| SHA512 | 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248 |
memory/4408-704-0x00007FFEBE190000-0x00007FFEBE1BA000-memory.dmp
memory/3984-792-0x00007FFEBE190000-0x00007FFEBE1BA000-memory.dmp
memory/2080-880-0x00007FFEBE190000-0x00007FFEBE1BA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 31e8a76eef78a664b2578d9ccb1d4bf9 |
| SHA1 | c1c9db4fb559eccd62bb455182bacb0e6558ba84 |
| SHA256 | 815bb156eb228b7eed852ed5b8bedb69fa972da76191e9bbfd025891dca1ed1d |
| SHA512 | 32732fff5cbf5e306d57416c1429a6afd8a734c7b7df7f26a2e46c8e9d63710a1e45a7965cd2fe041fe3c6c226a89dbb173335d46d82e96c492ae70a2ac2d571 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cf9783e57f4a351ab9c4aaf5fd24a1e7 |
| SHA1 | efbef75611016de4ee90ce384da5323b461a49fd |
| SHA256 | 2b746c2153fa31eb12428c0a17898f19984a7697e77c27cfde3d07269cca98ee |
| SHA512 | b552f9cadfba071eaf82b513de842de10c48b7ed060a0da1ce0d9775cc1e5d06fa117afe97dd88aea542ec8bba4147f8fddd0f042d19a6d1192b88db3c4263aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 66ec9baaa27b2df9979cd35bf7455a0f |
| SHA1 | 1ed2b2ba420728446ec0df9581a27987eafc6f78 |
| SHA256 | 4ec6a742ead16fea252c5729e7eead4bf2bbb764b8e53fae90af92a9c3ec5500 |
| SHA512 | 3abf65931bdd008b20a2d90f9d4496df6d04864d55bb3d1f69b1a13a20a140b2fc5bdb7ff1f7a71b1a1a8d9bbde416b5d351135fbe46961fcafd5770e48f2357 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 46c06d372955cabe37c58c1db1627924 |
| SHA1 | a5b5852b145396d0e03cec2cfca4ccca46970a70 |
| SHA256 | e44856b5a74cacb9ca528c2a5ef4c6e2aee7d86674f21c11bbeb246a9f6beae1 |
| SHA512 | 296184706f93c8074901a0d36c6b7af71b04bfdf2c6553ca191791632a86429708de1c8582cdc41318cd82b09781a1f6f899b74e95706617a7b5a30031892c4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aa3ad1d7cd21f5182f9319e658411305 |
| SHA1 | 90fc611d4254bf0e0847fb2d30bc7341dadd2e0f |
| SHA256 | a927259408caa88dadf22632e0f83ebe9eeae618665317d818933db8859c7ce7 |
| SHA512 | b53ce239ca82ef7b5955685bf14fc0ee322d732cec1699c6cc5aaafae86e24026c216a88eda5207a77fb0f1f2b934486b22acb7318a6de427ea50b48d4a300da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 282657e876a9a216213292e6c6187055 |
| SHA1 | 7ce0a1d9b8dc5fde93abcc610257fb2103ebfda5 |
| SHA256 | 1c216a41ea92c4e60b46efda327ea916688f31bb9f1df624518b0804042206d2 |
| SHA512 | 6ad6c249519e9a5a996ebec69927d1eb0986c53c871d616504003cc9c521a5deacc20bbd114d895fa80619deda8da83eb1c3f7a0fa892a775d58405ef84bfefd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 235e21b54604fb37a8d22e11bc1c0b51 |
| SHA1 | 2b3ad31f17d2a5ff551db92661d5a3de69a5c694 |
| SHA256 | 6aa93250f8ce9a73b44dd2fa2b011610ca27ba62a48c790eb7f784b21eda78f1 |
| SHA512 | a66cc491d68c34c45a0f84108bb17462dab1bb33b91c0a1c9915501f4ce44cf4ec77157df0916bbe68e9eb8a34d1e8848eab6c11bbde4201b487e8b8d0030b83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a2183155f45bc6d1ba00282a8218f08d |
| SHA1 | 5775c7fb8460da0050e7cca4809d374d627985fd |
| SHA256 | 6813c8abda26917cd65b1b41bffa7256094b553c45c0d57eb60b00da0db2e48e |
| SHA512 | d2a951040023b74587473d0a684a3536cbb293ec6e773b36e33cf8496ffde3233ee2e974f5c2bf763af353f9d300b1ae69becffc6d14a60b5a4bc38641b30d6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ff03c187c5115acbc9fcd64a1505624 |
| SHA1 | 963d1b81fb8d2b4b47fad0a67bee91edf50bc039 |
| SHA256 | d977f09506cb6fa584fb08b545d875657c210db1169d1d0c6c88cb0b4824f1c5 |
| SHA512 | dc1fb0d8c574eddba75b5c49010ea50e8ef00637910c329380449356c62420077ec8f84b2a13debc79f347f6709526ff1ccf6525f8f78b21cc871c356ed21b87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | 2257803a7e34c3abd90ec6d41fd76a5a |
| SHA1 | f7a32e6635d8513f74bd225f55d867ea56ae4803 |
| SHA256 | af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174 |
| SHA512 | e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7c47e2abb85fd5426478e394a993b99d |
| SHA1 | 15146df8596b6d36abe07a6f226c04288b9b6705 |
| SHA256 | ef7c590d28fc84da41b0686e75a6a7bbd7015afcd20c499c4ce9076a8cd658c0 |
| SHA512 | d82479b3b42ea6f63f99d91c6ef2a260ad8bf47c6509e49d9205c1193839be518bee5171077833fc1a32731bfcf33a994bea6f0d5e5516f9228e43d1027b7631 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ebeba.TMP
| MD5 | df24ab01c8a57f518114f45f65fb9bc1 |
| SHA1 | 9786c203b9374150a4c84b900794599c34ca22b6 |
| SHA256 | c0ddf591a142e9df8535b390b8136aed06be70d9a222e0c3cc8800659a984e8d |
| SHA512 | 43cd4d9a4fdebe0dd71b998632426f617e3ffc4a6f3834e5d4a076eb0204b591b374444a36b139c7026c887c80eab39586f1eb20ca15382b5db6d3b046a00ab1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | e93848e7f29b9126e8c2ed6b0bc630a7 |
| SHA1 | 10c9807e351a13104c0ee913fe7002f6324199d6 |
| SHA256 | 4e857dc011248d1ccd8fcf8972714cccc44d7045e0b9dcc18e663b2d754e4bc6 |
| SHA512 | 54c9b845fef1dacf236f88e7a7de0d1b36a4a4bd20eb926d81ccb6a3f8e7ff78c04ea24fe757c677a2007249713dde30dbb18edefad38d0ad6888d61aa14fca7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
| MD5 | 681684b98337ff2d590ec8145f8f95d4 |
| SHA1 | a3d12dd3e20be6520c06bda3c188ab58478370e6 |
| SHA256 | 6ed6c1fd7cf2572a27b0de9b5797bda243394eef1cce39c5583b9aa8e9b6ca26 |
| SHA512 | 0743b836ce01b920723eb59e79ceffe2a068ec1dfb55523ac7850ebd9c432788677f0327c9ce8b27aa60d9d8e9294b08bdda53c20651f38f1cb0be073a859a2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | 8eff0b8045fd1959e117f85654ae7770 |
| SHA1 | 227fee13ceb7c410b5c0bb8000258b6643cb6255 |
| SHA256 | 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571 |
| SHA512 | 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 628ce839b7ca6c1b57c69d892425577b |
| SHA1 | 6125cc9f6f13d0d404c3896f75c378a60ffc4853 |
| SHA256 | 6b4e54f7460b7123eb3b0fcd6f921befe4388e34e3c68bddeb3487616239c638 |
| SHA512 | 2cc807318bb4d974cb6c71e8164050078ac1ce3933de46ead440349cd0ace09eff53f06d6572d1dece30b1b132749c4fd2de0f026add1d78d49e5a67bb2e432a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040
| MD5 | 6b04ab52540bdc8a646d6e42255a6c4b |
| SHA1 | 4cdfc59b5b62dafa3b20d23a165716b5218aa646 |
| SHA256 | 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d |
| SHA512 | 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057
| MD5 | 5e6f83cf268f0f61ebe3ff8c8bc8e8f4 |
| SHA1 | ca8e6a5fb11c6770ca15b4048423b026c2039cbd |
| SHA256 | 6c9c6cb5ba68bf49796f9264b2d55bbad19bd4f3c9959fa6a8de8535de273bf1 |
| SHA512 | 3a5ebb30c06ec163adaf5499ac6b237b9351ee697c0d4f361e1aef659dd33a7087b16886dad5288383e33850dd5b70f882dfef3170a48dab472d495b3953e312 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 19a3928e66f3d99256821c74031e1947 |
| SHA1 | 08a85904578fd955c4b5d14d8aacfc47099bd35e |
| SHA256 | 77d1e5595cb083b74750469dfd43e97c099def538e8dbf01b74d6aeb7b283ffc |
| SHA512 | 16ae3675b5433081db6d7841bf7cc226c04e096b0751a6ada8028aef4ac41e87cf67e2d047f76df1fa487efa14b69858236210804a149df4c9c878f85e44752d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | 67e30bbc30fa4e58ef6c33781b4e835c |
| SHA1 | 18125beb2b3f1a747f39ed999ff0edd5a52980ee |
| SHA256 | 1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba |
| SHA512 | 271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | e108cc3d1cf6dd5675e64f40ce87fa10 |
| SHA1 | 6fb4b6b9aba31ef89135c0f8d88ce83f8bc77e57 |
| SHA256 | dd2a649fd2ea6bd6af87a03b9d3c349e2c4945890ea6773ccb59943da5bc0222 |
| SHA512 | e4b61694779d95b8c784d49cedaf4cb735122f295a2bcdcda55a61180dd1d6cfa5d18512bb1190eb01d28fb3bb12f6ff95850ce7ddb6a89b419ee8ab13fd59e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 56e9a4a5fcc169a2ba5d506888a22811 |
| SHA1 | 3d670ca8adc3463937c10bcfb197eba9af3e1819 |
| SHA256 | ec37ab9b09e8d870dd294ff699423a51bcebf737d20288ffe6cca36a595943ca |
| SHA512 | 59c27d90ea9a226de5d8e333342cac99e2b08d89a2b0fcf562611d8c58a78fead87eceb8162c9274fd921eb1d2895afdbec50421f3c3b08665ad2f99c85b5596 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 3d921990b4729fc72d377dec588fd425 |
| SHA1 | 8b65f575bf82fc2389d90e095f37e1628c4ccde5 |
| SHA256 | c8e2509b7a95582f94fe5d30a2f33820a1a2351220347e8a03e4bf2244f25eab |
| SHA512 | e7c7c7a3fe996123ed40684fa205c632413f4e6d61eb616e8e2c0dcd8ceddd5fd679949ced783576491750b860c8efe9c006f816b4533ab1a5b0a8f17007a60d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 16d236b5c786e8013d1704f87b945efd |
| SHA1 | cef4df3078b0b19211347272284b30ac37a70533 |
| SHA256 | b96a07d23d2ef500026d58b5142af74af4da73f68443dd8e2ed6d2cad204aa1b |
| SHA512 | fe190238d3aaf4ca191fa200c8d14145aeebc95ac51b1bc2f1513071c1481282ef0f7058dcb8944b651cc217c196ee5178c0456eaf291cdc01de8cfa44b4ba38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | 7651b1187bb58ac4c7be625337b35e5b |
| SHA1 | 307d969ef4137a66fe2793737dc1c546587c7f43 |
| SHA256 | 0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968 |
| SHA512 | a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | da0932ac2265a80a595ec247da24ef76 |
| SHA1 | 7c8a7e1c1bef681f1a8cd6c5783e18ccdeb47531 |
| SHA256 | 0c109398b8feb4805643c2af56a59d3a4dca4bb52cdb2e21a3bc545830dadf94 |
| SHA512 | 6488c36f1b5544046b0a6563628e9ee2da59de80e4ac49c8ba2cba77b4cf47e10f32116cd67acb897629877c386a729278fa980306a5f7b8c5bc3da1de67efc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | 301ea2f3142454e9cbef2d4ba993ce00 |
| SHA1 | 77ad1e4eb9189296fb5ed3133e488005163efd36 |
| SHA256 | 95f398a423f5f0029d932f6f304bb46b071d3b27fd373c92579b815d32909304 |
| SHA512 | 3ab4ea72def2638ea52e4dfcaf8feb7e0e06a640fa11252e7169ea59b708f8f684f6baf289f0fad3d617999d6c87b3c7f30cb26900724991431f743ac23c89f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | 592a193443e50c2fee58aa2fdc26a324 |
| SHA1 | 4cd3a50beb62547bc7f1de816ae480a071bb8db5 |
| SHA256 | e1f6bcee8bda99ee1e162e9ac53af2bd1510e14bee56a8c01391fc64c756ec41 |
| SHA512 | 12d7a6f40d948d9289115f9cac584febf4a6c4a222c255e68704dd2ec50023091211ac9ac86623d16bf9de06dfcc391fcc6c1df41dd89332431d69fbca86673e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 618c8c64b6a5fb21aea06ba1c3907012 |
| SHA1 | 6f074e7452f897ea862ed7e2388866c9fcc1174f |
| SHA256 | a18cf46969f60903d8f72895d3aa25548e0064b37255bad5a84ba6cfd6990e9a |
| SHA512 | cd7a51cb04afae3fddb8a8dd2863f8bf0a4cd473e0ed35cecbb7e7ab59dd2590e4bbde804e503fd31a2b3307559cb49a30d6dd8ce6c183c0fb2eb7693b26eb50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | d6c2839990a382e7d8ecc7a6eba5c743 |
| SHA1 | 63c3b8976aefee0378796e7a7c41de783ab4f06d |
| SHA256 | 8e287c97289fbc126d17879c303e2fa7c1bbd37854afa5ee003b63ccfc3ca481 |
| SHA512 | 3297ca91769e30b073a3362cf181814120e5b518e936e32799919c9bd501e99bf01d4c0699e8bef2c42af967420d61f61fdee47e1f4cd5a09764b2be20a56010 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | a85641dbbc2e737f08a83875d8e7706e |
| SHA1 | 6e4acbef413babea2733c3c689ccfd7788e2091e |
| SHA256 | c274acf372114f67c76a61b7df530b657e371997ba617b000363342c0abaf3db |
| SHA512 | 9b967a390c47d29be598ea89691f9944927ce2335bd4f296402055b9432941707e2a22672e55d5d6684adf0f2e46506749585b51c53b05631e316065af3916c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 97a3bed6457d042c94c28ed74ec2d887 |
| SHA1 | 02ce7a6171fb1261fde13a8c7cbb58992e9d5299 |
| SHA256 | ae56cf83207570afbb8a6ab7cbc4128b37f859cb6f55661e69e97a3314c02f67 |
| SHA512 | 6c8cf955ec73ad9d97bbb36c7ce723bfa58c9aef849aa775ee64ce15afa70afb40e8cd45989dadec420d2e8edda9ec0f05cc76a0602df0b6c4e5d45de0f4ce7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | 775589dcf98a29397db7a07eb233a2f3 |
| SHA1 | 081cc08e5db6a98f838a5a3038a2c03cb3af7477 |
| SHA256 | 4b3d7fc807dcbd3088018906e12f69ac20c5780671bd698c36be48e6aa862ecb |
| SHA512 | b835a59df5a0bd8d521311d145aceb3222723e29bd1787b7c8a6512f62dc2746e164b1ace9d4d2c3bb5540935e9f9e1e6042139b3e5b4ba59beee4760969c423 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | c02fb8608ca04acde783da84c14e2af7 |
| SHA1 | 43596e7bdcb87062bb7a669bbcaa3fb499df8f52 |
| SHA256 | 355554c2fef2e9103e0c2d01f8d1ed5dfe958d4fa1630bc0dadf8e7d0e1885a6 |
| SHA512 | 4d4a341a671489c068e852acd507c659d288067b14735f8e67f04e2499c3152de401bb4c688a3b9a5697356f10912a2e653f1301d23e8c642a8f4f1ed6d9eab1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
| MD5 | 79cf44db94eb465700d65a45a527b379 |
| SHA1 | a9ea6a3d2b3a3a61bf80caa643b077dc7fc10787 |
| SHA256 | 78996e6ffff1656b85b4b50393b4a9f1133550694f87e66f9c2b937bc7dd2c4e |
| SHA512 | 7a2edf730c401e21b69b86528489adf587f4b830ceba0af2834bc7c69937e754c0a3e18ee9a174910391846a94394fc87bf927fb101fe899275bf072c804a519 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d
| MD5 | e40b67551b78389a92dc95137d7c41cc |
| SHA1 | 8717855ce162f0f1cb1fe1809a6392a68443d41c |
| SHA256 | d74fa61372625e53cab964cac5c36d1fa07c504c1eca8277d168927313c91987 |
| SHA512 | 622cd0caaacdc4c2b8109aed8ea096c2bbb450f74b3b42f43be40c65bf70778c097c37c6ae38d3171f983e3472cb22ea36a77f691b9abdf058d256660bdd2f25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cb76700b6c0e62ed_0
| MD5 | cd060a1bcf48d4bbc13304aee406b3c7 |
| SHA1 | 87b2a01fc9f0f98d779cb6e467556c37f9749cf0 |
| SHA256 | d1748bee639271c4be5a8070721d51c1cda0add953ee3e4a5f08a7bf76641c57 |
| SHA512 | 5c2f1ee96610d49defdc2d5c91a28f97c6bb56481649f5a470eb57ffd47ea9301cfe73c6c2548ff177712605cec187a56d3f06973a917ea65ec6d57a1fceacdc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041
| MD5 | c03ff64e7985603de96e7f84ec7dd438 |
| SHA1 | dfc067c6cb07b81281561fdfe995aca09c18d0e9 |
| SHA256 | 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526 |
| SHA512 | bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1392098935b62ec7c5ca43fc6198ba11 |
| SHA1 | a8dcc0e099725f37114749a36ea1586a9a0578da |
| SHA256 | b46e0476584d3f603d72f850dd4b45dc741578e681debebf7904672632f8985a |
| SHA512 | 251581231939492c150509d64827520a9a1882cb21940c07a93ed07d4deade5a71c8e6dbfd33e10461ced48f624dd366689eaf98e4aec5e41c6f537cb838c9a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cb837a8a891343f5_0
| MD5 | 95fd09cfd96273e526ba20e1a07e60bd |
| SHA1 | 1503e550c40661b8c81e6100474f8b6fb37f2b76 |
| SHA256 | 91c2cebc92889eb10c359c98d0c2c3282bbe6759ab5353661d637507316968dc |
| SHA512 | 396b2234f5302596a9dafa45591f9b07c91192fae4b73c22f2972ef131a4833fcac86a88060206a882f4f3be83be0f9d9737d5bd75ad846ced4e4758feedbec0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044
| MD5 | 9c6b5ce6b3452e98573e6409c34dd73c |
| SHA1 | de607fadef62e36945a409a838eb8fc36d819b42 |
| SHA256 | cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc |
| SHA512 | 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e3752cf14ceacb5b5e08fbeb826846b0 |
| SHA1 | 2a8ce8745a7d851ea49b0793b87868c6f79af4e1 |
| SHA256 | 6a2b297f1d5361f770f0cb48117dea83edbaa1c985dbb9f76e411754f6e3eab9 |
| SHA512 | bc7a7f11d6754d12907571d757dc021b334dea39bc467ff704d9abdb26fe0e77583e81bdfec0a520b7f215241a67d1b415a1785a1589d5188243dfe3fa9f011d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b1a82b3f5f139d5fd96d25c867eda9cb |
| SHA1 | 6ddf33fd729a0cda05e0edec6a0487f32fc1cb79 |
| SHA256 | 450fe825be9779d74605d6d8314d60e8860837c66a0022161900040f14776598 |
| SHA512 | 5c563adc5daaa38e3017c8e9408d19950c8612ab1fec478e4ce4fe820be5901da6e3795167a66b22047be0ed92c62f7fb1eae93f4d78635bf29987e28779af7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 55fe9e7f6a8f4a2b27e3852c2e64815f |
| SHA1 | 799870c27268f946e13851a2904806f7bced9db3 |
| SHA256 | f339b0500dcda1a6edcc5923fefb85d15429472adde2e482299fc56ea9f4ab6a |
| SHA512 | 7b6c20d42658e43e8d6cc6a31267318711e4238b52fa66f42503c02f576df02d1aa3886d91a9e7999ffd528fed98caf41726b176a16f72e13c43992dd55b6b76 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | beed6d8aafe228229a32f105d72e3574 |
| SHA1 | d353b81c0565dfee81baeb4c733176aa5709c00c |
| SHA256 | f390fedd32e3fa580bd62287bc275df779324ddd9a0686d57f7f5231aaa57401 |
| SHA512 | 8cfe7038c5c5fcf61f7d9198f16f1599274816f3d31eac2caff316956f43c80284390b4f5c78d01bc0460bdafc3117f6b0c47600cefa94fb9eb9965dc94e552c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9f5ad9da1a8045b0717ebf6e1b0c2d06 |
| SHA1 | 4a449e509a91712e2bc020c3a32d2c23d9dd3053 |
| SHA256 | f68503722fc25db5d15aaced9fc65d25bc78b701c1fa82618fb1bdf4d1c81a02 |
| SHA512 | 579cbeb9e4e74b97b8311f7d1f3db2d098a0b0e015917aaaef8d2de0ddad408f7dea5792009cc6b0196eebf757e452ee4cc9968e35de192cbdc48cc25a42de8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009f
| MD5 | 35e8d906652ee983dcc54bf56232a9a1 |
| SHA1 | 19aa78343788bb67e57962af018c08eee704db64 |
| SHA256 | 7dbb54d8efb04541592d0a2f2f20159c070f1de184754508dc2118f1c94c91e8 |
| SHA512 | bd043493b3b0f2e53dd806998a1a1001678c46ee3c034cb90fc6442af8d0edb9c24afda28e39c0da968ffd3c008a39991c5f8d4fd57868d7b0b20d5792b3b223 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 74c489252ff10684ae52cf6a9b44d26e |
| SHA1 | f127803aa7641cb1c78bd7cad12bd5e972acd1d4 |
| SHA256 | ca661e43fb08ed3cb472fa853d7f0b448ddaec0650804bf2ab9cdabb732e9250 |
| SHA512 | 5c5cf79d656c5646bc6f89ec31bc464138b7ba386fa057555df09685b74f126b229df49f35ee57b61a0fbe8161aec9d216798c88231440810cdd3e84fed66e15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f62ad2eb312cd011d6117899cc133c2a |
| SHA1 | 0ce560f73711ccbbe047d07f2fd18745e4b3e76f |
| SHA256 | ea7289043ac342778777d276806537bca0e287c81d126f92a1bdd0f16e354917 |
| SHA512 | ce80f59fbe60a908eec6aab6210d055dbb7f456e848b5500582e2b740518a775f586effe38086f2fa886d29c894a8f898fe159e26bdce07145002505dd8be03b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | e749b8e20ab055fcc6451d1f8784a768 |
| SHA1 | 7de638186c4a31cce9b33b931a1580b4c9d00d5a |
| SHA256 | 1be9fe96d4498c477764a82e1523f5e10d52630a1a17a45ba97eed117a4d7de0 |
| SHA512 | 6f6a33a0806ceafb5cf0c7421163fc26137e698b01eacebd031e93be06c4013a5bf3c4d7891416c5b09cf0fdd6ab570f45d98a7c7ad4a73ead8dabe29bf9ee15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5f9738.TMP
| MD5 | 9469eecb2d964aca731c85b8918a0cf6 |
| SHA1 | 1c29ab227e6ca3e4c742b0855a02eebdad95dc88 |
| SHA256 | 190e182b08cc0027bdd410cbe9c38222485a39900103bb1d3b6c0da0fe6c1dec |
| SHA512 | be4395ea2e112704cf576ab1721ea5781c62fa36ffc13f924338d89a96f5131416dcf4ba6d96604302019f0833a791036202e7645efe4d0f8c646e4964538f3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00017f
| MD5 | 588ee33c26fe83cb97ca65e3c66b2e87 |
| SHA1 | 842429b803132c3e7827af42fe4dc7a66e736b37 |
| SHA256 | bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760 |
| SHA512 | 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | e2896794670f13dd2d4d13b86817b168 |
| SHA1 | 58089c9c0955e754f116b29243b4c834e61e1570 |
| SHA256 | 7a47c8951a8a2f9d0d66faa65fcb8653970dc9c8e08cc26287f6a9c2ec7cde7a |
| SHA512 | 2a14bdee064c729f2cacc90ac8f599cd355c02c0bdfcf7a543e1cbfe8626f3629626d3132810eae3eebd4685d71b306c9de99baa86be950f3698e48fa376f578 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 049698c9f727b086f2ebad462bc05cea |
| SHA1 | 7761cf60e7cfc140acfee8cf818029fbd9065178 |
| SHA256 | 5aacc22ba0dd0eb486fc9ac1429a8c53f48cfe168cf69d60ec56c545ea9f62e4 |
| SHA512 | da768b38ab5475f17291f504c92b7328db96735d775e90d4e7dbb6fb37ee472c3fcde04483250d98984f9f78eed161f5a504dd201b73ae9d55390e336da75aeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c72ebd5382867a932d4dd9560adab4f1 |
| SHA1 | 36193ea542a78a043d3cc525684ec84071a3a0e2 |
| SHA256 | 0baed108f16e8860c50f3a77f88b171de12288d29d1eb9c35a746d551d97e9a3 |
| SHA512 | 55b52aab04579e58f592afe3f0ba80db57e68ec9bf624daba32577aafa632001224f6a7b10f0b3ef0c9572bd52187dfca134440f9402b8715c655740172f23e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a78058946e6ffe0393b6ea34eaa34686 |
| SHA1 | 126ec5e223226b00acec41007b789269fda55e39 |
| SHA256 | c614c269f2e523c78522112e78423ac1f95e3730f4836446ddf6ad04933518c0 |
| SHA512 | f676719ebdfe42f41a4a78148f07234fd32cce7e30135308b93008dca418d889b92eef7108b9dca76c0843fa395b4338c7ae77de47c78752aa2a829f8d474f75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\67ecbfefb7c24eae_0
| MD5 | 81424bfb3b80253d16157a0cca6d1bf1 |
| SHA1 | 5ff9c8a6b3dfa251108b98072b5d55017ce664ad |
| SHA256 | d6030b471fa164c2f9084621acb0bcab8ce047340b237e74f118d84828e3ed2d |
| SHA512 | 3dd12619ecec0971e24ac652bad87212218d73df1168065e2330a6cdaaad079edaa75c2e3a183169bc8eb7dfa465fde4ea1ce0ef08058a00ceacfca7a792c5b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\279bfbac38372be9_0
| MD5 | b561d3710f987533a3add8b7018bcd45 |
| SHA1 | 056e4b82743ac7114de22fe04ac30c3bacddfb13 |
| SHA256 | 2990bd12aae89f828c145b6dc07337d79a546f4f7a4bf138c0d75738977dade9 |
| SHA512 | 91957fe206dae7343a25ab443104cf3111048e6a9b130f68619846c2d7d73157e2c0a51e90c83beba18ef945ca4ef2165eb9d9302d54f549ce4c806ff4da244a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\42cd028cde7a7fb2_0
| MD5 | d079f763c32c61a190d7ad1b64f12fa3 |
| SHA1 | dfd33f4a5c2d559de7612707bf01825823db2941 |
| SHA256 | 382bde1bdac23c7364cc0d7886ba326cd41fcd8565dbec7064299f9b0dc9e4de |
| SHA512 | 870d4dc9c886490847f4975b624bcdec69845a13950076fd244186961b7fb535c487e796c90527459f17ffb822dcd236cbd77d98b098c176bc41c426fb1b6e25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\880227ac27ebc632_0
| MD5 | f6c795b936fecc622816b7c875c7a0d4 |
| SHA1 | b546aadc3684e3c835f6d17acdc7482e441d4fab |
| SHA256 | bc7dd4cc173c89ff1dcfb4903f999771f20e333d7469a479af00103f6bc5d34e |
| SHA512 | 40e97caaecd01aa24ea28b56e413e83235b73b9f57f12159ddb7b409069b378362708dd9883dab7094641b656bc3b9e6e880a67e829f6990f4c55bb9eab591eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1e4568132797b9c4_0
| MD5 | 4a6cc1423efd82520e7212954dacae4a |
| SHA1 | 68507acf671e3e90df57e95f1e53186a1a191fc5 |
| SHA256 | 6497bb0a6a9f3bd50d4000462d14d986fa457bc2f792dfd5c4a425ff61a85414 |
| SHA512 | c8be8150ce3991d78f2055aa2f90695bac32af059febfa074fb476846918afac25452ba1a02f8b5d6871b612b464be02c04c20631b0a55d2537c35fb2dfcbc0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\18612e061e2f61fc_0
| MD5 | f1619da9b9efb7f3c7dbe435f64cdd4a |
| SHA1 | 1c935fdd509eae2250ac7cc0c34733c65ad25d9f |
| SHA256 | 59df5bb9d5eb778552b9bae19db3451224bfdbf959938affc9c9ba394d5796f4 |
| SHA512 | 967c439f27566d1a4dd40e889e43721fdc5d3105928b8962bff67f3f806cfee7eaee3d5e2d0f23228b3b495705997d947aae9630422c0a60bcff0adc5cd1a49f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0ccede3da2fbb81d_0
| MD5 | a6a259c42d0c127fd60b170787d886a8 |
| SHA1 | cac35f1900ab9a4aecd068450ed432544d19cb69 |
| SHA256 | af0c2ceef5cb102da513d3b156ec3212ca433ac80c9ba004fce47678728756c1 |
| SHA512 | 16da9ebf56be2542246110a587d93d74731b00ae23e98ffedc090becd1f4f889c3118e7c7ab7a564e1a195e32dac9369ef7783b2fba4f600041c5b30a0ddfbc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0cda4a548053a098625d9cf0d9cda95c |
| SHA1 | f3e56a45c523b46807979ad45ca00f3492405543 |
| SHA256 | 2b5cb43ccd7cb1398aa988fe9067a2c2a81c1ebe30769864a1668de4ecdc4177 |
| SHA512 | d4ba10a158c4c0762c6c466c033d85206853c0acb8468c3cbc019a06072ee1774a0d17b031e153a2a47ee01b28f3942bc3c6b8d36ab4a579d229cafe70acefa7 |
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
| MD5 | 5b6171c8dbb01d6bff4fbe433ef7134e |
| SHA1 | 402261ab9ede4118da88e15a977e48b06138f9f8 |
| SHA256 | b693b5678a7ea4620b1a3959ecf9c4864fad30ce9e2b195433fef28c296aff72 |
| SHA512 | ab108c6890bc4ce5956bb019f339c07d0bca7a998ffe09015a177bc3575ff847f36fd2e1123c713d99131d60a4b27323db911a2bc9fba8b7339f98a2c340ee30 |
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | 0a4e6d7286b389e2fd93317e27d46585 |
| SHA1 | dcf0d769a94555ce60f1b367b2851477286366be |
| SHA256 | 5853f8b5333a0c7a4fa318e2da1400eb1bbd0a52dc22b5521002066f242a2ac9 |
| SHA512 | b859cac971f414b24ca53832cab53cc4a424b776923d7f7c2c167f2d60c5aefdd4d5aba255af2e1e3673396101b575bc77dedea3ea06060c962863d635b218c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 747fc9c7289f98e0c68d2ed2d805483e |
| SHA1 | e0ed4ee5349aa37890f3b4b83716fef6785199e2 |
| SHA256 | 3bdbe48120fdce4d2be17e3b3409a9e42cb265014a661da3e548826e87a465c6 |
| SHA512 | 774c0213dda8710e4159edaf782a4ff7fa61e6b3127aa87a67a390a290b5af58e7f734bca9040337cf2ff9f7acb0ebe7f985f7b65c8549a2ad2efed6027a4835 |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\2eaaec627d05c9a36db0a75f68c21272
| MD5 | 2eaaec627d05c9a36db0a75f68c21272 |
| SHA1 | 9c123e54b8fed65b0c768c1e248a3ae78964f625 |
| SHA256 | 18eaeff48f24edc79f4b81a3d5d74644ba8e57653c3ce0a30bc15df917964452 |
| SHA512 | cddd4bf4c19dfaf39e97b65ffb20094210e53aee9d48a6785e104d8d71de39ee8d9faac247100f5c867edc65294df546082de692ae7fb00a89c711e63cd36d5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 51dfd0984412a9faae51a890a55ca775 |
| SHA1 | 2e06904eb41b2c31f3c354a9077b03c7466cef46 |
| SHA256 | 39e5ded7a78a2926b0c97f614faa19d45567b21c554e19e7ee11008440319e0a |
| SHA512 | d0ac4f84728caacc8a0727ac4fe3d5de720b03c10baf4d3fece4d6cc2eb9cfd4d1ece1876da98def326333ea5370996b0125d112c604eec890c9f708540bd3b9 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 986511624413671752b6069c68dbf9bc |
| SHA1 | 273a9fc49f864939e3845e36fc83f065f7f685fb |
| SHA256 | 7e9ee2198f3abe1747c09ae4431fdf876cb7c88fac0938d7cfcbabc292054d20 |
| SHA512 | 34a45524d045b33ca021264eff703c391be7241a7b3fa577186ae70084e1ed3171fdbd4d1f1864dc8e799a7ffcccca5270ecffb8f4ee47249473c6e5f646ddf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0a1b604a17de4fba3129f8df3efb02b1 |
| SHA1 | fe8f418184404c2e2ad7a9bd26b990a9559bca9b |
| SHA256 | 0dbb8196f6cdd334f892bbe2bcc30f4a3b041cfc25f4be5822738cd782f73433 |
| SHA512 | 0872b0e7e2bef67377a2684f50347eb44830a5fade91dd991f042cd77f545401ee5cc48f5f4bd44094aa42f687854b1a5627b6a72f39e2ca0b3c5f14af46c201 |
memory/2136-3541-0x0000000000720000-0x0000000000755000-memory.dmp
memory/2136-3542-0x000000006D520000-0x000000006D730000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d5f1d077e7229840241c710573ee61aa |
| SHA1 | 93230ae2b8c519bf41b4b2fd576481f64f958d22 |
| SHA256 | 978edffe11c53856e50887c43296d6743876d661f85927bf6e68f7c603135e00 |
| SHA512 | 21d02160206b10177d45e07425f62df03cd620ae4c84922d84218452bb5a99abd45b8928ca5736d51c6572bcfc0740a608ded81832bfc9daa8b1f35228410c74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aa2d364138f4bb7514f50f65dc1951f0 |
| SHA1 | 0ca8b65a48626b761fe146322af31e817fa229e1 |
| SHA256 | 841fb795bc8302c6d791272ae07d279850e2add2fd88ccfc83646ef533d1f7d3 |
| SHA512 | 69c6df24f9fdc62efd95b07b1c5c836359200e5fc7312f2af7dbd6372b81a4f2572ba44a8152ab1ade91c3547d30f7db14c15158336d1dfd74016ab5cede1aff |
memory/2136-3584-0x000000006D520000-0x000000006D730000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 10fb500ba6ce02f02a987f4ab9d1fb53 |
| SHA1 | 06196471b234e341709eef6e78dd86e4a0d8e72e |
| SHA256 | bbc67f46602a21b43853808171062119fed824093c81f6d3e9aa7fc5bafcb82d |
| SHA512 | 0dc81bd647da4b7523cf40ee194e4f5d0382798bf70244217dbe5168524c686bf1a94d03a1528650097684d3e2b4de1554b4493a2c25b7feb22abe11f67093cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cb065217bc166caa24a036507c2b4928 |
| SHA1 | fec76195b2eed6d796ef85ca06f72a94c15f0fe6 |
| SHA256 | 00bef15c8a8f07be902ea30e80ac67b1a4ba114dcddb2e4c7b64f1c0cedb15e3 |
| SHA512 | d91042cbdba475f22726ad131a54c9a0ca4f4e6831208d21caacd3b92d992e45875b7ba26c0687c3dfe759352fb7833060ea785848f48e56595410b9e7831262 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d107180756072209ef7dfb3ec41d74d8 |
| SHA1 | 27da17f3b1742a30ad60c38c6eeacad5bfab9e9f |
| SHA256 | 241855d5c29d242914b0dfa00123faf3e218a3f23d723073ab502a3a07775dbb |
| SHA512 | c9b149bbd971b5b9dbedde86a1a040dbc615dceb50ea8dcd6656218fcb18173842af6b8742af4ed96a729cde5627135d303cab5f86ba06649b3d152c4412a142 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 586057263439f2b0fc9887755cb88060 |
| SHA1 | 4fe0050dd60776f347a9332ddd402da01d12a71a |
| SHA256 | bc6846351c5ca0f4ce9bbe23766d2eda65a014208b9d23245359d6a9a1576dc6 |
| SHA512 | ac15eb9be298efd3e14e65e1086b7699040ac9855348e3b5e1b53483c2fd72f582bbe549df3a8ab940951f257f28e7f5b0cc4a863c228ba6d307549b3c3b9098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a6cddaf23475a5be1c759def3e27d86c |
| SHA1 | aedd83d6f69b960d36a7f02a92d63486e9ba5718 |
| SHA256 | 1fddd42a0c5462d7e78a4a39997ee6aab69200f0e4b0ae69e52c45d47f7c36b3 |
| SHA512 | 924b3bbd6fa9dbc7f4f9bc2878f474fe3c50f72027790c57922cef5c2579ecae63de9cd8140ee856c69eb4e4959fc92a6af26d9edd0b0b229184afced616fba8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 626f594965a356053b5c0d20b5418e95 |
| SHA1 | 88d43c4f0dec574524b81a97b1cb6d85b3a86d8d |
| SHA256 | e53d750e7fa8d950bd9364c81c9cdb05c8663429f365c98bfcc44597be6331f7 |
| SHA512 | e9e9cb77ff97e7047814fa0501664b6605ae15c942760084b648242ef99d79bb00d5a993ecc428c045dac8735e8bf6ae309f3806d68dfc7d5053440763fcd0e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9fa58c42f3bd6e23503cc8d3bcd4e64d |
| SHA1 | a8a06273c1f422f0d8cd9cd2fe1270f66797aa73 |
| SHA256 | dd9b9cf791583e6bb751fedcc11c441234aefb4b090bb918a24deb9fd5bdbe93 |
| SHA512 | 67e5fbb835b9b1ef1d54fb4fe900548bf317dd0a927e70d506c99fc02a62ae15f039c055e83ec3d76802bb909cc87814d37d94bb1e382f382ae66e6def426d6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d1debd89f04b06099a596e2932344171 |
| SHA1 | 7033fc94f82e60f874b5a48d5df7c6e15485be68 |
| SHA256 | 31572c456894b31490adf783dca5f3e4b413fc6886546538ce372d38855c3d2c |
| SHA512 | 01d66c8c7e78bbbaa13fa25b88e6d440932d8e3281af608dafe7c9cb3e8905a87b3efbcb4731ab62e8b36c39c7bba21508056937f2ba3439ac3c636daaeb81d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8905e067d2103724c5388baa6c14caf0 |
| SHA1 | 7e8d516b07bcbc0d4b799d73df76c5b711a378d4 |
| SHA256 | 6b33ff4589dfbbd14f08caff4b593ce3bd473bee81e4791081162156c959f654 |
| SHA512 | 893c25ced1b42469c1d8db7148d27cfc0ff51e5b3e1fcb7051518f063983cc92755871d4c00259c1c108dead14739b48d036f462fc90b22b936df6e4c5a65909 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 18cb6c542bc57efecdd70d5c802346c5 |
| SHA1 | 9acbd17a3a8a6335f8609213ae2c0392754045f8 |
| SHA256 | 13a38763cc18c1d6aff822c4820e816d626a683700bea96af5995d4ee09e75e9 |
| SHA512 | cd53093f26f9c6c532e2fde293de44b89248cff9f81e4769ae8cb39480febf73fc5bfccffa451ff15dbf534d78bebdf5c8b39cabd4cc6a9fd64030d527d51b4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 97306e34800199c10692332b78cc8443 |
| SHA1 | 68b0d33252af7b0dd00a8a01ee7e835679d5153c |
| SHA256 | ce6e16284751d02d420d86fc1935d19331acf8ccc2e59f79359d56292ea1cb7c |
| SHA512 | 4d53e19aeb9530757df046829880c5b5e36e4c7a06890d0b43389e00ea9d1449523336e5d7b38e2ce9540108c80bad11f1751bdc8ce8fb59440818638c09704b |
memory/2136-3717-0x000000006D520000-0x000000006D730000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f72dfc30298d64ce4bf713e022585cb5 |
| SHA1 | 15cc78faf77e162822a441df13f612484e6cc082 |
| SHA256 | 7d9198953db11e9380a2d168f51349aa8c230ef655deb158d905e0ab47b921ab |
| SHA512 | cc42507726f2c36b30d1e512e3c3182bb786f169d1df5012e8f0db4dae8f3dc42bf43bbc62677df48e009c9728cdb00a6fbe4e48640e31b832f58358e53042a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cdd01ea277f2c0e9543578295c74d3c9 |
| SHA1 | 245c9abb7f2e9c7b09227873e014d444af800c9e |
| SHA256 | b02c2000355f5360586739516d38ceeeef10dc7c280d9e6c82617e84b9d5ba95 |
| SHA512 | f62a9f38e689f0e0e235eb16227fc77051d57827f53d9551b431efdbdfddf56a135c69ba2cc4115fac7406eba52f48108508bf7fa760a03ecdbc8d5c041c93eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8b9199a6240caff43aa6f03a740fc811 |
| SHA1 | 603762226792a6211ca5248b23ab9210b52f6110 |
| SHA256 | e3de1c1476a6478f48a2bb32f09038d56e3dd95a444f41e5e3d674154eb9848c |
| SHA512 | b0f764097d9ea8b7d102fd5e0d5a08ba02ae263068ab5643fa01534d55158c13d073dc152b8836482b4b2bf82674e870c5e5ac7ed2e97541eec97a31880c90e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fcaa52ba29a58d11d58bcdaf7c07fd1e |
| SHA1 | 29036a31a88b4d25142ee9eae7e63039efccded1 |
| SHA256 | 18c01861e5a4f32512d5c21fb002881c146334ffde6389a2d3cd4cf9d13ae08c |
| SHA512 | d85900f958361e4072ca27257bcc7021906639f55f0d77e0224468da856e2f606a919ad38b7e9f1dcc4edc1696e3716f3f29283ed438956ac995bfbc8225a478 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bc4c9b41a90972e5708953738c86acce |
| SHA1 | 37070b6b59868dd79428e5911eebc352ac6b2a16 |
| SHA256 | 84402f139ce0938fe0fdde37d311aebc86aa881d12f920e20e4156d0a383fe25 |
| SHA512 | 2ee25b4c44a06ae6a76781bfdd552c94d905cdaeb1a49b85c18c9af0613c356d860e74a89057b33fc2215f2e2e50391790a87b0914f3e7445f0436478fa7cf78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bd62b5c337992f5f48370b12d2c040e7 |
| SHA1 | dfa1f6558ead568ec3f4fbd44b0e5eafcecb2be4 |
| SHA256 | 28fb001ec6b588a3adb96587629801ec04287458535c6a983af3b1968de17e62 |
| SHA512 | 059d3ac6eaa6423e49cb69a12767079c851dd42fbb67bd2a332373a3260dc384cdb490fd933d6b91420cc82f1e70fad775bda8281d8eedb712ed80fa941ef00f |
Analysis: behavioral11
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:50
Platform
win7-20240708-en
Max time kernel
150s
Max time network
127s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
Processes
C:\Users\Admin\AppData\Local\Temp\Dreem\MasterInject.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\MasterInject.exe"
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:55
Platform
win7-20240708-en
Max time kernel
361s
Max time network
363s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_804_133692400906662000\main.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Dreem\Shaakey-idfk12-09d89e6\main.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_804_133692400906662000\main.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 804 wrote to memory of 1048 | N/A | C:\Users\Admin\AppData\Local\Temp\Dreem\Shaakey-idfk12-09d89e6\main.exe | C:\Users\Admin\AppData\Local\Temp\onefile_804_133692400906662000\main.exe |
| PID 804 wrote to memory of 1048 | N/A | C:\Users\Admin\AppData\Local\Temp\Dreem\Shaakey-idfk12-09d89e6\main.exe | C:\Users\Admin\AppData\Local\Temp\onefile_804_133692400906662000\main.exe |
| PID 804 wrote to memory of 1048 | N/A | C:\Users\Admin\AppData\Local\Temp\Dreem\Shaakey-idfk12-09d89e6\main.exe | C:\Users\Admin\AppData\Local\Temp\onefile_804_133692400906662000\main.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Dreem\Shaakey-idfk12-09d89e6\main.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\Shaakey-idfk12-09d89e6\main.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_804_133692400906662000\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\Shaakey-idfk12-09d89e6\main.exe
Network
Files
C:\Users\Admin\AppData\Local\Temp\onefile_804_133692400906662000\python312.dll
| MD5 | d521654d889666a0bc753320f071ef60 |
| SHA1 | 5fd9b90c5d0527e53c199f94bad540c1e0985db6 |
| SHA256 | 21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2 |
| SHA512 | 7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 14:00
Platform
win10v2004-20240802-en
Max time kernel
429s
Max time network
438s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dreem\CeleryIn.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 23.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| GB | 92.123.142.107:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 107.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 24.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:56
Platform
win10v2004-20240802-en
Max time kernel
413s
Max time network
430s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dreem\FastColoredTextBox.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:57
Platform
win7-20240705-en
Max time kernel
361s
Max time network
367s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dreem\MasterAPI.dll,#1
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:59
Platform
win7-20240729-en
Max time kernel
614s
Max time network
616s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_2716_133692400948102000\main.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_2716_133692400948102000\main.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2716 wrote to memory of 3012 | N/A | C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe | C:\Users\Admin\AppData\Local\Temp\onefile_2716_133692400948102000\main.exe |
| PID 2716 wrote to memory of 3012 | N/A | C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe | C:\Users\Admin\AppData\Local\Temp\onefile_2716_133692400948102000\main.exe |
| PID 2716 wrote to memory of 3012 | N/A | C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe | C:\Users\Admin\AppData\Local\Temp\onefile_2716_133692400948102000\main.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_2716_133692400948102000\main.exe
C:\Users\Admin\AppData\Local\Temp\Dreem\main.exe
Network
Files
C:\Users\Admin\AppData\Local\Temp\onefile_2716_133692400948102000\python312.dll
| MD5 | 3c388ce47c0d9117d2a50b3fa5ac981d |
| SHA1 | 038484ff7460d03d1d36c23f0de4874cbaea2c48 |
| SHA256 | c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb |
| SHA512 | e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35 |
Analysis: behavioral13
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:50
Platform
win7-20240704-en
Max time kernel
117s
Max time network
121s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Dreem\Menu.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Dreem\Menu.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\Menu.exe"
Network
Files
memory/2664-0-0x0000000074BBE000-0x0000000074BBF000-memory.dmp
memory/2664-1-0x0000000000A00000-0x0000000000A08000-memory.dmp
memory/2664-2-0x0000000074BB0000-0x000000007529E000-memory.dmp
memory/2664-3-0x0000000074BBE000-0x0000000074BBF000-memory.dmp
memory/2664-4-0x0000000074BB0000-0x000000007529E000-memory.dmp
Analysis: behavioral12
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:50
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
130s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
Processes
C:\Users\Admin\AppData\Local\Temp\Dreem\MasterInject.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\MasterInject.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:50
Platform
win10v2004-20240802-en
Max time kernel
141s
Max time network
131s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Dreem\Menu.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Dreem\Menu.exe
"C:\Users\Admin\AppData\Local\Temp\Dreem\Menu.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
memory/3372-0-0x00000000747AE000-0x00000000747AF000-memory.dmp
memory/3372-1-0x00000000002B0000-0x00000000002B8000-memory.dmp
memory/3372-2-0x0000000005280000-0x0000000005824000-memory.dmp
memory/3372-3-0x0000000004CD0000-0x0000000004D62000-memory.dmp
memory/3372-4-0x0000000004E60000-0x0000000004E6A000-memory.dmp
memory/3372-5-0x00000000747A0000-0x0000000074F50000-memory.dmp
memory/3372-6-0x00000000747AE000-0x00000000747AF000-memory.dmp
memory/3372-7-0x00000000747A0000-0x0000000074F50000-memory.dmp
Analysis: behavioral17
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:51
Platform
win7-20240704-en
Max time kernel
122s
Max time network
131s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Dreem\Scripts\Infinite Yeild.js"
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-08-27 13:46
Reported
2024-08-27 13:50
Platform
win7-20240705-en
Max time kernel
119s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Dreem\Scripts\Super Hero Tycoon.js"