Malware Analysis Report

2025-03-15 08:30

Sample ID 250223-wfw7wstmbw
Target http://example.com
Tags
banload defense_evasion discovery downloader dropper execution persistence spyware stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://example.com was found to be: Known bad.

Malicious Activity Summary

banload defense_evasion discovery downloader dropper execution persistence spyware stealer trojan upx

Banload

Banload family

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Blocklisted process makes network request

Creates new service(s)

Executes dropped EXE

Checks BIOS information in registry

Loads dropped DLL

Modifies file permissions

Reads user/profile data of web browsers

Network Service Discovery

Enumerates connected drives

Checks installed software on the system

Drops file in System32 directory

UPX packed file

Drops file in Windows directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

Launches sc.exe

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Views/modifies file attributes

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Kills process with taskkill

Suspicious behavior: LoadsDriver

Scheduled Task/Job: Scheduled Task

Modifies registry class

Uses Volume Shadow Copy service COM API

Modifies Internet Explorer settings

NTFS ADS

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-23 17:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-23 17:52

Reported

2025-02-23 18:10

Platform

win11-20250218-en

Max time kernel

371s

Max time network

865s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://example.com

Signatures

Banload

trojan dropper downloader banload

Banload family

banload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Creates new service(s)

persistence execution

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
N/A N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable_2.6.paf.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable_2.6.paf.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable_2.6.paf.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable_2.6.paf.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable_2.6.paf.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable_2.6.paf.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable_2.6.paf.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable_2.6.paf.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\SpybotPortable.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\SpybotPortable.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\SpybotPortable.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\SpybotPortable.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A

Network Service Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\is-F0USJ.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Windows\SysWOW64\is-12DJ7.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File opened for modification C:\Windows\System32\GroupPolicy C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
File opened for modification C:\Windows\SysWOW64\GroupPolicy\gpt.ini C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\SpywareBlaster\sbdatabase.dtb C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
File created C:\Program Files\Cloudflare\Cloudflare WARP\aws_lc_fips_0_12_10_crypto.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Cloudflare\Cloudflare WARP\aws_lc_fips_0_12_10_rust_wrapper.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\SpywareBlaster\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files\Cloudflare\Cloudflare WARP\warp-cli.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\SpywareBlaster\is-8KL9H.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files (x86)\SpywareBlaster\is-6IVNJ.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File opened for modification C:\Program Files (x86)\SpywareBlaster\chromeckdb.dtb C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
File created C:\Program Files\Cloudflare\Cloudflare WARP\warp_ipc.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\SpywareBlaster\is-M27PV.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files (x86)\SpywareBlaster\is-5JMAU.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files (x86)\SpywareBlaster\is-U645L.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files (x86)\SpywareBlaster\is-74T0S.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files (x86)\SpywareBlaster\is-RS923.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files (x86)\SpywareBlaster\is-1DVF9.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files (x86)\SpywareBlaster\is-R2LTS.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files\Cloudflare\Cloudflare WARP\warp-dex.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Cloudflare\Cloudflare WARP\wintun.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\SpywareBlaster\is-GVA7R.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files (x86)\SpywareBlaster\is-TSTSU.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File opened for modification C:\Program Files (x86)\SpywareBlaster\ckdatabase.dtb C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
File opened for modification C:\Program Files (x86)\SpywareBlaster\chromescdb.dtb C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
File created C:\Program Files (x86)\SpywareBlaster\is-M78VB.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File opened for modification C:\Program Files (x86)\SpywareBlaster\rsdatabase.dtb C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
File created C:\Program Files\Cloudflare\Cloudflare WARP\warp-diag.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\SpywareBlaster\dep\is-FCFTH.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files (x86)\SpywareBlaster\is-I8R0B.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files (x86)\SpywareBlaster\is-M9I61.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\SpywareBlaster\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files (x86)\SpywareBlaster\is-Q88TJ.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files (x86)\SpywareBlaster\is-9UB3V.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files (x86)\SpywareBlaster\is-MUC8D.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
File created C:\Program Files (x86)\SpywareBlaster\is-LHJJU.tmp C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e5d9a17.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9A9E.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{C69BD129-10F4-4332-A279-B754DE05A911} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCA9DE06CBCE040D61B7E6C0E313D4C8E2F\WixToolset.Dtf.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File created C:\Windows\SystemTemp\~DFC7AB152AC80A6DA4.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCA9DE06CBCE040D61B7E6C0E313D4C8E2F\RequestSender.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI676B.tmp-0\Warp.Installer.Actions.dll C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI9AFD.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCA68BD3185194C5A88D656F9EF9C7F66CA\Microsoft.Win32.TaskScheduler.resources.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\SFXCAADA352EFAD4D0C9B955F6A1BEE02C4A8\Microsoft.Win32.TaskScheduler.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI595D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5A88.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9AED.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9B1F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCA68BD3185194C5A88D656F9EF9C7F66CA\RequestSender.dll C:\Windows\SysWOW64\rundll32.exe N/A
File created C:\Windows\SystemTemp\~DF5D81C213D985497C.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF55D1B771AAA03824.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCAADA352EFAD4D0C9B955F6A1BEE02C4A8\WixToolset.Dtf.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File created C:\Windows\SystemTemp\~DF2A4D65D3C933EE81.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI59AC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5BE1.tmp-0\Newtonsoft.Json.dll C:\Windows\system32\rundll32.exe N/A
File created C:\Windows\SystemTemp\~DF63EFD34546708156.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI676B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCA9DE06CBCE040D61B7E6C0E313D4C8E2F\CustomAction.config C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\e5d9a10.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9CD7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAC1E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI69CD.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{09B66760-FE2C-426F-852E-296E112C2DB4}\icon.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF2E96A6FD7FAC738C.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9BEC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9F2C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCAADA352EFAD4D0C9B955F6A1BEE02C4A8\RequestSender.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\SFXCAADA352EFAD4D0C9B955F6A1BEE02C4A8\CustomAction.config C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI676B.tmp-0\Common.dll C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI5BE1.tmp-0\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9A8D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9D07.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5d9a14.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCAADA352EFAD4D0C9B955F6A1BEE02C4A8\Microsoft.Win32.TaskScheduler.resources.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI676B.tmp-0\CustomAction.config C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI6C5F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9B0E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCA68BD3185194C5A88D656F9EF9C7F66CA\Microsoft.Win32.TaskScheduler.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI9D27.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCA9DE06CBCE040D61B7E6C0E313D4C8E2F\Microsoft.Win32.TaskScheduler.resources.dll C:\Windows\SysWOW64\rundll32.exe N/A
File created C:\Windows\Installer\e5d9a15.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5BE1.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{09B66760-FE2C-426F-852E-296E112C2DB4}\icon.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCA68BD3185194C5A88D656F9EF9C7F66CA\WixToolset.Dtf.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI9B7D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFDD638D8AECBE9200.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFFF32223B3469DB10.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5d9a15.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{09B66760-FE2C-426F-852E-296E112C2DB4} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5BE1.tmp-0\Common.dll C:\Windows\system32\rundll32.exe N/A
File created C:\Windows\Installer\e5d9a10.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCA68BD3185194C5A88D656F9EF9C7F66CA\CustomAction.config C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSIA8E1.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5BE1.tmp-0\CustomAction.config C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI676B.tmp-0\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\system32\rundll32.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\HiJackThis.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\spywareblastersetup55.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Let's Compress.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\SpybotPortable_2.6.paf.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDScan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\spywareblastersetup55.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Let's Compress.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SpybotPortable_2.6.paf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SpybotPortable\SpybotPortable.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\HiJackThis.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a5400205d534eb680000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a54002050000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900a5400205000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1da5400205000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a540020500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A

Kills process with taskkill

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C74190B6-8589-11D1-B16A-00C0F0283628} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C74190B6-8589-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8E3867A3-8586-11D1-B16A-00C0F0283628}\AlternateCLSID = "{585AA280-ED8B-46B2-93AE-132ECFA1DAFC}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{627C8B79-918A-4C5C-9E19-20F66BF30B86}\AlternateCLSID = "{585AA280-ED8B-46B2-93AE-132ECFA1DAFC}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1EFB6596-857C-11D1-B16A-00C0F0283628}\AlternateCLSID = "{9A948063-66C3-4F63-AB46-582EDAA35047}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{35053A22-8589-11D1-B16A-00C0F0283628} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2C247F23-8591-11D1-B16A-00C0F0283628}\AlternateCLSID = "{556C2772-F1AD-4DE1-8456-BD6E8F66113B}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{627C8B79-918A-4C5C-9E19-20F66BF30B86} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{979127D3-7D01-4FDE-AF65-A698091468AF}\AlternateCLSID = "{CCDB0DF2-FD1A-4856-80BC-32929D8359B7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2B11E9B0-9F09-11D0-9484-00A0C91110ED} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DD9DA666-8594-11D1-B16A-00C0F0283628}\AlternateCLSID = "{87DACC48-F1C5-4AF3-84BA-A2A72C2AB959}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F08DF954-8592-11D1-B16A-00C0F0283628} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{7DC6F291-BF55-4E50-B619-EF672D9DCC58} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E}\AlternateCLSID = "{95F0B3BE-E8AC-4995-9DCA-419849E06410}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\AlternateCLSID = "{1EAC2F2A-251F-4BA8-8617-99A8DD715453}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DD9DA666-8594-11D1-B16A-00C0F0283628} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F91CAF91-225B-43A7-BB9E-472F991FC402} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{979127D3-7D01-4FDE-AF65-A698091468AF} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{35053A22-8589-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F08DF954-8592-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F91CAF91-225B-43A7-BB9E-472F991FC402}\AlternateCLSID = "{556C2772-F1AD-4DE1-8456-BD6E8F66113B}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\AlternateCLSID = "{CCDB0DF2-FD1A-4856-80BC-32929D8359B7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{627C8B79-918A-4C5C-9E19-20F66BF30B86}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1EFB6596-857C-11D1-B16A-00C0F0283628} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\AlternateCLSID = "{D606EEC9-8368-4F10-88DB-BF5563EC36F6}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{7DC6F291-BF55-4E50-B619-EF672D9DCC58}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2C247F23-8591-11D1-B16A-00C0F0283628} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{7DC6F291-BF55-4E50-B619-EF672D9DCC58}\AlternateCLSID = "{8B2ADD10-33B7-4506-9569-0A1E1DBBEBAE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{996BF5E0-8044-4650-ADEB-0B013914E99C} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{66833FE6-8583-11D1-B16A-00C0F0283628} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2C247F23-8591-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6D835690-900B-11D0-9484-00A0C91110ED} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{35053A22-8589-11D1-B16A-00C0F0283628}\AlternateCLSID = "{A0E7BF67-8D30-4620-8825-7111714C7CAB}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{66833FE6-8583-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{66833FE6-8583-11D1-B16A-00C0F0283628}\AlternateCLSID = "{8B2ADD10-33B7-4506-9569-0A1E1DBBEBAE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C74190B6-8589-11D1-B16A-00C0F0283628}\AlternateCLSID = "{95F0B3BE-E8AC-4995-9DCA-419849E06410}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6D835690-900B-11D0-9484-00A0C91110ED}\AlternateCLSID = "{7E96FC67-468E-4E70-B246-D42078DD2361}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{996BF5E0-8044-4650-ADEB-0B013914E99C}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{979127D3-7D01-4FDE-AF65-A698091468AF}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F08DF954-8592-11D1-B16A-00C0F0283628}\AlternateCLSID = "{0B314611-2C19-4AB4-8513-A6EEA569D3C4}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8E3867A3-8586-11D1-B16A-00C0F0283628} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{24B224E0-9545-4A2F-ABD5-86AA8A849385}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6D835690-900B-11D0-9484-00A0C91110ED}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F91CAF91-225B-43A7-BB9E-472F991FC402}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{24B224E0-9545-4A2F-ABD5-86AA8A849385} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{996BF5E0-8044-4650-ADEB-0B013914E99C}\AlternateCLSID = "{CCDB0DF2-FD1A-4856-80BC-32929D8359B7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{24B224E0-9545-4A2F-ABD5-86AA8A849385}\AlternateCLSID = "{9A948063-66C3-4F63-AB46-582EDAA35047}" C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Safer Networking Limited\Localization\C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\ = "en_IE" C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Safer Networking Limited\Localization\C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\ = "en_IE" C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDScan.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Safer Networking Limited\Localization C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
Key created \REGISTRY\USER\.DEFAULT C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Safer Networking Limited C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Safer Networking Limited\Localization\ C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Safer Networking Limited\Localization C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDScan.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{24B224E0-9545-4A2F-ABD5-86AA8A849385}\MiscStatus\1\ = "131473" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ProgCtrl C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FED-8583-11D1-B16A-00C0F0283628} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F91CAF91-225B-43A7-BB9E-472F991FC402}\ToolboxBitmap32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F91CAF91-225B-43A7-BB9E-472F991FC402}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{627C8B79-918A-4C5C-9E19-20F66BF30B86}\CONTROL C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\lxSffdZrpjp\ = "_`wB|iP" C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSSTDFMT.StdDataFormats\CLSID\ = "{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0B314611-2C19-4AB4-8513-A6EEA569D3C4}\Programmable C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F22-8591-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\lxSffdZrpjp\ = "_gM}]O@" C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl\CLSID\ = "{95F0B3BE-E8AC-4995-9DCA-419849E06410}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{24B224E0-9545-4A2F-ABD5-86AA8A849385}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{556C2772-F1AD-4DE1-8456-BD6E8F66113B}\VersionIndependentProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageComboCtl\CurVer C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99FF4676-FFC3-11D0-BD02-00C04FC2FB86}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{24B224E0-9545-4A2F-ABD5-86AA8A849385}\VersionIndependentProgID\ = "MSComctlLib.TabStrip" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7DC6F291-BF55-4E50-B619-EF672D9DCC58}\ProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{627C8B79-918A-4C5C-9E19-20F66BF30B86}\Version\ = "2.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0B314611-2C19-4AB4-8513-A6EEA569D3C4}\ProgID\ = "MSComctlLib.Slider.2" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA660-8594-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7DC6F291-BF55-4E50-B619-EF672D9DCC58}\ToolboxBitmap32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\{5C321E34-4206-13D1-B2E4-0060975B8649}\bgyxwhiefeT\ = "[kA[dB^Y\\IM`hHjIfVzernEmjzT" C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CCDB0DF2-FD1A-4856-80BC-32929D8359B7}\MiscStatus C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}\2.1\HELPDIR\ C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B8-8589-11D1-B16A-00C0F0283628}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F08DF952-8592-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9A948063-66C3-4F63-AB46-582EDAA35047} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\ProgID\ = "MSComctlLib.ProgCtrl.2" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD9DA660-8594-11D1-B16A-00C0F0283628}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\Version C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\MiscStatus C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSSTDFMT.StdDataFormats.1\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99FF4676-FFC3-11D0-BD02-00C04FC2FB86}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{87DACC48-F1C5-4AF3-84BA-A2A72C2AB959}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95F0B3BE-E8AC-4995-9DCA-419849E06410}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.Slider.2\CLSID\ = "{F08DF954-8592-11D1-B16A-00C0F0283628}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A0E7BF67-8D30-4620-8825-7111714C7CAB}\ToolboxBitmap32\ = "C:\\Windows\\SysWow64\\MSCOMCTL.OCX, 17" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8A3DC00-8593-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA660-8594-11D1-B16A-00C0F0283628}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{979127D3-7D01-4FDE-AF65-A698091468AF} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TabStrip.2 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{585AA280-ED8B-46B2-93AE-132ECFA1DAFC}\Version\ = "2.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\Version\ = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\VersionIndependentProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl\CurVer C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\ = "ITreeView" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA662-8594-11D1-B16A-00C0F0283628}\ = "IComboItems" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E}\ProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A0E7BF67-8D30-4620-8825-7111714C7CAB}\ProgID\ = "MSComctlLib.ProgCtrl.2" C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies system certificate store

defense_evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\SpybotPortable_2.6.paf.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\netspeedmonitor_2_5_4_0_x64_setup.msi:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\ProgramData\TEMP:5C321E34 C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
File opened for modification C:\ProgramData\TEMP:5C321E34 C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A
File opened for modification C:\Users\Admin\Downloads\Let's Compress.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\HiJackThis.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\1111_with_WARP_V2024.12.760.0.msi:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\spywareblastersetup55.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\ProgramData\TEMP:5C321E34 C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4028 wrote to memory of 2956 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4028 wrote to memory of 2956 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4028 wrote to memory of 2956 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4452 wrote to memory of 3380 N/A C:\Users\Admin\Downloads\Let's Compress.exe C:\Windows\SysWOW64\msiexec.exe
PID 4452 wrote to memory of 3380 N/A C:\Users\Admin\Downloads\Let's Compress.exe C:\Windows\SysWOW64\msiexec.exe
PID 4452 wrote to memory of 3380 N/A C:\Users\Admin\Downloads\Let's Compress.exe C:\Windows\SysWOW64\msiexec.exe
PID 4028 wrote to memory of 3284 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4028 wrote to memory of 3284 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4028 wrote to memory of 3284 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3284 wrote to memory of 4548 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\rundll32.exe
PID 3284 wrote to memory of 4548 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\rundll32.exe
PID 3284 wrote to memory of 4548 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\rundll32.exe
PID 3284 wrote to memory of 3568 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\rundll32.exe
PID 3284 wrote to memory of 3568 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\rundll32.exe
PID 3284 wrote to memory of 3568 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\rundll32.exe
PID 3284 wrote to memory of 5784 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\rundll32.exe
PID 3284 wrote to memory of 5784 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\rundll32.exe
PID 3284 wrote to memory of 5784 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\rundll32.exe
PID 5176 wrote to memory of 5484 N/A C:\Users\Admin\Downloads\SpybotPortable_2.6.paf.exe C:\Users\Admin\Downloads\SpybotPortable\SpybotPortable.exe
PID 5176 wrote to memory of 5484 N/A C:\Users\Admin\Downloads\SpybotPortable_2.6.paf.exe C:\Users\Admin\Downloads\SpybotPortable\SpybotPortable.exe
PID 5176 wrote to memory of 5484 N/A C:\Users\Admin\Downloads\SpybotPortable_2.6.paf.exe C:\Users\Admin\Downloads\SpybotPortable\SpybotPortable.exe
PID 5484 wrote to memory of 5396 N/A C:\Users\Admin\Downloads\SpybotPortable\SpybotPortable.exe C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe
PID 5484 wrote to memory of 5396 N/A C:\Users\Admin\Downloads\SpybotPortable\SpybotPortable.exe C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe
PID 5484 wrote to memory of 5396 N/A C:\Users\Admin\Downloads\SpybotPortable\SpybotPortable.exe C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe
PID 5860 wrote to memory of 5240 N/A C:\Users\Admin\Downloads\HiJackThis.exe C:\Windows\system32\bitsadmin.exe
PID 5860 wrote to memory of 5240 N/A C:\Users\Admin\Downloads\HiJackThis.exe C:\Windows\system32\bitsadmin.exe
PID 5396 wrote to memory of 4456 N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDScan.exe
PID 5396 wrote to memory of 4456 N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDScan.exe
PID 5396 wrote to memory of 4456 N/A C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDScan.exe
PID 4028 wrote to memory of 3340 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 4028 wrote to memory of 3340 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 4028 wrote to memory of 5644 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4028 wrote to memory of 5644 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4028 wrote to memory of 5644 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4028 wrote to memory of 1920 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 4028 wrote to memory of 1920 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 1920 wrote to memory of 1036 N/A C:\Windows\System32\MsiExec.exe C:\Windows\system32\rundll32.exe
PID 1920 wrote to memory of 1036 N/A C:\Windows\System32\MsiExec.exe C:\Windows\system32\rundll32.exe
PID 1920 wrote to memory of 1988 N/A C:\Windows\System32\MsiExec.exe C:\Windows\system32\rundll32.exe
PID 1920 wrote to memory of 1988 N/A C:\Windows\System32\MsiExec.exe C:\Windows\system32\rundll32.exe
PID 1988 wrote to memory of 3948 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\sc.exe
PID 1988 wrote to memory of 3948 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\sc.exe
PID 1988 wrote to memory of 5680 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\sc.exe
PID 1988 wrote to memory of 5680 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\sc.exe
PID 1988 wrote to memory of 3268 N/A C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1988 wrote to memory of 3268 N/A C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1988 wrote to memory of 3352 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\sc.exe
PID 1988 wrote to memory of 3352 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\sc.exe
PID 1988 wrote to memory of 5572 N/A C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1988 wrote to memory of 5572 N/A C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 2504 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4028 wrote to memory of 2504 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4028 wrote to memory of 2504 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4028 wrote to memory of 5148 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe
PID 4028 wrote to memory of 5148 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe
PID 4364 wrote to memory of 3640 N/A C:\Users\Admin\Downloads\spywareblastersetup55.exe C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp
PID 4364 wrote to memory of 3640 N/A C:\Users\Admin\Downloads\spywareblastersetup55.exe C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp
PID 4364 wrote to memory of 3640 N/A C:\Users\Admin\Downloads\spywareblastersetup55.exe C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp
PID 3640 wrote to memory of 3456 N/A C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\InfoForSetup.exe
PID 3640 wrote to memory of 3456 N/A C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\InfoForSetup.exe
PID 3640 wrote to memory of 3456 N/A C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\InfoForSetup.exe
PID 3640 wrote to memory of 5404 N/A C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 5404 N/A C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 5404 N/A C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\attrib.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://example.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --always-read-main-dll --field-trial-handle=5260,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=3776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --always-read-main-dll --field-trial-handle=3892,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --always-read-main-dll --field-trial-handle=5396,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=5636,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=5752 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --string-annotations --always-read-main-dll --field-trial-handle=5756,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6200,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --always-read-main-dll --field-trial-handle=6172,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=1832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=6176,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --string-annotations --always-read-main-dll --field-trial-handle=5900,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --always-read-main-dll --field-trial-handle=6564,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --always-read-main-dll --field-trial-handle=5792,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --always-read-main-dll --field-trial-handle=6732,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --always-read-main-dll --field-trial-handle=6584,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=6876,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6756 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=6876,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6756 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --always-read-main-dll --field-trial-handle=6984,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --always-read-main-dll --field-trial-handle=5364,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --always-read-main-dll --field-trial-handle=7120,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --always-read-main-dll --field-trial-handle=7292,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --always-read-main-dll --field-trial-handle=7344,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --always-read-main-dll --field-trial-handle=7628,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --always-read-main-dll --field-trial-handle=7184,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --always-read-main-dll --field-trial-handle=8028,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --always-read-main-dll --field-trial-handle=7256,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --always-read-main-dll --field-trial-handle=7980,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --always-read-main-dll --field-trial-handle=8072,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --always-read-main-dll --field-trial-handle=8080,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --always-read-main-dll --field-trial-handle=6260,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --string-annotations --always-read-main-dll --field-trial-handle=7232,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=4764 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --always-read-main-dll --field-trial-handle=7952,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=7880,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=8816 /prefetch:14

C:\Users\Admin\Downloads\Let's Compress.exe

"C:\Users\Admin\Downloads\Let's Compress.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F35CAF47A7A7BCB529E88669D6092D3A C

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Let's Compress\Let's Compress 1.4.0.0\install\E05A911\Let's Compress.msi" AI_SETUPEXEPATH="C:\Users\Admin\Downloads\Let's Compress.exe" SETUPEXEDIR=C:\Users\Admin\Downloads\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1740092443 " AI_EUIMSI=""

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding FCFDA35932515D45A326950BBD967964

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI9A8D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241015500 2 RequestSender!RequestSender.CustomActions.Start

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI9D27.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241016093 60 RequestSender!RequestSender.CustomActions.CreateScheduledTask

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSIAC1E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241019921 1939 RequestSender!RequestSender.CustomActions.Finish

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --always-read-main-dll --field-trial-handle=8052,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --always-read-main-dll --field-trial-handle=5584,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --always-read-main-dll --field-trial-handle=7800,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --always-read-main-dll --field-trial-handle=9160,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --always-read-main-dll --field-trial-handle=9320,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --always-read-main-dll --field-trial-handle=6692,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --always-read-main-dll --field-trial-handle=7764,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --always-read-main-dll --field-trial-handle=7152,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=5352,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=4644 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=6804,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6820 /prefetch:14

C:\Users\Admin\Downloads\SpybotPortable_2.6.paf.exe

"C:\Users\Admin\Downloads\SpybotPortable_2.6.paf.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --always-read-main-dll --field-trial-handle=4336,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --always-read-main-dll --field-trial-handle=9444,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --always-read-main-dll --field-trial-handle=5588,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --always-read-main-dll --field-trial-handle=6540,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --always-read-main-dll --field-trial-handle=4356,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --always-read-main-dll --field-trial-handle=7960,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --always-read-main-dll --field-trial-handle=7144,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=8172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --always-read-main-dll --field-trial-handle=7760,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=8324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --always-read-main-dll --field-trial-handle=9452,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --always-read-main-dll --field-trial-handle=9492,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=9412,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9612 /prefetch:14

C:\Users\Admin\Downloads\SpybotPortable\SpybotPortable.exe

"C:\Users\Admin\Downloads\SpybotPortable\SpybotPortable.exe"

C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe

"C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=9292,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7976 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=9292,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7976 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --always-read-main-dll --field-trial-handle=7300,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7940 /prefetch:1

C:\Users\Admin\Downloads\HiJackThis.exe

"C:\Users\Admin\Downloads\HiJackThis.exe"

C:\Windows\system32\bitsadmin.exe

"C:\Windows\SysNative\bitsadmin.exe" /list /allusers /verbose

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004E8

C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDScan.exe

"C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\SDScan.exe" /scan

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --always-read-main-dll --field-trial-handle=6436,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --always-read-main-dll --field-trial-handle=7236,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --always-read-main-dll --field-trial-handle=9356,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --always-read-main-dll --field-trial-handle=9364,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=8316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --always-read-main-dll --field-trial-handle=6372,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --always-read-main-dll --field-trial-handle=6752,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --always-read-main-dll --field-trial-handle=7964,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --always-read-main-dll --field-trial-handle=9272,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=8948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --always-read-main-dll --field-trial-handle=6796,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=2668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --always-read-main-dll --field-trial-handle=9636,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=8880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --always-read-main-dll --field-trial-handle=9312,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --always-read-main-dll --field-trial-handle=9000,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --always-read-main-dll --field-trial-handle=9680,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=8804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --always-read-main-dll --field-trial-handle=9784,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --always-read-main-dll --field-trial-handle=7636,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --always-read-main-dll --field-trial-handle=8324,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --always-read-main-dll --field-trial-handle=8012,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --always-read-main-dll --field-trial-handle=6356,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --always-read-main-dll --field-trial-handle=9832,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --always-read-main-dll --field-trial-handle=9884,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=10132,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10136 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --always-read-main-dll --field-trial-handle=7812,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=7744,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9624 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=106 --always-read-main-dll --field-trial-handle=9828,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=8008 /prefetch:1

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\1111_with_WARP_V2024.12.760.0.msi"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\netspeedmonitor_2_5_4_0_x64_setup.msi"

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 08B7EBD7AD205BD9150AA00A84289C03

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding BD2861D8A9B43343B6DB9370F3F96C48 E Global\MSI0000

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI5BE1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241196046 1968 Warp.Installer.Actions!Warp.Installer.Actions.CustomActions.ReadCmdLineParams

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI676B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241198953 1979 Warp.Installer.Actions!Warp.Installer.Actions.CustomActions.InstallService

C:\Windows\system32\sc.exe

"sc.exe" create CloudflareWARP binPath= "\"C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe"\" displayname= "Cloudflare WARP" start= "auto"

C:\Windows\system32\sc.exe

"sc.exe" config CloudflareWARP depend= "wlansvc"

C:\Windows\system32\sc.exe

"sc.exe" failure CloudflareWARP reset= 86400 actions= restart/0/restart/1000/restart/5000

C:\Windows\system32\sc.exe

"sc.exe" failureflag CloudflareWARP 1

C:\Windows\system32\sc.exe

"sc.exe" config CloudflareWARP start=AUTO

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding C09C9FE51AD7603B7E50AB4BEAAED142 E Global\MSI0000

C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe

"C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=107 --always-read-main-dll --field-trial-handle=6816,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=108 --always-read-main-dll --field-trial-handle=9652,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=109 --always-read-main-dll --field-trial-handle=9424,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=110 --always-read-main-dll --field-trial-handle=9624,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=111 --always-read-main-dll --field-trial-handle=10176,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=112 --always-read-main-dll --field-trial-handle=8976,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=113 --always-read-main-dll --field-trial-handle=9844,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=8916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=114 --always-read-main-dll --field-trial-handle=6812,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=115 --always-read-main-dll --field-trial-handle=10224,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=116 --always-read-main-dll --field-trial-handle=9504,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=117 --always-read-main-dll --field-trial-handle=9688,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=118 --always-read-main-dll --field-trial-handle=9808,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=119 --always-read-main-dll --field-trial-handle=5348,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=120 --always-read-main-dll --field-trial-handle=10160,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=121 --always-read-main-dll --field-trial-handle=9372,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=122 --always-read-main-dll --field-trial-handle=9336,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=8008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=10392,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10656 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=123 --always-read-main-dll --field-trial-handle=6756,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --string-annotations --always-read-main-dll --field-trial-handle=9800,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10652 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=126 --always-read-main-dll --field-trial-handle=9892,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9100 /prefetch:1

C:\Users\Admin\Downloads\spywareblastersetup55.exe

"C:\Users\Admin\Downloads\spywareblastersetup55.exe"

C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp

"C:\Users\Admin\AppData\Local\Temp\is-ACIQS.tmp\spywareblastersetup55.tmp" /SL5="$9042C,4011576,54272,C:\Users\Admin\Downloads\spywareblastersetup55.exe"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\MSSTDFMT.DLL"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\MSCOMCTL.OCX"

C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe

"C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe" QUIETEXIT

C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe

"C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe" QUIETEXIT

C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe

"C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe" -AUCHECK

C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe

"C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe" -AUCHECK

C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe

"C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe"

C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe

"C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.spywareblaster.net/sb-link/autoupdate.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://www.spywareblaster.net/sb-link/autoupdate.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=127 --always-read-main-dll --field-trial-handle=10788,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=128 --always-read-main-dll --field-trial-handle=9552,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=129 --always-read-main-dll --field-trial-handle=9156,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=130 --always-read-main-dll --field-trial-handle=7520,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=131 --always-read-main-dll --field-trial-handle=10940,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=132 --always-read-main-dll --field-trial-handle=10808,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=2632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=133 --always-read-main-dll --field-trial-handle=7128,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=134 --always-read-main-dll --field-trial-handle=10052,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=9780,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10876 /prefetch:14

C:\Users\Admin\Downloads\smadav2025rev1530.exe

"C:\Users\Admin\Downloads\smadav2025rev1530.exe"

C:\Users\Admin\AppData\Local\Temp\is-1GEGE.tmp\smadav2025rev1530.tmp

"C:\Users\Admin\AppData\Local\Temp\is-1GEGE.tmp\smadav2025rev1530.tmp" /SL5="$604A0,2397346,133120,C:\Users\Admin\Downloads\smadav2025rev1530.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=6596,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10812 /prefetch:14

C:\Windows\system32\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\SMADAV\SmadExtMenu64.dll"

C:\Program Files (x86)\SMADAV\SMΔRTP.exe

"C:\Program Files (x86)\SMADAV\SMΔRTP.exe" rtc

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\system32\schtasks.exe" /create /tn "smadav" /xml "C:\Users\Admin\AppData\Roaming\Smadav\smadav.xml"

C:\Program Files (x86)\Smadav\SmadavProtect64.exe

"C:\Program Files (x86)\Smadav\SmadavProtect64.exe"

C:\Program Files (x86)\Smadav\SMΔRTP.exe

"C:\Program Files (x86)\Smadav\SMΔRTP.exe"

C:\Program Files (x86)\SMADAV\SMΔRTP.exe

"C:\Program Files (x86)\SMADAV\SMΔRTP.exe"

C:\Program Files (x86)\Smadav\SmadavHelper.exe

"C:\Program Files (x86)\Smadav\SmadavHelper.exe" "zZb1jxkjbLyptobLmmI.i.b4n.ptovbqxi'jYznpmkxjjbhmyaxex|"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=137 --always-read-main-dll --field-trial-handle=5912,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=138 --always-read-main-dll --field-trial-handle=5868,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=139 --always-read-main-dll --field-trial-handle=5876,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=140 --always-read-main-dll --field-trial-handle=5740,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=141 --always-read-main-dll --field-trial-handle=7204,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10732 /prefetch:1

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Smadav\SmadExtc64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Smadav\SmadExtc64.dll"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=142 --always-read-main-dll --field-trial-handle=9972,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=10072,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9408 /prefetch:14

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\system32\schtasks.exe" /create /tn "SmadavSecondaryUpdater" /xml "C:\Users\Admin\AppData\Roaming\Smadav\SmadavSecondaryUpdater.xml"

C:\Users\Admin\Downloads\USBLockit.exe

"C:\Users\Admin\Downloads\USBLockit.exe"

C:\Windows\SysWOW64\xcopy.exe

xcopy "C:\Users\Admin\Downloads\USBLockit.exe" C:\users\public\ /Y

C:\users\public\USBLockit.exe

"C:\users\public\USBLockit.exe" C:\Users\Admin\Downloads\USBLockit.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=144 --always-read-main-dll --field-trial-handle=5936,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=145 --always-read-main-dll --field-trial-handle=10904,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=146 --always-read-main-dll --field-trial-handle=10400,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=9344,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6364 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=9344,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6364 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=148 --always-read-main-dll --field-trial-handle=10728,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6384 /prefetch:1

C:\Users\Admin\Downloads\USBLockit.exe

"C:\Users\Admin\Downloads\USBLockit.exe"

C:\Windows\SysWOW64\xcopy.exe

xcopy "C:\Users\Admin\Downloads\USBLockit.exe" C:\users\public\ /Y

C:\users\public\USBLockit.exe

"C:\users\public\USBLockit.exe" C:\Users\Admin\Downloads\USBLockit.exe

C:\Users\Admin\Downloads\USBLockit.exe

"C:\Users\Admin\Downloads\USBLockit.exe"

C:\Windows\SysWOW64\xcopy.exe

xcopy "C:\Users\Admin\Downloads\USBLockit.exe" C:\users\public\ /Y

C:\users\public\USBLockit.exe

"C:\users\public\USBLockit.exe" C:\Users\Admin\Downloads\USBLockit.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=149 --always-read-main-dll --field-trial-handle=5944,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=150 --always-read-main-dll --field-trial-handle=10284,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=8320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=151 --always-read-main-dll --field-trial-handle=5896,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=152 --always-read-main-dll --field-trial-handle=10760,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=6212,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=8940 /prefetch:14

C:\Users\Admin\Downloads\mobiunlockforandroid_trial_Installer_20250223.807801.exe

"C:\Users\Admin\Downloads\mobiunlockforandroid_trial_Installer_20250223.807801.exe"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\EDownloader.exe

"C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\EDownloader.exe" EXEDIR=C:\Users\Admin\Downloads ||| EXENAME=mobiunlockforandroid_trial_Installer_20250223.807801.exe ||| DOWNLOAD_VERSION=trial ||| RELEASE_TIME=2023-01-10_10_39_20 ||| PRODUCT_VERSION=1.0.0 ||| INSTALL_TYPE=0

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\InfoForSetup.exe

/Uid "S-1-5-21-2287204051-441334380-1151193565-1000"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\InfoForSetup.exe

/SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api/index.php/Home/product/config/\",\"Elapsed\":\"2\",\"Errorinfo\":\"0\",\"Result\":\"Success\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\InfoForSetup.exe

/SendInfo Window "Install" Activity "Info_Userinfo" Attribute "{\"Country\":\"United States\",\"Language\":\"English\",\"OS\":\"Microsoft Windows 10\",\"Timezone\":\"GMT-00:00\",\"UE\":\"on\",\"Version\":\"trial\",\"Version_Num\":\"1.0.0\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\InfoForSetup.exe

/SendInfo Window "Home_Installer" Activity "Info_Finish" Attribute "{\"Country\":\"United States\",\"Language\":\"English\",\"OS\":\"Microsoft Windows 10\",\"Releasetime\":\"2023-01-10_10_39_20\",\"Testid\":\"\",\"Timezone\":\"GMT-00:00\",\"Version\":\"trial\",\"Version_Num\":\"1.0.0\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\InfoForSetup.exe

/SendInfo Window "DownloadInstall_Page" Activity "Click_Installnow"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\InfoForSetup.exe

/SendInfo Window "Home_Installer" Activity "Click_Install" Attribute "{\"Country\":\"United States\",\"Install_Path\":\"C:/Program Files (x86)/EaseUS/EaseUS MobiUnlockForAndroid\",\"Language\":\"English\",\"Os\":\"Microsoft Windows 10\",\"Pageid\":\"1-807801\",\"Releasetime\":\"2023-01-10_10_39_20\",\"Testid\":\"\",\"Timezone\":\"GMT-00:00\",\"Version\":\"trial\",\"Version_Num\":\"1.0.0\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\InfoForSetup.exe

/SendInfo Window "Home_Installer" Activity "Info_Start_Download_Program"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=154 --always-read-main-dll --field-trial-handle=10432,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --string-annotations --always-read-main-dll --field-trial-handle=10796,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6776 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=157 --always-read-main-dll --field-trial-handle=9316,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=158 --always-read-main-dll --field-trial-handle=9092,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=5724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=159 --always-read-main-dll --field-trial-handle=7320,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=160 --always-read-main-dll --field-trial-handle=9820,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=161 --always-read-main-dll --field-trial-handle=11164,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=11208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=162 --always-read-main-dll --field-trial-handle=9904,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=11260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=163 --always-read-main-dll --field-trial-handle=11156,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=11176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=164 --always-read-main-dll --field-trial-handle=11128,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=165 --always-read-main-dll --field-trial-handle=11140,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=166 --always-read-main-dll --field-trial-handle=5620,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=11176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=167 --always-read-main-dll --field-trial-handle=5860,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=168 --always-read-main-dll --field-trial-handle=4788,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=8916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=169 --always-read-main-dll --field-trial-handle=5328,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=170 --always-read-main-dll --field-trial-handle=11404,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=9100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=171 --always-read-main-dll --field-trial-handle=8784,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=172 --always-read-main-dll --field-trial-handle=10984,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=10948,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10932 /prefetch:14

C:\Users\Admin\Downloads\FKPackage.exe

"C:\Users\Admin\Downloads\FKPackage.exe"

C:\ProgramData\HeavenWard\FreeKey\instreg.exe

"C:\ProgramData\HeavenWard\FreeKey\instreg.exe" -i freekey

C:\ProgramData\HeavenWard\FreeKey\freekey.exe

"C:\ProgramData\HeavenWard\FreeKey\freekey.exe" -init

C:\Users\Admin\Downloads\mobiunlockforandroid_trial_Installer_20250223.807801.exe

"C:\Users\Admin\Downloads\mobiunlockforandroid_trial_Installer_20250223.807801.exe"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\EDownloader.exe

"C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\EDownloader.exe" EXEDIR=C:\Users\Admin\Downloads ||| EXENAME=mobiunlockforandroid_trial_Installer_20250223.807801.exe ||| DOWNLOAD_VERSION=trial ||| RELEASE_TIME=2023-01-10_10_39_20 ||| PRODUCT_VERSION=1.0.0 ||| INSTALL_TYPE=0

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\InfoForSetup.exe

/Uid "S-1-5-21-2287204051-441334380-1151193565-1000"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\8bd2405837e24f7495ab42b6a4230c38 /t 5788 /p 3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=174 --always-read-main-dll --field-trial-handle=10348,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=175 --always-read-main-dll --field-trial-handle=11396,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=11088 /prefetch:1

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=176 --always-read-main-dll --field-trial-handle=11204,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=177 --always-read-main-dll --field-trial-handle=11560,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=178 --always-read-main-dll --field-trial-handle=10908,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=7100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=11168,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=11508 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=5676,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=11064 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=181 --always-read-main-dll --field-trial-handle=10736,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10256 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_Malware-Database-main.zip\Malware-Database-main\PCToaster.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Malware-Database-main.zip\Malware-Database-main\PCToaster.exe"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_Malware-Database-main.zip\Malware-Database-main\PCToaster.exe"

C:\Windows\SYSTEM32\attrib.exe

attrib +h C:\Users\Admin\AppData\Local\Temp\Temp1_Malware-Database-main.zip\Malware-Database-main\scr.txt

C:\Windows\SYSTEM32\diskpart.exe

diskpart /s C:\Users\Admin\AppData\Local\Temp\Temp1_Malware-Database-main.zip\Malware-Database-main\scr.txt

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\Windows\System32\vds.exe

C:\Windows\System32\vds.exe

C:\Windows\SYSTEM32\takeown.exe

takeown /f V:\Boot /r

C:\Windows\SYSTEM32\takeown.exe

takeown /f V:\Recovery /r

C:\Users\Admin\AppData\Local\Temp\Temp1_Malware-Database-main.zip\Malware-Database-main\TaskILL.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Malware-Database-main.zip\Malware-Database-main\TaskILL.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_Malware-Database-main.zip\Malware-Database-main\PankozaDestructive 2.0.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Malware-Database-main.zip\Malware-Database-main\PankozaDestructive 2.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\1C5F.tmp\1C60.tmp\1C61.vbs //Nologo

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1C5F.tmp\z.cmd" "

C:\Windows\system32\msg.exe

msg * your pc was destroyed by PankozaDestructive 2.0

C:\Users\Admin\AppData\Local\Temp\1C5F.tmp\MBRTrash.exe

MBRTrash.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UCVTSRzzkAAtUZzX88xoMdhw

C:\Users\Admin\AppData\Local\Temp\1C5F.tmp\1.exe

1.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=182 --always-read-main-dll --field-trial-handle=9112,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=4348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=183 --always-read-main-dll --field-trial-handle=9264,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=6600 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1C5F.tmp\2.exe

2.exe

C:\Users\Admin\AppData\Local\Temp\1C5F.tmp\3.exe

3.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=184 --always-read-main-dll --field-trial-handle=6228,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=4296 /prefetch:1

C:\Windows\system32\reg.exe

reg delete hkcr /f

C:\Windows\SYSTEM32\taskkill.exe

taskkill /im lsass.exe /f

C:\Windows\System32\PickerHost.exe

C:\Windows\System32\PickerHost.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=185 --always-read-main-dll --field-trial-handle=11516,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=8860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=186 --always-read-main-dll --field-trial-handle=6092,i,12331736354284649584,1031380232325094842,262144 --variations-seed-version --mojo-platform-channel-handle=10700 /prefetch:1

C:\Windows\SYSTEM32\mountvol.exe

mountvol A: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol B: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol D: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol E: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol F: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol G: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol H: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol I: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol J: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol K: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol L: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol M: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol N: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol O: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol P: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol Q: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol R: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol S: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol T: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol U: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol V: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol W: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol X: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol Y: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol Z: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol C: /d

Network

Country Destination Domain Proto
US 8.8.8.8:53 example.com udp
US 8.8.8.8:53 example.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 96.7.128.175:80 example.com tcp
US 8.8.8.8:53 example.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 96.7.128.175:80 example.com tcp
US 8.8.8.8:53 example.com udp
US 8.8.8.8:53 example.com udp
US 8.8.8.8:53 example.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 23.215.0.136:443 example.com tcp
GB 92.123.128.185:443 copilot.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 23.215.0.136:443 example.com tcp
US 204.79.197.239:443 tcp
GB 2.17.5.133:443 www.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 23.215.0.136:443 example.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 edgecdn-embza6g8cacagcbn.z01.azurefd.net udp
US 8.8.8.8:53 edgecdn-embza6g8cacagcbn.z01.azurefd.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgecdn-embza6g8cacagcbn.z01.azurefd.net tcp
US 13.107.246.64:443 edgecdn-embza6g8cacagcbn.z01.azurefd.net tcp
US 13.107.246.64:443 edgecdn-embza6g8cacagcbn.z01.azurefd.net tcp
US 13.107.246.64:443 edgecdn-embza6g8cacagcbn.z01.azurefd.net tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.65:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
GB 92.123.128.163:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
GB 92.123.128.163:443 www.bing.com tcp
GB 92.123.128.163:443 www.bing.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 151.101.1.91:443 download.cnet.com tcp
US 151.101.1.91:443 download.cnet.com tcp
US 151.101.1.91:443 download.cnet.com udp
US 8.8.8.8:53 www.cnet.com udp
US 8.8.8.8:53 www.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 assets.dwncdn.net udp
US 8.8.8.8:53 assets.dwncdn.net udp
GB 142.250.200.4:443 www.google.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 151.101.1.91:443 assets.dwncdn.net tcp
US 8.8.8.8:53 images.dwncdn.net udp
US 8.8.8.8:53 images.dwncdn.net udp
GB 13.224.225.87:443 c.amazon-adsystem.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 151.101.129.91:443 images.dwncdn.net tcp
US 151.101.129.91:443 images.dwncdn.net tcp
GB 13.224.225.87:443 c.amazon-adsystem.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 151.101.129.91:443 images.dwncdn.net tcp
US 151.101.1.91:443 images.dwncdn.net tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 btloader.com udp
GB 142.250.180.14:443 syndicatedsearch.goog tcp
US 104.22.74.216:443 btloader.com tcp
US 151.101.129.91:443 images.dwncdn.net udp
US 151.101.129.91:443 images.dwncdn.net udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 ag.dns-finder.com udp
US 8.8.8.8:53 ag.dns-finder.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
DE 157.90.33.121:443 push-sdk.com tcp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 ag.dns-finder.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 uidsync.net udp
US 8.8.8.8:53 uidsync.net udp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.86.42:443 cdn.cookielaw.org tcp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 ag.dns-finder.com udp
US 8.8.8.8:53 ag.dns-finder.com udp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.22.21.109:443 cdn.btmessage.com tcp
US 104.22.21.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 api.btmessage.com udp
US 8.8.8.8:53 api.btmessage.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.20.109:443 cdn.btmessage.com tcp
GB 51.140.242.104:443 app-edge.smartscreen.microsoft.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
DE 157.90.33.121:443 uidsync.net tcp
US 8.8.8.8:53 client.wns.windows.com udp
GB 20.90.153.243:443 client.wns.windows.com tcp
DE 157.90.33.121:443 uidsync.net tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 168df0bea28471cdab5fa89a1f1e69d3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 168df0bea28471cdab5fa89a1f1e69d3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 168df0bea28471cdab5fa89a1f1e69d3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 216.58.201.98:443 ep1.adtrafficquality.google udp
GB 142.250.180.1:443 168df0bea28471cdab5fa89a1f1e69d3.safeframe.googlesyndication.com udp
GB 142.250.180.1:443 168df0bea28471cdab5fa89a1f1e69d3.safeframe.googlesyndication.com udp
US 13.107.246.65:443 www.clarity.ms tcp
GB 18.165.242.125:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.187.193:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.200.4:443 www.google.com udp
GB 142.250.187.193:443 ep2.adtrafficquality.google tcp
N/A 127.0.0.1:443 tcp
N/A 127.0.0.1:443 tcp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
GB 142.250.187.193:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
US 150.171.28.10:443 c.bing.com tcp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 168df0bea28471cdab5fa89a1f1e69d3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 168df0bea28471cdab5fa89a1f1e69d3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 216.58.201.98:443 ep1.adtrafficquality.google udp
US 151.101.1.91:443 download.cnet.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
DE 157.90.33.121:443 uidsync.net tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 4cedb5e9183663cf0a87e16a98aa97c3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 4cedb5e9183663cf0a87e16a98aa97c3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 4cedb5e9183663cf0a87e16a98aa97c3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.178.1:443 4cedb5e9183663cf0a87e16a98aa97c3.safeframe.googlesyndication.com udp
GB 142.250.178.1:443 4cedb5e9183663cf0a87e16a98aa97c3.safeframe.googlesyndication.com udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
DE 157.90.33.121:443 uidsync.net tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
DE 157.90.33.121:443 uidsync.net tcp
US 8.8.8.8:53 di-images.sftcdn.net udp
US 8.8.8.8:53 di-images.sftcdn.net udp
US 151.101.65.91:443 di-images.sftcdn.net tcp
US 151.101.65.91:443 di-images.sftcdn.net tcp
DE 157.90.33.68:443 uidsync.net tcp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 142.250.180.14:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 3d848f64617e21f12d99f5c5df2a8cd4.safeframe.googlesyndication.com udp
US 8.8.8.8:53 3d848f64617e21f12d99f5c5df2a8cd4.safeframe.googlesyndication.com udp
US 8.8.8.8:53 3d848f64617e21f12d99f5c5df2a8cd4.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 142.250.180.14:443 syndicatedsearch.goog udp
GB 142.250.200.2:443 partner.googleadservices.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
DE 157.90.33.121:443 uidsync.net tcp
US 151.101.65.91:443 download.cnet.com udp
US 8.8.8.8:53 download.letscompress.online udp
US 8.8.8.8:53 download.letscompress.online udp
US 8.8.8.8:53 download.letscompress.online udp
US 8.8.8.8:53 download.cnet.com udp
GB 143.244.38.136:443 download.letscompress.online tcp
GB 143.244.38.136:443 download.letscompress.online tcp
US 8.8.8.8:53 download.get-lets-compress.com udp
US 8.8.8.8:53 download.get-lets-compress.com udp
US 8.8.8.8:53 download.get-lets-compress.com udp
US 8.8.8.8:53 download.get-lets-compress.com udp
GB 79.127.237.132:443 download.get-lets-compress.com tcp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 app-edge.smartscreen.microsoft.com tcp
GB 143.244.38.136:443 download.get-lets-compress.com tcp
GB 143.244.38.136:443 download.get-lets-compress.com tcp
GB 2.23.210.82:80 r10.o.lencr.org tcp
GB 143.244.38.136:443 download.get-lets-compress.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 50ad1e49a732d332cb4e99f0a26f3751.safeframe.googlesyndication.com udp
US 8.8.8.8:53 50ad1e49a732d332cb4e99f0a26f3751.safeframe.googlesyndication.com udp
US 8.8.8.8:53 50ad1e49a732d332cb4e99f0a26f3751.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.201.97:443 50ad1e49a732d332cb4e99f0a26f3751.safeframe.googlesyndication.com udp
GB 216.58.201.97:443 50ad1e49a732d332cb4e99f0a26f3751.safeframe.googlesyndication.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.200.4:443 www.google.com udp
DE 157.90.33.121:443 uidsync.net tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 b32387409cad027693f2d45baaec1c07.safeframe.googlesyndication.com udp
US 8.8.8.8:53 b32387409cad027693f2d45baaec1c07.safeframe.googlesyndication.com udp
US 8.8.8.8:53 b32387409cad027693f2d45baaec1c07.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.204.65:443 b32387409cad027693f2d45baaec1c07.safeframe.googlesyndication.com udp
GB 216.58.204.65:443 b32387409cad027693f2d45baaec1c07.safeframe.googlesyndication.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.204.65:443 b32387409cad027693f2d45baaec1c07.safeframe.googlesyndication.com udp
GB 142.250.200.4:443 www.google.com udp
DE 157.90.33.121:443 uidsync.net tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 prod.downloadnow.com udp
US 8.8.8.8:53 prod.downloadnow.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 151.101.65.91:443 download.cnet.com tcp
US 8.8.8.8:53 prod.downloadnow.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
GB 92.123.128.161:443 www.bing.com udp
US 8.8.8.8:53 sub.pretty-fly4.com udp
US 8.8.8.8:53 sub.pretty-fly4.com udp
DE 157.90.33.122:443 sub.pretty-fly4.com tcp
DE 157.90.33.122:443 sub.pretty-fly4.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 assets.dwncdn.net udp
US 8.8.8.8:53 assets.dwncdn.net udp
US 104.22.21.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 images.dwncdn.net udp
US 8.8.8.8:53 images.dwncdn.net udp
GB 13.224.225.87:443 c.amazon-adsystem.com tcp
GB 13.224.225.87:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 142.250.180.14:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 push-sdk.com udp
DE 157.90.33.122:443 push-sdk.com tcp
GB 142.250.180.14:443 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 d432bd29e40c1e0edd94e16a7aa0d265.safeframe.googlesyndication.com udp
US 8.8.8.8:53 d432bd29e40c1e0edd94e16a7aa0d265.safeframe.googlesyndication.com udp
US 8.8.8.8:53 d432bd29e40c1e0edd94e16a7aa0d265.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.180.1:443 d432bd29e40c1e0edd94e16a7aa0d265.safeframe.googlesyndication.com udp
GB 142.250.180.1:443 d432bd29e40c1e0edd94e16a7aa0d265.safeframe.googlesyndication.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
DE 157.90.33.68:443 push-sdk.com tcp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
DE 157.90.33.68:443 push-sdk.com tcp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
DE 157.90.33.122:443 push-sdk.com tcp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 f3f70b37379a64aedb176e91faa1e3f0.safeframe.googlesyndication.com udp
US 8.8.8.8:53 f3f70b37379a64aedb176e91faa1e3f0.safeframe.googlesyndication.com udp
US 8.8.8.8:53 f3f70b37379a64aedb176e91faa1e3f0.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.179.225:443 f3f70b37379a64aedb176e91faa1e3f0.safeframe.googlesyndication.com udp
GB 142.250.179.225:443 f3f70b37379a64aedb176e91faa1e3f0.safeframe.googlesyndication.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 151.101.129.91:443 download.cnet.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
DE 157.90.33.122:443 push-sdk.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 41dd5abb794314f0a5664dc2a006c151.safeframe.googlesyndication.com udp
US 8.8.8.8:53 41dd5abb794314f0a5664dc2a006c151.safeframe.googlesyndication.com udp
US 8.8.8.8:53 41dd5abb794314f0a5664dc2a006c151.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
DE 157.90.33.122:443 push-sdk.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 prod.downloadnow.com udp
US 8.8.8.8:53 prod.downloadnow.com udp
N/A 127.0.0.1:21322 tcp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
N/A 127.0.0.1:21322 tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
N/A 127.0.0.1:21322 tcp
N/A 127.0.0.1:21322 tcp
GB 92.123.128.136:443 www.bing.com udp
N/A 127.0.0.1:21322 tcp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
N/A 127.0.0.1:21322 tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 151.101.65.91:443 download.cnet.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.21.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 assets.dwncdn.net udp
US 8.8.8.8:53 assets.dwncdn.net udp
GB 142.250.200.4:443 www.google.com udp
US 151.101.129.91:443 download.cnet.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 images.dwncdn.net udp
US 8.8.8.8:53 images.dwncdn.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 13.224.225.87:443 c.amazon-adsystem.com tcp
GB 13.224.225.87:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 151.101.193.91:443 images.dwncdn.net udp
GB 142.250.180.14:443 syndicatedsearch.goog tcp
DE 157.90.33.122:443 push-sdk.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 btloader.com udp
GB 142.250.180.14:443 syndicatedsearch.goog udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 093e87e7e336e293a0915f7354f1aee2.safeframe.googlesyndication.com udp
US 8.8.8.8:53 093e87e7e336e293a0915f7354f1aee2.safeframe.googlesyndication.com udp
US 8.8.8.8:53 093e87e7e336e293a0915f7354f1aee2.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.187.225:443 093e87e7e336e293a0915f7354f1aee2.safeframe.googlesyndication.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 142.250.187.225:443 093e87e7e336e293a0915f7354f1aee2.safeframe.googlesyndication.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 ag.dns-finder.com udp
US 8.8.8.8:53 ag.dns-finder.com udp
DE 157.90.33.68:443 push-sdk.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
DE 157.90.33.68:443 push-sdk.com tcp
GB 216.58.201.98:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
GB 142.250.187.193:443 ep2.adtrafficquality.google udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
DE 157.90.33.122:443 push-sdk.com tcp
GB 216.58.201.98:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 cdn.mediago.io udp
US 8.8.8.8:53 trace-eu.mediago.io udp
US 8.8.8.8:53 trace-eu.mediago.io udp
US 8.8.8.8:53 images.mediago.io udp
US 8.8.8.8:53 images.mediago.io udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
US 34.111.60.239:443 images.mediago.io tcp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
US 8.8.8.8:53 cdn.mediago.io udp
GB 52.84.90.15:443 cdn.mediago.io tcp
GB 52.84.90.15:443 cdn.mediago.io tcp
US 8.8.8.8:53 cdn.mediago.io udp
US 8.8.8.8:53 093e87e7e336e293a0915f7354f1aee2.safeframe.googlesyndication.com udp
GB 52.84.90.15:443 cdn.mediago.io tcp
NL 35.214.168.80:443 trace-eu.mediago.io udp
US 8.8.8.8:53 gtrace.mediago.io udp
US 8.8.8.8:53 gtrace.mediago.io udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.180.14:443 syndicatedsearch.goog udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 d9a6944cafee7d9ce3f258b49b37fa48.safeframe.googlesyndication.com udp
US 8.8.8.8:53 d9a6944cafee7d9ce3f258b49b37fa48.safeframe.googlesyndication.com udp
US 8.8.8.8:53 d9a6944cafee7d9ce3f258b49b37fa48.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 172.217.16.225:443 d9a6944cafee7d9ce3f258b49b37fa48.safeframe.googlesyndication.com udp
GB 172.217.16.225:443 d9a6944cafee7d9ce3f258b49b37fa48.safeframe.googlesyndication.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
N/A 127.0.0.1:21322 tcp
DE 157.90.33.122:443 push-sdk.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 83d95b310636698a790566b0057b4532.safeframe.googlesyndication.com udp
US 8.8.8.8:53 83d95b310636698a790566b0057b4532.safeframe.googlesyndication.com udp
US 8.8.8.8:53 83d95b310636698a790566b0057b4532.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.200.33:443 83d95b310636698a790566b0057b4532.safeframe.googlesyndication.com udp
GB 142.250.200.33:443 83d95b310636698a790566b0057b4532.safeframe.googlesyndication.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
DE 157.90.33.122:443 push-sdk.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 prod.downloadnow.com udp
US 8.8.8.8:53 prod.downloadnow.com udp
US 8.8.8.8:53 prod.downloadnow.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
N/A 127.0.0.1:21322 tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
DE 157.90.33.122:443 push-sdk.com tcp
DE 157.90.33.68:443 push-sdk.com tcp
DE 157.90.33.68:443 push-sdk.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 7b60494ceee5961a9b4430b596b3b37c.safeframe.googlesyndication.com udp
US 8.8.8.8:53 7b60494ceee5961a9b4430b596b3b37c.safeframe.googlesyndication.com udp
US 8.8.8.8:53 7b60494ceee5961a9b4430b596b3b37c.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.201.97:443 7b60494ceee5961a9b4430b596b3b37c.safeframe.googlesyndication.com udp
GB 216.58.201.97:443 7b60494ceee5961a9b4430b596b3b37c.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
DE 157.90.33.122:443 push-sdk.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 acd0b635ff51d1d757de12db532855be.safeframe.googlesyndication.com udp
US 8.8.8.8:53 acd0b635ff51d1d757de12db532855be.safeframe.googlesyndication.com udp
US 8.8.8.8:53 acd0b635ff51d1d757de12db532855be.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 4f1102a07efb73da124071bd2cbd5401.safeframe.googlesyndication.com udp
US 8.8.8.8:53 4f1102a07efb73da124071bd2cbd5401.safeframe.googlesyndication.com udp
US 8.8.8.8:53 4f1102a07efb73da124071bd2cbd5401.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 172.217.169.65:443 4f1102a07efb73da124071bd2cbd5401.safeframe.googlesyndication.com udp
GB 172.217.169.65:443 4f1102a07efb73da124071bd2cbd5401.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 151.101.129.91:443 download.cnet.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 142.250.200.4:443 www.google.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 b2d0f3c923d8f7e201146c8a9f1ceda8.safeframe.googlesyndication.com udp
US 8.8.8.8:53 b2d0f3c923d8f7e201146c8a9f1ceda8.safeframe.googlesyndication.com udp
US 8.8.8.8:53 b2d0f3c923d8f7e201146c8a9f1ceda8.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
GB 142.250.200.4:443 www.google.com udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
DE 157.90.33.122:443 push-sdk.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
DE 157.90.33.68:443 push-sdk.com tcp
DE 157.90.33.68:443 push-sdk.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
DE 157.90.33.122:443 push-sdk.com tcp
GB 92.123.128.157:443 www.bing.com udp
N/A 127.0.0.1:21322 tcp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
FR 95.100.133.91:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 4f1102a07efb73da124071bd2cbd5401.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 172.217.169.65:443 4f1102a07efb73da124071bd2cbd5401.safeframe.googlesyndication.com udp
US 8.8.8.8:53 adsdk.microsoft.com udp
US 8.8.8.8:53 adsdk.microsoft.com udp
US 8.8.8.8:53 cdn.adnxs.com udp
US 8.8.8.8:53 cdn.adnxs.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 adsdk.microsoft.com udp
US 8.8.8.8:53 adsdk.microsoft.com udp
US 8.8.8.8:53 cdn.adnxs.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
NL 185.89.210.82:443 ams3-ib.adnxs.com tcp
US 13.107.246.65:443 adsdk.microsoft.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 151.101.193.108:443 cdn.adnxs.com tcp
US 151.101.193.108:443 cdn.adnxs.com tcp
US 8.8.8.8:53 cdn.adnxs-simple.com udp
US 8.8.8.8:53 cdn.adnxs-simple.com udp
US 8.8.8.8:53 cdn.adnxs-simple.com udp
US 8.8.8.8:53 cdn.adnxs-simple.com udp
US 151.101.65.108:443 cdn.adnxs-simple.com tcp
GB 92.123.128.180:443 www.bing.com tcp
GB 92.123.128.180:443 www.bing.com tcp
GB 92.123.128.180:443 www.bing.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.21.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 assets.dwncdn.net udp
US 8.8.8.8:53 assets.dwncdn.net udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 151.101.129.91:443 assets.dwncdn.net udp
GB 142.250.200.4:443 www.google.com udp
US 151.101.65.91:443 assets.dwncdn.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 images.dwncdn.net udp
US 8.8.8.8:53 images.dwncdn.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 151.101.65.91:443 images.dwncdn.net udp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 142.250.180.14:443 syndicatedsearch.goog udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 6a48a425d6564bec1ad6d3384113becf.safeframe.googlesyndication.com udp
US 8.8.8.8:53 6a48a425d6564bec1ad6d3384113becf.safeframe.googlesyndication.com udp
US 8.8.8.8:53 6a48a425d6564bec1ad6d3384113becf.safeframe.googlesyndication.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 142.250.200.1:443 6a48a425d6564bec1ad6d3384113becf.safeframe.googlesyndication.com udp
GB 142.250.200.1:443 6a48a425d6564bec1ad6d3384113becf.safeframe.googlesyndication.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.200.1:443 6a48a425d6564bec1ad6d3384113becf.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 130.211.23.194:443 api.btloader.com udp
GB 142.250.180.14:443 syndicatedsearch.goog udp
GB 142.250.200.1:443 6a48a425d6564bec1ad6d3384113becf.safeframe.googlesyndication.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 216.58.201.98:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.200.4:443 www.google.com udp
GB 142.250.187.193:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 push-sdk.com udp
GB 216.58.201.98:443 ep1.adtrafficquality.google udp
DE 178.63.248.57:443 push-sdk.com tcp
GB 92.123.128.157:443 www.bing.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 142.250.180.14:443 syndicatedsearch.goog udp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 download.cnet.com udp
DE 178.63.248.57:443 push-sdk.com tcp
GB 142.250.180.14:443 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 9c33084b4576ba9404bea98a855850a5.safeframe.googlesyndication.com udp
US 8.8.8.8:53 9c33084b4576ba9404bea98a855850a5.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 uidsync.net udp
US 8.8.8.8:53 uidsync.net udp
DE 178.63.248.57:443 uidsync.net tcp
DE 178.63.248.57:443 uidsync.net tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
DE 178.63.248.57:443 uidsync.net tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 c8bc2afd22728d5d56480937efdf55a1.safeframe.googlesyndication.com udp
US 8.8.8.8:53 c8bc2afd22728d5d56480937efdf55a1.safeframe.googlesyndication.com udp
US 8.8.8.8:53 c8bc2afd22728d5d56480937efdf55a1.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.178.1:443 c8bc2afd22728d5d56480937efdf55a1.safeframe.googlesyndication.com udp
GB 142.250.178.1:443 c8bc2afd22728d5d56480937efdf55a1.safeframe.googlesyndication.com udp
DE 178.63.248.57:443 uidsync.net tcp
DE 178.63.248.57:443 uidsync.net tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 151.101.65.91:443 download.cnet.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 1f5e935c31a8d0849c93eab8ce9c0d7b.safeframe.googlesyndication.com udp
US 8.8.8.8:53 1f5e935c31a8d0849c93eab8ce9c0d7b.safeframe.googlesyndication.com udp
US 8.8.8.8:53 1f5e935c31a8d0849c93eab8ce9c0d7b.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.200.33:443 1f5e935c31a8d0849c93eab8ce9c0d7b.safeframe.googlesyndication.com udp
GB 142.250.200.33:443 1f5e935c31a8d0849c93eab8ce9c0d7b.safeframe.googlesyndication.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
DE 178.63.248.57:443 uidsync.net tcp
DE 178.63.248.57:443 uidsync.net tcp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
US 52.152.143.207:443 o.clarity.ms tcp
US 104.26.2.70:443 ad-delivery.net tcp
DE 178.63.248.57:443 uidsync.net tcp
US 104.22.21.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 a27b7744c9434e7185bdac19bc7394be.safeframe.googlesyndication.com udp
US 8.8.8.8:53 a27b7744c9434e7185bdac19bc7394be.safeframe.googlesyndication.com udp
US 8.8.8.8:53 a27b7744c9434e7185bdac19bc7394be.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.179.225:443 a27b7744c9434e7185bdac19bc7394be.safeframe.googlesyndication.com udp
GB 142.250.179.225:443 a27b7744c9434e7185bdac19bc7394be.safeframe.googlesyndication.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 18.154.84.63:443 sb.scorecardresearch.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
DE 178.63.248.57:443 uidsync.net tcp
DE 178.63.248.57:443 uidsync.net tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
DE 178.63.248.57:443 uidsync.net tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 66da87ca360f1410b8d54160055d458a.safeframe.googlesyndication.com udp
US 8.8.8.8:53 66da87ca360f1410b8d54160055d458a.safeframe.googlesyndication.com udp
US 8.8.8.8:53 66da87ca360f1410b8d54160055d458a.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.200.1:443 66da87ca360f1410b8d54160055d458a.safeframe.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
DE 178.63.248.57:443 uidsync.net tcp
DE 178.63.248.57:443 uidsync.net tcp
DE 178.63.248.57:443 uidsync.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
DE 178.63.248.57:443 uidsync.net tcp
GB 18.154.84.63:443 sb.scorecardresearch.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
DE 178.63.248.57:443 uidsync.net tcp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.21.109:443 cdn.btmessage.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
GB 142.250.180.14:443 syndicatedsearch.goog udp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 3d06e4cb9804a2a9a7b2a1b3f0f9f6cb.safeframe.googlesyndication.com udp
US 8.8.8.8:53 3d06e4cb9804a2a9a7b2a1b3f0f9f6cb.safeframe.googlesyndication.com udp
US 8.8.8.8:53 3d06e4cb9804a2a9a7b2a1b3f0f9f6cb.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.187.225:443 3d06e4cb9804a2a9a7b2a1b3f0f9f6cb.safeframe.googlesyndication.com udp
GB 142.250.187.225:443 3d06e4cb9804a2a9a7b2a1b3f0f9f6cb.safeframe.googlesyndication.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
DE 178.63.248.57:443 uidsync.net tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.21.109:443 cdn.btmessage.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 csi.gstatic.com udp
SE 142.250.74.163:443 csi.gstatic.com tcp
SE 142.250.74.163:443 csi.gstatic.com tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 prod.downloadnow.com udp
US 8.8.8.8:53 prod.downloadnow.com udp
US 8.8.8.8:53 prod.downloadnow.com udp
US 151.101.1.91:443 prod.downloadnow.com tcp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 151.101.130.133:80 crl.globalsign.net tcp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 app-edge.smartscreen.microsoft.com tcp
DE 178.63.248.57:443 uidsync.net tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
US 52.152.143.207:443 o.clarity.ms tcp
DE 178.63.248.57:443 uidsync.net tcp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
GB 92.123.128.190:443 www.bing.com udp
SE 142.250.74.163:443 csi.gstatic.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 www.spywareblaster.net udp
US 8.8.8.8:53 www.spywareblaster.net udp
US 8.8.8.8:53 www.spywareblaster.net udp
US 8.8.8.8:53 www.spywareblaster.net udp
US 8.8.8.8:53 www.spywareblaster.net udp
US 8.8.8.8:53 www.spywareblaster.net udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 67.225.152.20:80 www.spywareblaster.net tcp
US 67.225.152.20:80 www.spywareblaster.net tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 67.225.152.20:443 www.spywareblaster.net tcp
US 8.8.8.8:53 www.brightfort.com udp
US 8.8.8.8:53 www.brightfort.com udp
US 8.8.8.8:53 www.brightfort.com udp
US 67.225.152.22:443 www.brightfort.com tcp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 www.spywareblaster.net udp
US 8.8.8.8:53 www.spywareblaster.net udp
US 67.225.152.22:443 www.brightfort.com tcp
US 67.225.152.20:443 www.spywareblaster.net tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 67.225.152.22:443 www.brightfort.com tcp
US 8.8.8.8:53 www.brightfort.com udp
US 8.8.8.8:53 www.brightfort.com udp
US 67.225.152.22:443 www.brightfort.com tcp
US 67.225.152.20:443 www.spywareblaster.net tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 67.225.152.22:443 www.brightfort.com tcp
US 67.225.152.22:443 www.brightfort.com tcp
US 67.225.152.22:443 www.brightfort.com tcp
US 67.225.152.22:443 www.brightfort.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 assets.dwncdn.net udp
US 8.8.8.8:53 assets.dwncdn.net udp
US 151.101.65.91:443 assets.dwncdn.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 151.101.65.91:443 assets.dwncdn.net udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.1:443 c8bc2afd22728d5d56480937efdf55a1.safeframe.googlesyndication.com udp
US 8.8.8.8:53 c8bc2afd22728d5d56480937efdf55a1.safeframe.googlesyndication.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 142.250.200.4:443 www.google.com udp
NL 35.214.168.80:443 gtrace.mediago.io tcp
US 8.8.8.8:53 cdn.mediago.io udp
US 8.8.8.8:53 cdn.mediago.io udp
US 8.8.8.8:53 cdn.mediago.io udp
US 8.8.8.8:53 c8bc2afd22728d5d56480937efdf55a1.safeframe.googlesyndication.com udp
NL 18.239.83.38:443 cdn.mediago.io tcp
US 8.8.8.8:53 gtrace.mediago.io udp
US 8.8.8.8:53 gtrace.mediago.io udp
NL 35.214.168.80:443 gtrace.mediago.io udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 images.dwncdn.net udp
US 8.8.8.8:53 images.dwncdn.net udp
US 216.239.34.36:443 region1.google-analytics.com udp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
US 151.101.65.91:443 images.dwncdn.net udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 142.250.180.14:443 syndicatedsearch.goog udp
US 104.22.75.216:443 btloader.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 585c3575cc3bcf59e9d925cb9a84dc51.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.200.1:443 585c3575cc3bcf59e9d925cb9a84dc51.safeframe.googlesyndication.com udp
GB 142.250.200.1:443 585c3575cc3bcf59e9d925cb9a84dc51.safeframe.googlesyndication.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 13.107.246.64:443 www.clarity.ms tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 download.cnet.com udp
NL 18.65.39.70:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 api.btloader.com udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 api.btmessage.com udp
US 8.8.8.8:53 api.btmessage.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 172.67.20.127:443 cdn.btmessage.com tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.200.4:443 www.google.com udp
GB 142.250.187.193:443 ep2.adtrafficquality.google udp
US 172.67.69.19:443 ad-delivery.net tcp
DE 178.63.248.57:443 uidsync.net tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 www.smadav.net udp
US 8.8.8.8:53 www.smadav.net udp
US 8.8.8.8:53 www.smadav.net udp
CA 51.79.72.148:443 www.smadav.net tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 920178b3d171eee646e2ba3afc78a7fa.safeframe.googlesyndication.com udp
US 8.8.8.8:53 920178b3d171eee646e2ba3afc78a7fa.safeframe.googlesyndication.com udp
US 8.8.8.8:53 920178b3d171eee646e2ba3afc78a7fa.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.75.216:443 btloader.com tcp
GB 142.250.179.225:443 920178b3d171eee646e2ba3afc78a7fa.safeframe.googlesyndication.com udp
GB 142.250.179.225:443 920178b3d171eee646e2ba3afc78a7fa.safeframe.googlesyndication.com udp
NL 18.65.39.70:443 sb.scorecardresearch.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 172.67.20.127:443 cdn.btmessage.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 smadav.net udp
US 8.8.8.8:53 smadav.net udp
CA 51.79.72.148:443 smadav.net tcp
CA 51.79.72.148:443 smadav.net tcp
CA 51.79.72.148:443 smadav.net tcp
CA 51.79.72.148:443 smadav.net tcp
CA 51.79.72.148:443 smadav.net tcp
CA 51.79.72.148:443 smadav.net tcp
CA 51.79.72.148:443 smadav.net tcp
CA 51.79.72.148:443 smadav.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 smadav.net udp
US 8.8.8.8:53 www.smadav.net udp
US 8.8.8.8:53 smadsoft.com udp
US 8.8.8.8:53 smadsoft.com udp
US 8.8.8.8:53 smadsoft.com udp
CA 51.222.109.195:443 smadsoft.com tcp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 dl-edge.smartscreen.microsoft.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 app-edge.smartscreen.microsoft.com tcp
N/A 127.0.0.1:21322 tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
GB 92.123.128.188:443 www.bing.com udp
US 52.152.143.207:443 o.clarity.ms tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.213.2:443 googleads.g.doubleclick.net udp
US 52.152.143.207:443 o.clarity.ms tcp
CA 51.222.109.195:80 konfirmasi.com tcp
CA 51.79.72.148:80 dwres.com tcp
US 8.8.8.8:53 www.konfirmasi.com udp
CA 51.222.109.195:80 www.konfirmasi.com tcp
CA 51.79.72.148:80 dwres.com tcp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 memberikan.com udp
CA 51.79.72.148:80 memberikan.com tcp
CA 51.79.72.148:80 memberikan.com tcp
US 8.8.8.8:53 smadsoft.com udp
CA 51.222.109.195:21 smadsoft.com tcp
CA 51.222.109.195:12067 smadsoft.com tcp
CA 51.79.72.148:80 memberikan.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 151.101.65.91:443 download.cnet.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.180.14:443 syndicatedsearch.goog udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
GB 142.250.180.14:443 syndicatedsearch.goog udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
GB 142.250.200.4:443 www.google.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 images.dwncdn.net udp
US 8.8.8.8:53 images.dwncdn.net udp
US 151.101.193.91:443 images.dwncdn.net udp
US 8.8.8.8:53 assets.dwncdn.net udp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
US 151.101.65.91:443 images.dwncdn.net udp
US 8.8.8.8:53 btloader.com udp
US 104.22.75.216:443 btloader.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 414245e2c8570a3e8d78e30fd9ba9f68.safeframe.googlesyndication.com udp
US 8.8.8.8:53 414245e2c8570a3e8d78e30fd9ba9f68.safeframe.googlesyndication.com udp
US 8.8.8.8:53 414245e2c8570a3e8d78e30fd9ba9f68.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.180.1:443 414245e2c8570a3e8d78e30fd9ba9f68.safeframe.googlesyndication.com udp
GB 142.250.180.1:443 414245e2c8570a3e8d78e30fd9ba9f68.safeframe.googlesyndication.com udp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 13.107.246.65:443 www.clarity.ms tcp
NL 18.65.39.28:443 sb.scorecardresearch.com tcp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.187.193:443 ep2.adtrafficquality.google udp
GB 142.250.200.4:443 www.google.com udp
GB 216.58.213.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 1052f43846c449d7e477cd7b688f36d5.safeframe.googlesyndication.com udp
US 8.8.8.8:53 1052f43846c449d7e477cd7b688f36d5.safeframe.googlesyndication.com udp
US 8.8.8.8:53 1052f43846c449d7e477cd7b688f36d5.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 telem-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 telem-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 telem-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 prod.downloadnow.com udp
US 8.8.8.8:53 prod.downloadnow.com udp
US 8.8.8.8:53 prod.downloadnow.com udp
US 151.101.129.91:443 prod.downloadnow.com tcp
GB 172.165.69.228:443 app-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 app-edge.smartscreen.microsoft.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 52.152.143.207:443 o.clarity.ms tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
GB 142.250.180.14:443 syndicatedsearch.goog udp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 push-sdk.com udp
DE 178.63.248.57:443 push-sdk.com tcp
US 104.22.75.216:443 btloader.com tcp
GB 142.250.180.14:443 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 f5528824c0ba3816bfd1328822442a5e.safeframe.googlesyndication.com udp
US 8.8.8.8:53 f5528824c0ba3816bfd1328822442a5e.safeframe.googlesyndication.com udp
US 8.8.8.8:53 f5528824c0ba3816bfd1328822442a5e.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
US 216.58.212.193:443 f5528824c0ba3816bfd1328822442a5e.safeframe.googlesyndication.com udp
US 216.58.212.193:443 f5528824c0ba3816bfd1328822442a5e.safeframe.googlesyndication.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.246.65:443 www.clarity.ms tcp
US 172.67.69.19:443 ad-delivery.net tcp
NL 18.65.39.28:443 sb.scorecardresearch.com tcp
DE 178.63.248.57:443 push-sdk.com tcp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 151.101.193.91:443 download.cnet.com udp
DE 178.63.248.57:443 push-sdk.com tcp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
CA 51.79.72.148:80 memberikan.com tcp
DE 178.63.248.57:443 push-sdk.com tcp
GB 92.123.128.142:443 www.bing.com udp
GB 216.58.213.2:443 googleads.g.doubleclick.net udp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 151.101.1.91:443 download.cnet.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 142.250.180.14:443 syndicatedsearch.goog udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 142.250.200.4:443 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
NL 185.89.211.84:443 ams3-ib.adnxs.com tcp
GB 172.217.169.65:443 4f1102a07efb73da124071bd2cbd5401.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
GB 92.123.128.150:443 www.bing.com udp
GB 142.250.180.14:443 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 images.dwncdn.net udp
US 8.8.8.8:53 images.dwncdn.net udp
US 8.8.8.8:53 assets.dwncdn.net udp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
US 151.101.1.91:443 assets.dwncdn.net udp
US 151.101.193.91:443 assets.dwncdn.net udp
US 104.22.75.216:443 btloader.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 4a3ef2731c550cc64119f6b14345e904.safeframe.googlesyndication.com udp
US 8.8.8.8:53 4a3ef2731c550cc64119f6b14345e904.safeframe.googlesyndication.com udp
US 8.8.8.8:53 4a3ef2731c550cc64119f6b14345e904.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.204.65:443 4a3ef2731c550cc64119f6b14345e904.safeframe.googlesyndication.com tcp
GB 216.58.204.65:443 4a3ef2731c550cc64119f6b14345e904.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 ag.dns-finder.com udp
US 8.8.8.8:53 ag.dns-finder.com udp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 13.107.246.65:443 www.clarity.ms tcp
NL 18.65.39.29:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 api.btloader.com udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.187.193:443 ep2.adtrafficquality.google udp
GB 142.250.200.4:443 www.google.com udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 down.easeus.com udp
US 8.8.8.8:53 down.easeus.com udp
US 8.8.8.8:53 down.easeus.com udp
US 8.8.8.8:53 down.easeus.com udp
US 8.8.8.8:53 down.easeus.com udp
US 8.8.8.8:53 down.easeus.com udp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 860f5ad18f7c2a06f0965ab430ffb9c5.safeframe.googlesyndication.com udp
US 8.8.8.8:53 860f5ad18f7c2a06f0965ab430ffb9c5.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.187.193:443 860f5ad18f7c2a06f0965ab430ffb9c5.safeframe.googlesyndication.com udp
GB 142.250.187.193:443 860f5ad18f7c2a06f0965ab430ffb9c5.safeframe.googlesyndication.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.246.65:443 www.clarity.ms tcp
NL 18.65.39.29:443 sb.scorecardresearch.com tcp
NL 18.239.94.116:443 down.easeus.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download2.easeus.com udp
US 8.8.8.8:53 download2.easeus.com udp
US 8.8.8.8:53 download2.easeus.com udp
US 8.8.8.8:53 download2.easeus.com udp
US 8.8.8.8:53 download2.easeus.com udp
US 8.8.8.8:53 download2.easeus.com udp
NL 18.238.243.114:443 download2.easeus.com tcp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 dl-edge.smartscreen.microsoft.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
N/A 127.0.0.1:21322 tcp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
US 52.152.143.207:443 o.clarity.ms tcp
NL 13.227.219.91:80 download.easeus.com tcp
US 8.8.8.8:53 d.easeus.com udp
NL 65.9.86.126:443 d.easeus.com tcp
US 8.8.8.8:53 track.easeus.com udp
HK 8.218.236.152:80 track.easeus.com tcp
US 47.252.97.12:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.12:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.12:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
NL 65.9.86.126:443 d.easeus.com tcp
US 47.252.97.12:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
NL 65.9.86.126:443 d.easeus.com tcp
NL 65.9.86.126:443 d.easeus.com tcp
NL 65.9.86.126:443 d.easeus.com tcp
US 47.252.97.12:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.12:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
GB 92.123.128.173:443 www.bing.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
GB 2.22.249.137:443 assets.msn.com tcp
IE 13.74.129.1:443 c.msn.com tcp
GB 92.123.128.149:443 www.bing.com tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
GB 2.22.249.137:443 assets.msn.com tcp
US 150.171.28.10:443 c.bing.com tcp
GB 92.123.128.169:443 th.bing.com tcp
NL 18.65.39.56:443 sb.scorecardresearch.com tcp
GB 2.19.117.165:443 img-s-msn-com.akamaized.net tcp
GB 2.22.249.137:443 assets.msn.com udp
GB 2.19.117.165:443 img-s-msn-com.akamaized.net tcp
GB 2.19.117.165:443 img-s-msn-com.akamaized.net tcp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
GB 2.22.249.137:443 assets.msn.com udp
GB 2.19.117.165:443 img-s-msn-com.akamaized.net udp
US 20.42.73.24:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 ecn.dev.virtualearth.net udp
US 8.8.8.8:53 ecn.dev.virtualearth.net udp
GB 2.23.220.162:443 ecn.dev.virtualearth.net tcp
US 52.152.143.207:443 o.clarity.ms tcp
GB 92.123.128.149:443 www.bing.com udp
US 8.8.8.8:53 srtb.msn.com udp
US 8.8.8.8:53 srtb.msn.com udp
GB 92.123.128.169:443 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 204.79.197.219:443 r.msftstatic.com tcp
US 204.79.197.219:443 r.msftstatic.com tcp
GB 92.123.128.166:443 r.bing.com tcp
GB 92.123.128.166:443 r.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.182:443 th.bing.com tcp
GB 92.123.128.161:443 r.bing.com tcp
GB 92.123.128.161:443 r.bing.com tcp
GB 92.123.128.182:443 th.bing.com tcp
GB 92.123.128.161:443 r.bing.com udp
GB 92.123.128.161:443 r.bing.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.140:443 login.microsoftonline.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 deff.nelreports.net udp
US 8.8.8.8:53 deff.nelreports.net udp
GB 2.19.117.143:443 aefd.nelreports.net tcp
NL 104.109.143.159:443 deff.nelreports.net tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 185.199.109.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 140.82.112.22:443 collector.github.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
US 52.152.143.207:443 o.clarity.ms tcp
GB 20.26.156.210:443 api.github.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
N/A 127.0.0.1:21322 tcp
US 140.82.112.22:443 collector.github.com tcp
US 13.107.21.239:443 edge.microsoft.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
GB 51.140.242.104:443 dl-edge.smartscreen.microsoft.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 assets.dwncdn.net udp
US 8.8.8.8:53 assets.dwncdn.net udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 151.101.65.91:443 assets.dwncdn.net udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 151.101.129.91:443 assets.dwncdn.net udp
US 140.82.112.22:443 collector.github.com tcp
US 20.42.73.24:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
IT 91.80.49.20:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp
US 104.22.20.109:443 cdn.btmessage.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
GB 92.123.128.190:443 www.bing.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 images.dwncdn.net udp
US 8.8.8.8:53 images.dwncdn.net udp
US 151.101.1.91:443 images.dwncdn.net udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
GB 142.250.180.14:443 syndicatedsearch.goog udp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 push-sdk.com udp
DE 157.90.33.68:443 push-sdk.com tcp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.180.14:443 syndicatedsearch.goog udp
US 8.8.8.8:53 093d85a5aae03759eccb3d210b3f7308.safeframe.googlesyndication.com udp
US 8.8.8.8:53 093d85a5aae03759eccb3d210b3f7308.safeframe.googlesyndication.com udp
US 8.8.8.8:53 093d85a5aae03759eccb3d210b3f7308.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 172.217.169.1:443 093d85a5aae03759eccb3d210b3f7308.safeframe.googlesyndication.com udp
GB 172.217.169.1:443 093d85a5aae03759eccb3d210b3f7308.safeframe.googlesyndication.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.246.65:443 www.clarity.ms tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
NL 18.65.39.29:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 uidsync.net udp
US 8.8.8.8:53 uidsync.net udp
DE 23.88.8.123:443 uidsync.net tcp
DE 23.88.8.123:443 uidsync.net tcp
US 8.8.8.8:53 api.btloader.com udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.200.4:443 www.google.com udp
GB 142.250.187.193:443 ep2.adtrafficquality.google udp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
GB 142.250.200.4:443 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 2930185d645d89cc533a1c9338243b59.safeframe.googlesyndication.com udp
US 8.8.8.8:53 2930185d645d89cc533a1c9338243b59.safeframe.googlesyndication.com udp
US 8.8.8.8:53 2930185d645d89cc533a1c9338243b59.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 172.217.16.225:443 2930185d645d89cc533a1c9338243b59.safeframe.googlesyndication.com udp
GB 172.217.16.225:443 2930185d645d89cc533a1c9338243b59.safeframe.googlesyndication.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 13.107.246.65:443 www.clarity.ms tcp
NL 18.65.39.29:443 sb.scorecardresearch.com tcp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 151.101.129.91:443 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.hwsuite.com udp
US 8.8.8.8:53 www.hwsuite.com udp
US 185.142.34.199:443 www.hwsuite.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
NL 18.65.39.29:443 sb.scorecardresearch.com tcp
US 13.107.246.65:443 www.clarity.ms tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 e4000c0f3020a145659642dfcec09d4a.safeframe.googlesyndication.com udp
US 8.8.8.8:53 e4000c0f3020a145659642dfcec09d4a.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.75.216:443 btloader.com tcp
GB 142.250.200.33:443 e4000c0f3020a145659642dfcec09d4a.safeframe.googlesyndication.com udp
GB 142.250.200.33:443 e4000c0f3020a145659642dfcec09d4a.safeframe.googlesyndication.com udp
US 185.142.34.199:443 www.hwsuite.com tcp
US 185.142.34.199:443 www.hwsuite.com tcp
US 185.142.34.199:443 www.hwsuite.com tcp
US 185.142.34.199:443 www.hwsuite.com tcp
US 185.142.34.199:443 www.hwsuite.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 td.doubleclick.net udp
US 8.8.8.8:53 td.doubleclick.net udp
US 8.8.8.8:53 td.doubleclick.net udp
US 8.8.8.8:53 www.hwsuite.com udp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.4:443 www.google.com udp
US 150.171.28.10:443 bat.bing.com tcp
GB 216.58.213.2:443 googleads.g.doubleclick.net udp
GB 163.70.147.23:443 connect.facebook.net udp
GB 163.70.147.23:443 connect.facebook.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.212.227:443 www.google.co.uk udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 www.hwsuite.com udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 mc.yandex.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
RU 87.250.251.119:443 mc.yandex.com tcp
RU 87.250.251.119:443 mc.yandex.com tcp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.hwsuite.com udp
GB 163.70.147.35:443 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 hwsuiteshop.cloud udp
US 8.8.8.8:53 hwsuiteshop.cloud udp
US 185.142.34.199:443 hwsuiteshop.cloud tcp
RU 87.250.250.119:443 mc.yandex.com tcp
RU 87.250.250.119:443 mc.yandex.com tcp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 20.189.173.7:443 browser.events.data.msn.com tcp
US 185.142.34.199:443 hwsuiteshop.cloud tcp
US 20.189.173.7:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
US 52.152.143.207:443 o.clarity.ms tcp
US 185.142.34.199:443 hwsuiteshop.cloud tcp
US 8.8.8.8:53 td.doubleclick.net udp
US 8.8.8.8:53 www.hwsuite.com udp
US 8.8.8.8:53 hwsuiteshop.cloud udp
US 185.142.34.199:443 hwsuiteshop.cloud tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 150.171.28.10:443 bat.bing.com tcp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 52.152.143.207:443 o.clarity.ms tcp
RU 87.250.250.119:443 mc.yandex.com tcp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 app-edge.smartscreen.microsoft.com tcp
RU 87.250.250.119:443 mc.yandex.com tcp
RU 87.250.250.119:443 mc.yandex.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
RU 87.250.250.119:443 mc.yandex.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 52.152.143.207:443 o.clarity.ms tcp
RU 87.250.250.119:443 mc.yandex.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
GB 92.123.128.163:443 www.bing.com udp
HK 8.218.236.152:80 track.easeus.com tcp
RU 87.250.250.119:443 mc.yandex.com tcp
RU 87.250.250.119:443 mc.yandex.com tcp
RU 87.250.250.119:443 mc.yandex.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
CA 51.79.72.148:443 memberikan.com tcp
CA 51.79.72.148:443 memberikan.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 151.101.193.91:443 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 images.dwncdn.net udp
US 8.8.8.8:53 assets.dwncdn.net udp
US 8.8.8.8:53 assets.dwncdn.net udp
GB 142.250.180.14:443 syndicatedsearch.goog udp
US 151.101.193.91:443 assets.dwncdn.net udp
US 151.101.193.91:443 assets.dwncdn.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 c7e05eb2afdaeefd132fc423b6ae4427.safeframe.googlesyndication.com udp
US 8.8.8.8:53 c7e05eb2afdaeefd132fc423b6ae4427.safeframe.googlesyndication.com udp
US 8.8.8.8:53 c7e05eb2afdaeefd132fc423b6ae4427.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.212.225:443 c7e05eb2afdaeefd132fc423b6ae4427.safeframe.googlesyndication.com udp
GB 216.58.212.225:443 c7e05eb2afdaeefd132fc423b6ae4427.safeframe.googlesyndication.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 130.211.23.194:443 api.btloader.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 13.107.246.64:443 www.clarity.ms tcp
NL 18.65.39.28:443 sb.scorecardresearch.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 142.250.187.193:443 ep2.adtrafficquality.google udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
DE 157.90.33.68:443 uidsync.net tcp
GB 142.250.180.14:443 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 06fb4cc386ca75b626626b402cb91044.safeframe.googlesyndication.com udp
US 8.8.8.8:53 06fb4cc386ca75b626626b402cb91044.safeframe.googlesyndication.com udp
US 8.8.8.8:53 06fb4cc386ca75b626626b402cb91044.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.204.65:443 06fb4cc386ca75b626626b402cb91044.safeframe.googlesyndication.com udp
GB 216.58.204.65:443 06fb4cc386ca75b626626b402cb91044.safeframe.googlesyndication.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
DE 23.88.8.123:443 uidsync.net tcp
US 13.107.246.64:443 www.clarity.ms tcp
NL 18.65.39.28:443 sb.scorecardresearch.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 download.cnet.com udp
DE 23.88.8.123:443 uidsync.net tcp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 52.152.143.207:443 o.clarity.ms tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 6f0e9bda0d6e101286212e20d57c54dd.safeframe.googlesyndication.com udp
US 8.8.8.8:53 6f0e9bda0d6e101286212e20d57c54dd.safeframe.googlesyndication.com udp
US 8.8.8.8:53 6f0e9bda0d6e101286212e20d57c54dd.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.26.2.70:443 ad-delivery.net tcp
GB 142.250.179.225:443 6f0e9bda0d6e101286212e20d57c54dd.safeframe.googlesyndication.com udp
GB 142.250.179.225:443 6f0e9bda0d6e101286212e20d57c54dd.safeframe.googlesyndication.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
NL 18.65.39.28:443 sb.scorecardresearch.com tcp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 6f0e9bda0d6e101286212e20d57c54dd.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 6f0e9bda0d6e101286212e20d57c54dd.safeframe.googlesyndication.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 eaf1af8828d542cf366b453373adc3e5.safeframe.googlesyndication.com udp
US 8.8.8.8:53 eaf1af8828d542cf366b453373adc3e5.safeframe.googlesyndication.com udp
US 8.8.8.8:53 eaf1af8828d542cf366b453373adc3e5.safeframe.googlesyndication.com udp
US 8.8.8.8:53 download.cnet.com udp
GB 216.58.201.97:443 eaf1af8828d542cf366b453373adc3e5.safeframe.googlesyndication.com tcp
GB 216.58.201.97:443 eaf1af8828d542cf366b453373adc3e5.safeframe.googlesyndication.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 104.26.2.70:443 ad-delivery.net tcp
NL 18.65.39.28:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 api.btmessage.com udp
US 172.67.20.127:443 cdn.btmessage.com tcp
US 104.22.20.109:443 cdn.btmessage.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 download.cnet.com udp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 download.cnet.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
N/A 127.0.0.1:21322 tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
GB 92.123.128.133:443 www.bing.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 deff.nelreports.net udp
US 8.8.8.8:53 deff.nelreports.net udp
GB 2.19.117.146:443 aefd.nelreports.net udp
NL 104.109.143.159:443 deff.nelreports.net tcp
N/A 127.0.0.1:21322 tcp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
N/A 127.0.0.1:21322 tcp
NL 185.89.210.180:443 ams3-ib.adnxs.com tcp
N/A 127.0.0.1:21322 tcp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
US 52.152.143.207:443 o.clarity.ms tcp
N/A 127.0.0.1:21322 tcp
US 8.8.8.8:53 download.cnet.com udp
US 8.8.8.8:53 download.cnet.com udp
US 151.101.193.91:443 download.cnet.com udp
CA 51.79.72.148:80 memberikan.com tcp
N/A 127.0.0.1:21322 tcp
N/A 127.0.0.1:21322 tcp
N/A 127.0.0.1:21322 tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
GB 92.123.128.192:443 www.bing.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
US 52.152.143.207:443 o.clarity.ms tcp
N/A 127.0.0.1:21322 tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
N/A 127.0.0.1:21322 tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
N/A 127.0.0.1:21322 tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp
GB 92.123.128.164:443 www.bing.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net tcp
N/A 127.0.0.1:21322 tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.178.14:443 play.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 youareanidiot.cc udp
US 8.8.8.8:53 youareanidiot.cc udp
N/A 127.0.0.1:21322 tcp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
US 52.152.143.207:443 o.clarity.ms tcp

Files

C:\Users\Admin\Downloads\Let's Compress.exe

MD5 62b3ac73731fc81080b814c88320961b
SHA1 76a7977f8ee1dc1663eb557aa9ad3940beadc9b9
SHA256 c2d89609c65e1179432737cdf317894efd44a4659dd71f6b9a15141b8928137c
SHA512 26a61dafa7fbd49fa50e68a0a67974f43c8100a92155d7977bcf227def166a5b7351697b97a35e81a25fbd16bc36017bfa2b8964aa65618500af3a61da4eaa34

C:\Users\Admin\AppData\Roaming\Let's Compress\Let's Compress 1.4.0.0\install\decoder.dll

MD5 9d45f2790dda55df2d99ef66dcb2019d
SHA1 f2a369c1b82476e2e0641f95394dd4dee8223f01
SHA256 9b7ff49f7e1d0a39826ec458c8004b20a65a4bd0592b083f38b01e2dbc2b510f
SHA512 9bef561ec6908dcd7e75f5f63cff8b1ec73e9be2b4e4aa5602182cde18d691cc28259b980c87246c5d27b4284bc783fba44d92a202f77b15f3e65c89dd3aa069

C:\Users\Admin\AppData\Roaming\Let's Compress\Let's Compress 1.4.0.0\install\E05A911\Let's Compress.msi

MD5 f0768b8fb79d6e85606928a8942eb9b4
SHA1 bc3b854d0dda803b62d6acc859574acf7c5bf3d0
SHA256 5814b58aa3203e7b08b4a9bea8f9fc8bd71993073d5ba827b03de71286377196
SHA512 1c35ee1b8b9bd342b690cd580eb38c630a4a6792ce72b08ebabbb76ea8aa297b50c8ba389db6bbbe418b87bf7cd75313f25bdeb6ed5541e13ffef06dae230e3e

C:\Users\Admin\AppData\Local\Temp\MSI983C.tmp

MD5 72b1c6699ddc2baab105d32761285df2
SHA1 fc85e9fb190f205e6752624a5231515c4ee4e155
SHA256 bf7f6f7e527ab8617766bb7a21c21b2895b5275c0e808756c2aadcd66eff8a97
SHA512 cde1e754d8dfb2fa55db243517b5dd3d75b209ea6387ef2e4be6157875e536db2373f23434a9e66c119150301c7b7cdf97de5a5544d94c03247b4ae716cbc170

C:\Windows\Installer\MSI9A8D.tmp

MD5 ea331456b0c22e14ee435f7be74e92ed
SHA1 afc527b8a232dcca8f6ba66bc6ee32045bfcb721
SHA256 458b53c62837677a0308c12db582107831a40ce1b2b818603d166401f599ed68
SHA512 64e88e4f1a2edb35daa04781561480210c61b401084e81622b4c84dfe61745941eafc3ed1513aaca92bc2f662b3a19255e3db9f9661742767398b2d5f573b714

C:\Windows\Installer\MSI9B1F.tmp

MD5 40117f705bff008c3d96a73162dad044
SHA1 2735813836f36b5de83a745c47628053a0f61f66
SHA256 32211c43bcfee2ea3ae54899af178d1fc0c2b1111b2a9e3cc3fd125e1ab7daad
SHA512 eace1d55d479c4cf5692ec1dc98a6738e94874901bebe14a0a0a93eefd00fc4bd55a701e4629a1f7c47f72ac91fe3b698d590a8463119998852e05d6682f91a4

C:\Users\Admin\AppData\Roaming\Let's Compress\Let's Compress 1.4.0.0\install\E05A911\lets_compress.exe

MD5 a67204f86460f7b1e2bfa5006b202605
SHA1 978a7f8fb723ea2236a1c7b6e8438c5906dc66c4
SHA256 eaf8d7191a316c5b55ef00da8421c8614ea94e18bbd7de8ddc4bdd04b48b4eec
SHA512 c14288a03b8d5af7161f9fabe4d9269ec56cbe523b0273f5b94be72aedae1c758f4c4ed06156df0eb33737f4b0debb5d4c1f0b8dfed1ec76fc9af0d56bb66bb8

C:\Users\Admin\AppData\Roaming\Let's Compress\Let's Compress 1.4.0.0\install\E05A911\upd.exe

MD5 bbc4c48776d5b5261d1d1b46ddb899bb
SHA1 a5721691e0fbe4d65d074e4a928394efc6b375c8
SHA256 fd7e65d9fb95d7734efe5c9496245f6be10c692da15f43595dba7659e27fa296
SHA512 757d3efaa8b380fbbafee9c46f030339b4455f9573a330e1f04f2c2b60b8138911854acc05a31e818cf2c8eff8f6f2b6fe8928dbb30e39ed71b5d57cb49a9666

memory/4548-86-0x0000000004DC0000-0x0000000004DF4000-memory.dmp

C:\Windows\Installer\SFXCA68BD3185194C5A88D656F9EF9C7F66CA\WixToolset.Dtf.WindowsInstaller.dll

MD5 ef8d5785ac8669f5fd54e22f52770e6b
SHA1 4c94ae7ef233be33a56c0a5d9b8e2211d5d5792c
SHA256 a614884ea627da1925131ebf41e8ae202caeac0fe543b86384f5eb2bfaf1aa75
SHA512 ab3b140bd6531f22e994606820e6511442c23d9015b1e1a38aaed43aa42ba29a996511151d0b3a383c05c2b11f670e52cdd7f507ad1a1ad8cebea57fb22ade5a

memory/4548-90-0x0000000004E00000-0x0000000004E0A000-memory.dmp

C:\Windows\Installer\SFXCA68BD3185194C5A88D656F9EF9C7F66CA\RequestSender.dll

MD5 94a43bf9e4550a8e06cefcfb7519bbf5
SHA1 c40351ce9b24db273eecffbb708e7702080e2e80
SHA256 9d9ea630863a3aabaf5d8552b467cfdd5339419d18197221f12dc5c9879f899b
SHA512 f92b3b003b5abc0ca2fc487efb6ed352f5b08742e2cd235ca5ec0ca57c2d1fbd2fdebfb6dc92931389108b91102a9c7a9a7c4812cedf28758803f3e373563bb8

C:\Windows\Installer\MSI9CD7.tmp

MD5 ec4cd2159189ffa5d293a24e92964b6d
SHA1 d16bbb7b4504afa4d70442e051e548372586b5d3
SHA256 8a77ed5526ecf88b81844993b5c55bdf6e056aade9c8cb3e1fd89a3b4d41a780
SHA512 099663cd0584dce7ec17322fcecef330341a711a1d6854f57eb852650ab8272b44708f18ebf6ca0e42b2ca0ed10ad99ea7729562de553353afb615604ea19101

memory/4548-96-0x0000000004E80000-0x0000000004EE6000-memory.dmp

C:\Windows\Installer\SFXCA68BD3185194C5A88D656F9EF9C7F66CA\CustomAction.config

MD5 ee9a8381338b060d86c58e2415f481f3
SHA1 200f3ed7c773f50c80644f3976e09e876f45993f
SHA256 7e1096d6f39ebe04d6e38bc714983af05ed92cc2bb4d3365ed4c85e733cb145c
SHA512 26b9108b9522574e08560bc45a6470f85ca149317bd763f3a357040e0f0e743fd7bfc05e0ce2d9fb52bf89e22c61d221ddf8a7163f5143848717ca3d56847ef1

C:\Windows\Installer\SFXCA9DE06CBCE040D61B7E6C0E313D4C8E2F\Microsoft.Win32.TaskScheduler.dll

MD5 0616ea42b68a8f5f2f01bcd985bdcbc7
SHA1 88d6aae1f17b00f4391e0e7b17e98c494be73ba1
SHA256 ea27c65491119eee5c8e87ce3d470783580db8fc5bd141c496768d7d0cce779a
SHA512 ce4657908615c4837084c75d806c083b8f7e63965a2e7866b8c96de7c0278a0857235b74cd9443769968165db250eba042a5b05927febff5bb70bebb7dcbd814

memory/3568-123-0x0000000002D30000-0x0000000002D88000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

MD5 ef375f28c91db0202bf7db29c0cbc2ce
SHA1 5a3f5d4ec75a468b908c2eb2b9e6f4b1e76c1017
SHA256 f4d1c038db378dec10e7e2fc81ccc2e2d4b8132ef0d66905e3625a0b0cbbde5f
SHA512 f18141e352fcd253e02cb25fa0cff29ab06dec62bafd5aa80ca48c959d1dba97deae830d01bf521f851a8143b9416747eb170d0cedafa32b59155027c02f244d

C:\Config.Msi\e5d9a13.rbs

MD5 685015247ff185390dfb92de790ec187
SHA1 70a8b212ea37d7fab2af745c9040de78fb47a7d6
SHA256 ecb11fa4cad9db6dd6f132f0d1a96dd06d89f68186752fe342e23b5a13009f5f
SHA512 5a23d30ad5bdeb10361baee824b84efc9efd4c12d74ba519216d1b7417a16347d41ec5d0b603c6c9cdef531eb94b454ed64cbbb4ebb320c14969ca017643a62c

C:\Users\Admin\AppData\Local\Temp\nsv12BD.tmp\LangDLL.dll

MD5 f1e9eed02db3a822a7ddef0c724e5f1f
SHA1 65864992f5b6c79c5efbefb5b1354648a8a86709
SHA256 6dff504c6759c418c6635c9b25b8c91d0d9ef7787a3a93610d7670bb563c09df
SHA512 c22b64fff76b25cf53231b8636f07b361d95791c4646787ce7beac27ad6a0de88337dcceb25b5196f97c452dda72e2614647f51a8a18cb4d5228a82ed2e0780c

C:\Users\Admin\AppData\Local\Temp\nsv12BD.tmp\FindProcDLL.dll

MD5 ba4c1dfe226d573d516c0529f263011e
SHA1 d726e947633ea75c09bba1cb6a14a79ce953be24
SHA256 2ffe1ac2555e822b4a383996168031e456f09f9cf3bb763fccee35be178cf58a
SHA512 73d607f0cc27eb3b1966911edf669417249bbcaa2d07f037cb3d3d3eaf368110e7e683d0e2186b06820302cd17041d5f60adab1d0ad0ebc03e34075cea37f5f8

C:\Users\Admin\AppData\Local\Temp\nsv12BD.tmp\System.dll

MD5 17ed1c86bd67e78ade4712be48a7d2bd
SHA1 1cc9fe86d6d6030b4dae45ecddce5907991c01a0
SHA256 bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
SHA512 0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

C:\Users\Admin\AppData\Local\Temp\nsv12BD.tmp\nsDialogs.dll

MD5 42b064366f780c1f298fa3cb3aeae260
SHA1 5b0349db73c43f35227b252b9aa6555f5ede9015
SHA256 c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab
SHA512 50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7

C:\Users\Admin\AppData\Local\Temp\nsv12BD.tmp\w7tbp.dll

MD5 9a3031cc4cef0dba236a28eecdf0afb5
SHA1 708a76aa56f77f1b0ebc62b023163c2e0426f3ac
SHA256 53bb519e3293164947ac7cbd7e612f637d77a7b863e3534ba1a7e39b350d3c00
SHA512 8fddde526e7d10d77e247ea80b273beae9dde1d4112806f1f5c3e6a409247d54d8a4445ab5bdd77025a434c3d1dcfdf480dac21abbdb13a308d5eb74517fab53

C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\Includes\Hijackers.sbi

MD5 6c9e2c1af983cc415773b1e44f40f009
SHA1 8009f98a1cfb54d88383aba563a0b6a876e8fb57
SHA256 f3c4f1333c7928d18af450cb0062c5cd007c899cb436b105d9804834a17198ab
SHA512 186f93fa09e3d66e997f6bfa5f1351d9aedec315b5165799fbf008a17ccc9b3c1758261ab8af3f3b8ce2621336bb5a1524dbc6b15a00236576c323055760d56d

C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\Includes\TrojansC-05.sbi

MD5 8e23d6ae1fce7d134593d1ef555299ae
SHA1 786ad5cad894422f883b55fb00d9a7671d1b8e53
SHA256 7281dfdaad20c91d51388e81e2156be8e25e2b806ffc84580993822f10ddc91c
SHA512 4edeb103c1f743fbffc753a6aa23100744b1ed52ee9e618c2450a833f473010acf261fce0f8a9d59f1ed521de759b8064211751e67bf4463c072f5afb0a44217

C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\Updates\Downloads\TrojansC-05.sbi-20140116.cab

MD5 ffba0388187990039eedd2fe48cf0688
SHA1 0a76168749cfe2753898842ab15e59cabef08306
SHA256 73a790d6c7170a3197b50369f5023ed2155f12239c23056b19eeec81d80ef383
SHA512 d85bd4d3bda4919dcacf0832a4303f19a556a69aac81e0d49028e465d4123ec8895b119f1e08722d5c541f9bc143c37b21218a25e22448feb3b18c96bb5d1536

C:\Users\Admin\Downloads\SpybotPortable\App\Spybot\locale\ru_RU\LC_MESSAGES\default.mo

MD5 f5b62e103b2790783534b9b15d852861
SHA1 577a4ba628d6ee691c245f1642d0ac959706909e
SHA256 daf40252a688bd14e1c8845efc0f792c9cbc9d93cdb99549d153238a7b22f815
SHA512 da748c6bf441a77e2ca9ca578c6353d215ffcfcfdfc2c26484e25507a6c5efdedb3ca6290f9cf49d6c1d30b29fca14880bcbb11317678160b229a9e94936676e

C:\Users\Admin\Downloads\SpybotPortable\App\AppInfo\pac_installer_log.ini

MD5 7d52aa2322d59490a4ab565075166a7b
SHA1 5ed06b30928212977f33b45bbd851812f2660ee9
SHA256 847bd4b3d805936b1fa2cb4dbc31b22e8f9a6d9d961236cb8430b27334cd63ac
SHA512 cc20f9cda176f7b49f90fec80fb8ada56c066a06940bd58533800f9c3bcc1ac8ed707ce352e6364785a7c5e4aab5db712af604fb87afad7f859b5c570b4f2f95

C:\Users\Admin\AppData\Local\Temp\nsv12BD.tmp\modern-wizard.bmp

MD5 4df53efcaa2c52f39618b2aad77bb552
SHA1 542de62a8a48a3ff57cf7845737803078062e95b
SHA256 ee13539f3d66cc0592942ea1a4c35d8fd9af67b1a7f272d0d791931e6e9ce4eb
SHA512 565a6ba0c9afc916cf62dac617c671f695cd86bd36358e9897f1f0e1a23a59d3019a12349029e05bf91abfb7b213ef02fc5c568a2bfcde0e3896e98cbcfa623a

C:\Users\Admin\AppData\Local\Temp\nsy7426.tmp\launcher.ini

MD5 9a5ab3d4e8e6c25ac9f8dd20a573d113
SHA1 23a125b2ba80cd34f36b64bd1a6a4318f7913fca
SHA256 5b72284c8cff95adbc588b63bd11c8357ca5bbf672485752e0cf9f6d06f3c329
SHA512 88d696b60bd4a01878023055c99bf0118e1490492cf7be7073b4b081c8355b73d1d7997677cd32fcad4c32e2d330be1cf648af2e0f2b2d65f149d606ad30ae33

C:\Users\Admin\AppData\Local\Temp\nsy7426.tmp\registry.dll

MD5 2880bf3bbbc8dcaeb4367df8a30f01a8
SHA1 cb5c65eae4ae923514a67c95ada2d33b0c3f2118
SHA256 acb79c55b3b9c460d032a6f3aaf6c642bf8c1d450e23279d091cc0c6ca510973
SHA512 ca978702ce7aa04f8d9781a819a57974f9627e969138e23e81e0792ff8356037c300bb27a37a9b5c756220a7788a583c8e40cc23125bcbe48849561b159c4fa3

memory/5484-876-0x00000000051C0000-0x0000000005223000-memory.dmp

memory/5396-903-0x0000000000960000-0x0000000000A41000-memory.dmp

memory/5396-904-0x0000000000AA0000-0x0000000000B0B000-memory.dmp

memory/5396-902-0x0000000000A70000-0x0000000000A9E000-memory.dmp

memory/5396-901-0x0000000000A50000-0x0000000000A70000-memory.dmp

memory/5396-905-0x0000000003570000-0x000000000360B000-memory.dmp

memory/5396-930-0x00000000504B0000-0x00000000504EF000-memory.dmp

memory/5396-935-0x0000000003570000-0x000000000360B000-memory.dmp

memory/5396-936-0x0000000005150000-0x0000000005560000-memory.dmp

memory/5396-934-0x0000000000AA0000-0x0000000000B0B000-memory.dmp

memory/5396-933-0x0000000000A70000-0x0000000000A9E000-memory.dmp

memory/5396-931-0x0000000000960000-0x0000000000A41000-memory.dmp

memory/5396-932-0x0000000000A50000-0x0000000000A70000-memory.dmp

memory/5396-927-0x0000000050250000-0x00000000504AF000-memory.dmp

memory/5396-928-0x0000000048000000-0x000000004838F000-memory.dmp

memory/5396-926-0x0000000050030000-0x0000000050248000-memory.dmp

memory/5396-929-0x0000000040830000-0x0000000040884000-memory.dmp

memory/5396-925-0x0000000030400000-0x000000003080C000-memory.dmp

memory/5396-942-0x0000000050030000-0x0000000050248000-memory.dmp

memory/5396-943-0x0000000050250000-0x00000000504AF000-memory.dmp

memory/5396-955-0x0000000050250000-0x00000000504AF000-memory.dmp

memory/5396-954-0x0000000050030000-0x0000000050248000-memory.dmp

memory/4456-966-0x0000000003700000-0x00000000037E1000-memory.dmp

memory/4456-968-0x0000000003810000-0x000000000387B000-memory.dmp

memory/4456-967-0x00000000037F0000-0x0000000003810000-memory.dmp

memory/4456-965-0x0000000003660000-0x00000000036FB000-memory.dmp

memory/4456-972-0x0000000005C70000-0x000000000610F000-memory.dmp

memory/4456-975-0x0000000006360000-0x000000000638E000-memory.dmp

memory/4456-973-0x0000000006250000-0x000000000635B000-memory.dmp

memory/4456-976-0x0000000006390000-0x000000000642C000-memory.dmp

memory/4456-977-0x0000000006430000-0x0000000006487000-memory.dmp

memory/4456-978-0x0000000006710000-0x00000000067C6000-memory.dmp

memory/5396-980-0x0000000030400000-0x000000003080C000-memory.dmp

memory/5396-982-0x0000000050250000-0x00000000504AF000-memory.dmp

memory/5396-981-0x0000000050030000-0x0000000050248000-memory.dmp

C:\Users\Admin\Downloads\1111_with_WARP_V2024.12.760.0.msi:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\Downloads\1111_with_WARP_V2024.12.760.0.msi:Zone.Identifier

MD5 1cb62b0579f0ce7f6850153a83c3b6e7
SHA1 c40d0302a089bac50d15abb0015f4f34aca826ca
SHA256 55106713ea8559b6b96636f8559c98e73470c9c3d8e318631818657b6815d9d2
SHA512 55d3e9538d97bdfed05c679b211e9b32c4c267f3e04439c953046baa7d2b9b8029fcce6ce3c5a0c5d89b274cad7d0e1856aacdb7e5030185650713f62f7e7bda

memory/1036-1264-0x000002A5DCDB0000-0x000002A5DCDDE000-memory.dmp

memory/1036-1266-0x000002A5DCDA0000-0x000002A5DCDAA000-memory.dmp

memory/1036-1268-0x000002A5DCF40000-0x000002A5DCF48000-memory.dmp

memory/1036-1269-0x000002A5DCF70000-0x000002A5DCF8A000-memory.dmp

C:\Windows\Installer\MSI676B.tmp-0\CustomAction.config

MD5 01c01d040563a55e0fd31cc8daa5f155
SHA1 3c1c229703198f9772d7721357f1b90281917842
SHA256 33d947c04a10e3aff3dca3b779393fa56ce5f02251c8cbae5076a125fdea081f
SHA512 9c3f0cc17868479575090e1949e31a688b8c1cdfa56ac4a08cbe661466bb40ecfc94ea512dc4b64d5ff14a563f96f1e71c03b6eeacc42992455bd4f1c91f17d5

C:\Windows\Installer\MSI676B.tmp-0\Microsoft.Deployment.WindowsInstaller.dll

MD5 c2c83128276cc7c9cccc399bb5d76031
SHA1 776f9ca8175d95d0bc7c44847d60091bdf415041
SHA256 791da16b0df6956e88b04dab8b543b99dc2abd9af24aa25208fe5a0981e811b3
SHA512 c8651107f699daa299182dbe594da76cd794ba0d7661a483aaa932f0967a3af5761c8e8a3250cb501019d39b483d09427ac75aa7fa3a191a090e226d8d9fd515

C:\Windows\Installer\MSI676B.tmp-0\Warp.Installer.Actions.dll

MD5 9624f3e0efeb4c10660a9a35c4f21e45
SHA1 ecef3063ca41df75730e0fd61d8a839a4926980e
SHA256 9375fd0099f4509bc6a59c80e5213c12a840344104b3063bed8d990026f0bc63
SHA512 44c1a8a3ce188b751a891c8125f61554a83e53b6c8d22270ed34033147fd63e066b45f6bea6595d9bed6d48e5b0980173449bdec236ff96814121859c9e57b79

C:\Windows\Installer\MSI676B.tmp-0\Common.dll

MD5 47dc1818d152b434d465575915f12589
SHA1 c9c026198b9ae849c92ff960854f79b81eef63ae
SHA256 e92e5b899460d603278a5244fb6e456064457a5a25b6f3914f9a875d5c287e42
SHA512 0266b8e2e8de8b726975de6d2e1d3592e66b7fb276bd7d92e3c46a4f0281b74dc7e27c249e3ac86ce441058333692dac2262781c6776c904667753a4e5a08267

C:\Windows\Installer\MSI69CD.tmp

MD5 8eabeadadc6d03c9807787af28381b65
SHA1 b5015709fb98a8a849a0440c54c07c394e89bc59
SHA256 386a4209241d3424783e2456ef79988a1032a9f4ead891b5551253520e439ee0
SHA512 18ddec2d28640108faf5a4b9878cc0e6224fdc6ee26bd9fcfc2c972d0ea82a21468181c6fcc3413a99e2a9bc070e71d41c998528a324eee93ee1b59351b6f037

C:\Config.Msi\e5d9a16.rbs

MD5 4da2e19fed9a93f3429f3ac9e0e76a1e
SHA1 b0ec44edc077d9fc1dc17586b11920bf60aa26cf
SHA256 83d99d8ec12afb2099a7d1b0fe503f7126a607f7a6379a24d907d3d9cdcf62b2
SHA512 9d248c07f2d9692f5326f25d41b3b36790f8cae73346f7f522f513489fb724edd573bd8a04bf794b6604c6a3e1c784038a211156a4b5628c8cca04ce7b9fcdfd

C:\Program Files (x86)\SpywareBlaster\dep\MSCOMCTL.OCX

MD5 e52859fcb7a827cacfce7963184c7d24
SHA1 35c4ae05d90f610c0520933faaca2a8d39e1b2a1
SHA256 45b6eef5bbf223cf8ff78f5014b68a72f0bc2cceaed030dece0a1abacf88f1f8
SHA512 013e6bf4762b1f90650ee6a1cb275607d1cad9df481362f42606a37f3a6f63de5cd0cdb0e9739df141b58f67ac079cf27be4ffe4937371972dd14eae18c58a94

C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe

MD5 430f52e6f90343ea26ab73b32c818df6
SHA1 73070ee9e60f3e0a5bd47c447de3c90dc8c70d49
SHA256 e1bb13dfb8948dd6a094db3328ded12f08319a37705f81180d4611b2e420942c
SHA512 0f1f8962a8d8af342d54ba88050d5860f9b46ac9f87ab238be2707d1723669e715e593e3bf1a76d3856d6156e31555fb742ba59f32271642ca1c9b0d55b6d81a

memory/684-1924-0x0000000000400000-0x000000000091D000-memory.dmp

memory/3396-1926-0x0000000000400000-0x000000000091D000-memory.dmp

memory/684-1937-0x0000000000400000-0x000000000091D000-memory.dmp

memory/3396-1939-0x0000000000400000-0x000000000091D000-memory.dmp

memory/4920-1940-0x0000000000400000-0x000000000091D000-memory.dmp

memory/4920-1963-0x0000000000400000-0x000000000091D000-memory.dmp

memory/228-1965-0x0000000000400000-0x000000000091D000-memory.dmp

memory/4220-1968-0x0000000000400000-0x000000000091D000-memory.dmp

memory/4220-2027-0x0000000000400000-0x000000000091D000-memory.dmp

memory/3824-2029-0x0000000000400000-0x000000000091D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-P9JSM.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\Program Files (x86)\SMADAV\SMΔRTP.exe

MD5 effb66061635cbdae06ef811de9c9361
SHA1 5f75ca5017ec6a55bf102b266c2bbd313e56f25c
SHA256 71c3ad607d3b6766e6ecb864a3f41c5498da83ba0f5a96500b7f954a08bbec41
SHA512 bb45d57e9e1aef1840545622cdaa7b9c2232f67a7cfe212b1b7b39f46da1a2c01535131498e036904c5da2f76d7ce404dacf40bc9d49969fa36094600a60c39a

memory/2148-2469-0x0000000000050000-0x000000000005D000-memory.dmp

memory/2148-2476-0x0000000000050000-0x000000000005D000-memory.dmp

memory/5440-2474-0x0000000000A10000-0x0000000000A1D000-memory.dmp

memory/1420-2523-0x0000000000890000-0x000000000089D000-memory.dmp

memory/1420-2526-0x0000000000890000-0x000000000089D000-memory.dmp

memory/5436-2524-0x0000000000A10000-0x0000000000A1D000-memory.dmp

memory/5436-2528-0x0000000000A10000-0x0000000000A1D000-memory.dmp

memory/1992-2597-0x0000000000890000-0x000000000089D000-memory.dmp

C:\Users\Public\USBLockit.exe

MD5 fc711608a97efe2e9affe4f742e955f5
SHA1 29f18f9d763661da5c6943206fc0eb24f6dcc870
SHA256 f87998b35adb4f078056ea1907be18c2a698c068eb379170cb660255213f87cf
SHA512 499cd4a68792c7899c46d944749d8179cc56b08eb76619eb1e3abb9792a90a3ab708c21d36a77305b7b02dc24d2ae563978f234f2f4252303687501dad428bb2

memory/5136-2602-0x0000000000210000-0x000000000021D000-memory.dmp

memory/1992-2604-0x0000000000890000-0x000000000089D000-memory.dmp

memory/5136-2624-0x0000000000210000-0x000000000021D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\DataFile.ini

MD5 dcef0f13e217f0d0df45f07cf77da4a1
SHA1 57b3f21899e66a33156b7fd84b0f86d82f358164
SHA256 e43131396acdb9cdf35a7c653414b9ebd24616aebd74e99d52b9a48fcabafd9f
SHA512 48a6059fa6626b5ffe0d164cd66772fef1c7e66d748f8d4b2b6e2eff9a9577df7b06d8f187ab49ece061ccd2c3b30f0bc2e40c439c13918fc2e4a73119b5651c

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\DataFile.ini

MD5 0991df4c63366cca38b2b7a0efa76b8a
SHA1 22a368f752761e91466c8394594f074b10269df9
SHA256 8d47ecb2169adcbdc01fc90d832755de0c397716c626e0fe7c7f6ec56e8555de
SHA512 4c69ef73a8300dfeaa1d25091fbb3d0134c19a230e82abe6cf7f86ba36c66d0da59e4107213c8a69f168aa23469eb59143dd2854cb203ce967d4e96e990ef07b

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\tempInfo.web

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\DataFile.ini

MD5 6a0ecf3290b50e76a1315ab773df2751
SHA1 35cfc5baa8a0a15c0fb19a9083e4178f1f519f50
SHA256 82331c21c8e918105b97086175c99ff9be8476ad28ec52eeb06f8fd66fa190ae
SHA512 d72317eb8c558101f049131e547c2b5b50c3535f36ba28a00ea667e9731c0ff577e471004ca0aab004dc974ac4fbf83b5890918cf712fb8cb0ec4039cb862ace

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\DataFile.ini

MD5 201ae8230c63ddbd6842cca0a7fa2681
SHA1 a62ee45756daefd65066d428f0926c64060b261b
SHA256 13fee6c4e80ca8f1b25f62baaf7c28c5eb153f8e471aa054766cc332962bc22a
SHA512 424c92159827ad3425e4db8cb488d2cd87ada25809a8e1b9064860a3b62327f8bdb2db9e410b60861d3c71148c8e348d3c2db8983def32828a15d542fe96dda0

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\DataFile.ini

MD5 7f411750d07619f38537e7fd612b8b44
SHA1 cda241a1ce5141288582c8f0ac4850992b427bdc
SHA256 ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87
SHA512 35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\DataFile.ini

MD5 7a9703e90829992168af77b8c3b6a2f2
SHA1 028f6a285b4cd9eb990199cd03dc9ab241fcfe2d
SHA256 746f2924a4a212f82076d4e57dc1202c75c4611839c2df644881ffe7e8274cd2
SHA512 79b338c0d8fadeff7213ee8f087e2cb150ebfbd0e9395e3e5a3ab066c4ae1a921c8476e6c79cd00790fbfa29a387178cabf46aa2a15a9835b3792c357b2db706

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\DataFile.ini

MD5 80e59c2ebc6df1a8983046644aa919a5
SHA1 a3883d95e491960b1b04f55b2c2b620309fc20c0
SHA256 d7d274103abf9006008916871acd4e221cfc5befac8e308af93d10bf0e698258
SHA512 33e9f02edf7022d7c3b17882a503f2a8f5be56dc931c98fe918acf110992f3332dd46d3949b38f2753f663debec2a95910098bbe71e46c6391ce00745a1c6b6e

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\EasyLog.log

MD5 747ce0e054926fb82589e9233934b332
SHA1 b0210dfa37c1091123a43d726d34a3c975fa439b
SHA256 27c6022ba581db7a0ee498187f00049fc7284119a6d2a29ca131c81d5cf4a978
SHA512 049c32832708ca5e3186733587e3892ab0a759adf93b8f8853a32a6fe412507b6cbc1fd7a6bb7eaa65b738af708caf688b0e326c37e1a84d9ba4e248a7077f64

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\DataFile.ini

MD5 963bac90f47153a939c96f4c88d83b83
SHA1 984f5ecdd83dc7ff9764a4144d9cfc5cd93525b1
SHA256 34087d9186cf16dba72fad924d9638308b0d5410a122d483d93e9bb2824c7203
SHA512 dcea910d966acf752151fb5100d9da44a342816d1a2899177ccbc40e7f1b527fc11e50e75259c4c2244dbe1d80dcd35ad6439c148f0af4b04c69f8eb8769242e

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\DataFile.ini

MD5 4ba62946fc72dc787801d2ed2093c436
SHA1 a6a292483c6e7677e4bbc2a9fdc25c3cb9d88e04
SHA256 b262b8b35e2e3d3abc3b19aa86634b8c24fa361ac5c72f46f0813ce7b804ea54
SHA512 7574f15e52ba0a17b153e6b8911b2eaeb0740ec0cab2408aa4d671142d80dfc7e271949229928a9f5f38984c47fc4632419a10ed9ea5c0c6066eee8b88df6048

C:\ProgramData\HeavenWard\FreeKey\instreg.exe

MD5 db11a07e8ad03370071ec5e6485acd58
SHA1 3016e240a5b1c2ee48a6400f7d7db35c72471861
SHA256 2da5d859131bd17d3588aa973d33a20261171b4380c88a32838465f9957cda3b
SHA512 aa19c41ede9eac133d32b4e9e682150eed33d9fa2f5631af76677f3427ee858bdc7ec975455d1e93270848b89c604cf068a5435a238b620613e582c47fcac134

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\35trial\aliyun\AliyunConfig.ini

MD5 bce58f0f756f17b8be5bab89fef4a388
SHA1 8c1797c473c90def4de25d74a646b1ded4e77f39
SHA256 2e45aa712157f230da352504de36b452cd474f7776d62ae94c119cd7c3fff223
SHA512 6c4395a5937b1da81c6dbaae9d11176d52ae69700c48867be525514582a4dfb1c92720700e65b350f4de54425960bdfeb3c7bc5347425775503d6f736e15dd3c

memory/6788-3837-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/6788-3857-0x0000000000400000-0x00000000004FE000-memory.dmp