Malware Analysis Report

2024-10-18 22:58

Sample ID 221115-3th1racc9t
Target AdsPower-Global-4.10.18-x64.exe
SHA256 ef7f698497ec7f0ad7db6f37af6662cca2f9fc6e5ca9867a5a1201e8d81859b9
Tags
joker discovery infostealer persistence ransomware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ef7f698497ec7f0ad7db6f37af6662cca2f9fc6e5ca9867a5a1201e8d81859b9

Threat Level: Known bad

The file AdsPower-Global-4.10.18-x64.exe was found to be: Known bad.

Malicious Activity Summary

joker discovery infostealer persistence ransomware trojan

joker

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Checks installed software on the system

Adds Run key to start application

Drops file in Program Files directory

Enumerates physical storage devices

Gathers network information

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Kills process with taskkill

Modifies registry class

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Views/modifies file attributes

Enumerates processes with tasklist

Suspicious use of SendNotifyMessage

Collects information from the system

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-11-15 23:49

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-11-15 23:48

Reported

2022-11-15 23:58

Platform

win10v2004-20220901-en

Max time kernel

563s

Max time network

571s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe"

Signatures

joker

infostealer trojan joker

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Program Files\AdsPower Global\AdsPower Global.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files\AdsPower Global\AdsPower Global.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\AdsPower Global\resources\elevate.exe C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\nl.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\zh-CN.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\resources\app.asar C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File opened for modification C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\ffmpeg.dll C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\snapshot_blob.bin C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\hr.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\zh-TW.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\id.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\ml.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\uninstallerIcon.ico C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\v8_context_snapshot.bin C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\vulkan-1.dll C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\hi.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\sw.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\license C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\chrome_100_percent.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\bg.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\he.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\kn.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\sl.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\th.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File opened for modification C:\Program Files\AdsPower Global\resources\app.asar.unpacked C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\swiftshader\libEGL.dll C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\Uninstall AdsPower Global.exe C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\cs.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\fr.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\lt.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x86.exe C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\uk.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File opened for modification C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\d3dcompiler_47.dll C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\el.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\ro.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\fa.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\fi.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\ms.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File opened for modification C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\libEGL.dll C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\vk_swiftshader_icd.json C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\de.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\en-US.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x64.exe C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\bn.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\da.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\lv.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\nb.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\te.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\icudtl.dat C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\am.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\es-419.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\et.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\hu.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\mr.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\pt-BR.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\sk.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\LICENSES.chromium.html C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File opened for modification C:\Program Files\AdsPower Global\locales C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\ar.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\gu.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\locales\sr.pak C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
File created C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\package.json C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Collects information from the system

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\NETSTAT.EXE N/A
N/A N/A C:\Windows\system32\NETSTAT.EXE N/A
N/A N/A C:\Windows\system32\NETSTAT.EXE N/A
N/A N/A C:\Windows\system32\NETSTAT.EXE N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal\URL Protocol C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal\shell\Open C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal\shell\Open\command\ = "C:\\Program Files\\AdsPower Global\\AdsPower Global.exe %1" C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal\shell C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal\shell\ C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal\shell\Open\ C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal\shell\Open\command C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal\ = "URL:adsPowerGlobal" C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files\AdsPower Global\AdsPower Global.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Program Files\AdsPower Global\AdsPower Global.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4904 wrote to memory of 3620 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3620 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3588 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3876 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3876 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 4072 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 4072 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3472 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 3472 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 3472 wrote to memory of 5088 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Windows\system32\cmd.exe
PID 3472 wrote to memory of 5088 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Windows\system32\cmd.exe
PID 5088 wrote to memory of 4132 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 5088 wrote to memory of 4132 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 3472 wrote to memory of 4520 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Windows\system32\cmd.exe
PID 3472 wrote to memory of 4520 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Windows\system32\cmd.exe
PID 4520 wrote to memory of 3772 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 4520 wrote to memory of 3772 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 3472 wrote to memory of 2988 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Windows\system32\cmd.exe
PID 3472 wrote to memory of 2988 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Windows\system32\cmd.exe
PID 2988 wrote to memory of 2972 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 2988 wrote to memory of 2972 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4904 wrote to memory of 2352 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 4904 wrote to memory of 2352 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Program Files\AdsPower Global\AdsPower Global.exe
PID 3472 wrote to memory of 3872 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Windows\system32\cmd.exe
PID 3472 wrote to memory of 3872 N/A C:\Program Files\AdsPower Global\AdsPower Global.exe C:\Windows\system32\cmd.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe

"C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe"

C:\Program Files\AdsPower Global\AdsPower Global.exe

"C:\Program Files\AdsPower Global\AdsPower Global.exe"

C:\Program Files\AdsPower Global\AdsPower Global.exe

"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\adspower_global /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\adspower_global\Crashpad --url=https://logger.adspower.net/api/robotlog --annotation=_companyName=mix "--annotation=_productName=AdsPower Browser" --annotation=_version=4.10.18 --annotation=prod=Electron --annotation=ver=11.3.0 --initial-client-data=0x428,0x42c,0x430,0x404,0x434,0x7ff61eb1d5e8,0x7ff61eb1d5f8,0x7ff61eb1d608

C:\Program Files\AdsPower Global\AdsPower Global.exe

"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=gpu-process --field-trial-handle=1628,11747237252005202305,4054725860001503536,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1636 /prefetch:2

C:\Program Files\AdsPower Global\AdsPower Global.exe

"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,11747237252005202305,4054725860001503536,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2004 /prefetch:8

C:\Program Files\AdsPower Global\AdsPower Global.exe

"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=renderer --field-trial-handle=1628,11747237252005202305,4054725860001503536,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id="electron.app.AdsPower Global" --app-path="C:\Program Files\AdsPower Global\resources\app.asar" --node-integration --no-sandbox --no-zygote --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2296 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\AdsPower Global\AdsPower Global.exe

"C:\Program Files\AdsPower Global\AdsPower Global.exe" C:\Users\Admin\AppData\Roaming\adspower_global\cwd_global\lib\main.min.js

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get model,manufacturer/format:list"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get Caption,freeSpace,DriveType /format:list"

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get model,manufacturer/format:list

C:\Windows\System32\Wbem\WMIC.exe

wmic logicaldisk get Caption,freeSpace,DriveType /format:list

C:\Windows\system32\attrib.exe

attrib +h C:\.ADSPOWER_GLOBAL

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "attrib +h C:\.ADSPOWER_GLOBAL"

C:\Program Files\AdsPower Global\AdsPower Global.exe

"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=renderer --field-trial-handle=1628,11747237252005202305,4054725860001503536,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-user-model-id="electron.app.AdsPower Global" --app-path="C:\Program Files\AdsPower Global\resources\app.asar" --node-integration --no-sandbox --no-zygote --enable-remote-module --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x64.exe

"C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x64.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill -PID SunBrowser.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill -PID SunBrowser.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\NETSTAT.EXE

netstat -ano

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\AdsPower Global\AdsPower Global.exe

"C:\Program Files\AdsPower Global\AdsPower Global.exe"

C:\Program Files\AdsPower Global\AdsPower Global.exe

"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\adspower_global /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\adspower_global\Crashpad --url=https://logger.adspower.net/api/robotlog --annotation=_companyName=mix "--annotation=_productName=AdsPower Browser" --annotation=_version=4.10.18 --annotation=prod=Electron --annotation=ver=11.3.0 --initial-client-data=0x428,0x42c,0x430,0x404,0x434,0x7ff61eb1d5e8,0x7ff61eb1d5f8,0x7ff61eb1d608

C:\Program Files\AdsPower Global\AdsPower Global.exe

"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=gpu-process --field-trial-handle=1556,1662887745248583131,9357829766271808043,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1564 /prefetch:2

C:\Program Files\AdsPower Global\AdsPower Global.exe

"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,1662887745248583131,9357829766271808043,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2024 /prefetch:8

C:\Program Files\AdsPower Global\AdsPower Global.exe

"C:\Program Files\AdsPower Global\AdsPower Global.exe" C:\Users\Admin\AppData\Roaming\adspower_global\cwd_global\lib\main.min.js

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\AdsPower Global\AdsPower Global.exe

"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=renderer --field-trial-handle=1556,1662887745248583131,9357829766271808043,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id="electron.app.AdsPower Global" --app-path="C:\Program Files\AdsPower Global\resources\app.asar" --node-integration --no-sandbox --no-zygote --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get model,manufacturer/format:list"

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get model,manufacturer/format:list

C:\Program Files\AdsPower Global\AdsPower Global.exe

"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=renderer --field-trial-handle=1556,1662887745248583131,9357829766271808043,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-user-model-id="electron.app.AdsPower Global" --app-path="C:\Program Files\AdsPower Global\resources\app.asar" --node-integration --no-sandbox --no-zygote --enable-remote-module --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\NETSTAT.EXE

netstat -ano

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\NETSTAT.EXE

netstat -ano

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x64.exe

"C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill -PID SunBrowser.exe"

C:\Windows\system32\taskkill.exe

taskkill -PID SunBrowser.exe

C:\Windows\system32\NETSTAT.EXE

netstat -ano

Network

Country Destination Domain Proto
N/A 209.197.3.8:80 tcp
N/A 104.80.225.205:443 tcp
N/A 204.79.197.200:443 tcp
N/A 20.189.173.12:443 tcp
N/A 224.0.0.251:5353 udp
N/A 209.197.3.8:80 tcp
N/A 209.197.3.8:80 tcp
N/A 209.197.3.8:80 tcp
N/A 8.8.8.8:53 download.adspower.net udp
N/A 18.65.39.34:443 download.adspower.net tcp
N/A 8.8.8.8:53 app-global.adspower.net udp
N/A 108.156.60.44:443 tcp
N/A 209.197.3.8:80 tcp
N/A 8.8.8.8:53 api-global.adspower.net udp
N/A 18.65.39.76:443 api-global.adspower.net tcp
N/A 8.8.8.8:53 bat.bing.com udp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 204.79.197.200:443 bat.bing.com tcp
N/A 216.58.208.98:443 googleads.g.doubleclick.net tcp
N/A 8.8.8.8:53 connect.facebook.net udp
N/A 179.60.193.2:443 connect.facebook.net tcp
N/A 8.8.8.8:53 region1.google-analytics.com udp
N/A 216.239.32.36:443 region1.google-analytics.com tcp
N/A 8.8.8.8:53 www.google.nl udp
N/A 142.251.39.99:443 www.google.nl tcp
N/A 8.8.8.8:53 www.facebook.com udp
N/A 157.240.201.35:443 www.facebook.com tcp
N/A 8.8.8.8:53 stun.l.google.com udp
N/A 74.125.128.127:19302 stun.l.google.com udp
N/A 216.239.32.36:443 region1.google-analytics.com udp
N/A 8.8.8.8:53 sys.adspower.net udp
N/A 18.65.39.6:443 sys.adspower.net tcp
N/A 8.8.8.8:53 logger.adspower.net udp
N/A 47.89.190.72:443 logger.adspower.net tcp
N/A 127.0.0.1:20725 tcp
N/A 8.8.8.8:53 udp
N/A 18.65.40.146:80 tcp
N/A 127.0.0.1:4435 tcp
N/A 127.0.0.1:4435 tcp
N/A 204.79.197.200:443 bat.bing.com tcp
N/A 8.8.8.8:53 spo-ring.msedge.net udp
N/A 13.107.136.254:443 spo-ring.msedge.net tcp
N/A 8.8.8.8:53 a-ring-fallback.msedge.net udp
N/A 131.253.33.254:443 a-ring-fallback.msedge.net tcp
N/A 8.8.8.8:53 rum8.perf.linkedin.com udp
N/A 108.174.10.24:443 rum8.perf.linkedin.com tcp
N/A 8.8.8.8:53 app-global.adspower.net udp
N/A 108.156.60.75:443 app-global.adspower.net tcp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 142.251.39.98:443 googleads.g.doubleclick.net udp
N/A 8.8.8.8:53 api-global.adspower.net udp
N/A 18.65.39.76:443 api-global.adspower.net tcp
N/A 8.8.8.8:53 bat.bing.com udp
N/A 204.79.197.200:443 bat.bing.com tcp
N/A 8.8.8.8:53 sys.adspower.net udp
N/A 18.65.39.82:443 sys.adspower.net tcp
N/A 8.8.8.8:53 www.google.nl udp
N/A 142.251.39.99:443 www.google.nl udp
N/A 8.8.8.8:53 www.facebook.com udp
N/A 179.60.193.35:443 www.facebook.com tcp
N/A 8.8.8.8:53 stun.l.google.com udp
N/A 74.125.128.127:19302 stun.l.google.com udp
N/A 127.0.0.1:20725 tcp
N/A 8.8.8.8:53 region1.google-analytics.com udp
N/A 216.239.34.36:443 region1.google-analytics.com udp
N/A 216.239.34.36:443 region1.google-analytics.com tcp
N/A 127.0.0.1:20725 tcp
N/A 8.8.8.8:53 logger.adspower.net udp
N/A 47.89.190.72:443 logger.adspower.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\nsDialogs.dll

MD5 466179e1c8ee8a1ff5e4427dbb6c4a01
SHA1 eb607467009074278e4bd50c7eab400e95ae48f7
SHA256 1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172
SHA512 7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

C:\Program Files\AdsPower Global\AdsPower Global.exe

MD5 87d8afaa4289a5576e1c9741661913f7
SHA1 270e5c325e3ced01c06365d4ec015921c8a936b0
SHA256 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21
SHA512 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81

C:\Program Files\AdsPower Global\ffmpeg.dll

MD5 8bf15122c6ed5a35354067aba38278c3
SHA1 85b5be6325404fa68c560d8de8bbf07125b738ad
SHA256 af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65
SHA512 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd

C:\Program Files\AdsPower Global\ffmpeg.dll

MD5 8bf15122c6ed5a35354067aba38278c3
SHA1 85b5be6325404fa68c560d8de8bbf07125b738ad
SHA256 af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65
SHA512 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd

C:\Program Files\AdsPower Global\v8_context_snapshot.bin

MD5 c2208c06c8ff81bca3c092cc42b8df1b
SHA1 f7b9faa9ba0e72d062f68642a02cc8f3fed49910
SHA256 4a67de195878d290f49b503b83e415917b8bbcbd9936b07a5d33b48e9bc6e0a3
SHA512 6c3c370dd086a976c44d4059a315bd3bcbb50961aa34734e65a40d861cffca9090d47cec74575afe23952e394e4845bda2d8798eebe01fb54a7a6288bce238f5

C:\Program Files\AdsPower Global\icudtl.dat

MD5 ad2988770b8cb3281a28783ad833a201
SHA1 94b7586ee187d9b58405485f4c551b55615f11b5
SHA256 df876c7af43ed93eec6aea4d2d55c805009c219653cdeb368f1d048f4922b108
SHA512 f27e542a9c6c60fa28c5b7cc2818079341ef93aef3bbcadecad2dc11aff5b1592b19c7ebfa543ea42a3cbfec26a668641b255545fb0912056e25e852c2dedd01

C:\Program Files\AdsPower Global\resources\app.asar

MD5 5a8a5fa7922cdeb3acd31ef09ae42457
SHA1 b4ebe87d41d4e0d517630d5dd4b979ed1c5ef7f0
SHA256 5730db096e98fc650e1847bb002e630b6c2ca5627ed7a6ba36e1773b3cf64b11
SHA512 6f9f138e4d38ff135ca3b632eea39046e9373dbd60f759a1e86723b72e0c5b6a11529f7ed793bdada3b88b3cf1692a85c3e5d15835b0004f7c4a0f96edacf2ed

C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\index.js

MD5 32385488335d3acbac238ae79c09256b
SHA1 6945ac03e7581574c5e9dc0b943d89f13eb6bc81
SHA256 fb267dc224440784ece7cac39c0143d79420a206ac8054d5cec1bc702a885a9c
SHA512 76fbdc4e34e68acdbac018c73d937a3da3cad307e417174f9b52db26959388d23f9bb502f9b4f64e44f62565d675dedaabb4f4f3b0f3dbae088b284c96a8bfbe

C:\Program Files\AdsPower Global\ffmpeg.dll

MD5 8bf15122c6ed5a35354067aba38278c3
SHA1 85b5be6325404fa68c560d8de8bbf07125b738ad
SHA256 af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65
SHA512 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd

memory/3620-152-0x0000000000000000-mapping.dmp

C:\Program Files\AdsPower Global\AdsPower Global.exe

MD5 87d8afaa4289a5576e1c9741661913f7
SHA1 270e5c325e3ced01c06365d4ec015921c8a936b0
SHA256 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21
SHA512 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81

C:\Users\Admin\AppData\Roaming\adspower_global\Crashpad\settings.dat

MD5 5190ae4da9b2026cf61516281a59ca04
SHA1 4eeee94f618a0ab367309d9cdf32e956e40796c8
SHA256 d1c8a3d9dfcc1325c6fa625e32377304383a6f2a0bc999b419023a43f92002fb
SHA512 b9cb966c2b42d142e4b3e7569304b32eb2e88217c4d65d8a54a23f6d196e24ea762bd1b59f4ad4352c3f532c811c5ce162d59fdbb3e7d78c5d58538d45776165

C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\package.json

MD5 fab8c951d36e58fc69feaeb3a5edc356
SHA1 d304db544078dd0a5095d4a86ef92c650a176895
SHA256 6784a7400f302ef6ea92423c0542ebb4babbe8f42c3d9ab857243f58a962f2ad
SHA512 ab09b51d7d0f0f029b563b8aef9371419c9ae414703742a9c8802acbe3a30111beaa7b485eafb5aeb103b8cf2f2c75853f9bb7b098809e6969cbaad8878003c2

C:\Program Files\AdsPower Global\resources.pak

MD5 d13873f6fb051266deb3599b14535806
SHA1 143782c0ce5a5773ae0aae7a22377c8a6d18a5b2
SHA256 7b953443e3cd54a0a4775528b52fbfe5ebecbc2c71731600ed0999d227969506
SHA512 1ab38fcb70d1958c74da2493459532b52a04b884009509a1ac8dd39f6e9e670658a52f4d19ef57f1bc71dccfdd6ceedbc18034bbcad0b500d75a97c74aac6939

C:\Program Files\AdsPower Global\locales\en-US.pak

MD5 bd8f7b719110342b7cefb16ddd05ec55
SHA1 82a79aeaa1dd4b1464b67053ba1766a4498c13e7
SHA256 d1d3f892be16329c79f9a8ee8c5fa1c9fb46d17edfeb56a3d9407f9d7587a0de
SHA512 7cd1493e59e87c70927e66769eb200f79a57e1eb1223af4eb4064088571893d3e32cbc4b5ece568fd308992aad65684aa280dc9834f2b5d327bdee514b046e5e

C:\Program Files\AdsPower Global\chrome_200_percent.pak

MD5 57c27201e7cd33471da7ec205fe9973c
SHA1 a8e7bce09c4cbdae2797611b2be8aeb5491036f9
SHA256 dd8146b2ee289e4d54a4a0f1fd3b2f61b979c6a2baaba96a406d96c3f4fdb33b
SHA512 57258aa169bec66abf0f45a3e026bb68751fb970b74bd0cb465607fa3b2a89967e832d92d8f675f0449bb6662fcb7786d05f0597124cc8e18bb99a47245779b4

C:\Program Files\AdsPower Global\chrome_100_percent.pak

MD5 06baf0ad34e0231bd76651203dba8326
SHA1 a5f99ecdcc06dec9d7f9ce0a8c66e46969117391
SHA256 5ae14147992a92548bcad76867dd88cdfcdb69d951c8720920cce6fb135e3189
SHA512 aff6616e56781ebb925a0ca146245ad3b2827250b32261c0c7c0d5b10b20a343a17fc3761c95d93104163e77b2eae3f1f9cbd3cb2b377f49b42bea39bdd09b91

memory/3588-161-0x0000000000000000-mapping.dmp

C:\Program Files\AdsPower Global\AdsPower Global.exe

MD5 87d8afaa4289a5576e1c9741661913f7
SHA1 270e5c325e3ced01c06365d4ec015921c8a936b0
SHA256 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21
SHA512 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81

C:\Program Files\AdsPower Global\ffmpeg.dll

MD5 8bf15122c6ed5a35354067aba38278c3
SHA1 85b5be6325404fa68c560d8de8bbf07125b738ad
SHA256 af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65
SHA512 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd

C:\Program Files\AdsPower Global\AdsPower Global.exe

MD5 87d8afaa4289a5576e1c9741661913f7
SHA1 270e5c325e3ced01c06365d4ec015921c8a936b0
SHA256 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21
SHA512 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81

C:\Program Files\AdsPower Global\ffmpeg.dll

MD5 8bf15122c6ed5a35354067aba38278c3
SHA1 85b5be6325404fa68c560d8de8bbf07125b738ad
SHA256 af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65
SHA512 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd

memory/3876-163-0x0000000000000000-mapping.dmp

C:\Program Files\AdsPower Global\AdsPower Global.exe

MD5 87d8afaa4289a5576e1c9741661913f7
SHA1 270e5c325e3ced01c06365d4ec015921c8a936b0
SHA256 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21
SHA512 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81

\??\pipe\crashpad_4904_IQQCCUHZDZXRIETB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Program Files\AdsPower Global\swiftshader\libEGL.dll

MD5 d00b35304c31b123974011d0ab047497
SHA1 ffbfb9ba8d3362f8b4d454d9e16579a0d2aeec73
SHA256 afad38069e5f427362132ba71215c3f0c97b6b28123190a47216a30e93b1af16
SHA512 9032d851092db10e6dbbb50973a49ecccb257751b6a8a7f10560452833291b7121badc3dfff8987f6fcfdfca05612e66d028f6488dabaec2e672f2a984c8a3b1

C:\Program Files\AdsPower Global\ffmpeg.dll

MD5 8bf15122c6ed5a35354067aba38278c3
SHA1 85b5be6325404fa68c560d8de8bbf07125b738ad
SHA256 af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65
SHA512 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd

C:\Program Files\AdsPower Global\AdsPower Global.exe

MD5 87d8afaa4289a5576e1c9741661913f7
SHA1 270e5c325e3ced01c06365d4ec015921c8a936b0
SHA256 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21
SHA512 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81

C:\Program Files\AdsPower Global\swiftshader\libegl.dll

MD5 d00b35304c31b123974011d0ab047497
SHA1 ffbfb9ba8d3362f8b4d454d9e16579a0d2aeec73
SHA256 afad38069e5f427362132ba71215c3f0c97b6b28123190a47216a30e93b1af16
SHA512 9032d851092db10e6dbbb50973a49ecccb257751b6a8a7f10560452833291b7121badc3dfff8987f6fcfdfca05612e66d028f6488dabaec2e672f2a984c8a3b1

C:\Program Files\AdsPower Global\swiftshader\libGLESv2.dll

MD5 d8d23801b094e61ef5a935b8c04f3709
SHA1 7d07e2e6365036c52ffe64e35c3f8bfaee365156
SHA256 00e131c30ef2ce1762fc8368f30656db2034e6787eb6b76a285f615c3951413b
SHA512 8d4595f6afda6da6b7c7d59cbf3cc6466548b0c1f1a4f719272024a43bf981f24880425ee7d1cccad75792dacf3aa65e1e37a9d03ed65b1eae135bf585219c79

C:\Program Files\AdsPower Global\swiftshader\libglesv2.dll

MD5 d8d23801b094e61ef5a935b8c04f3709
SHA1 7d07e2e6365036c52ffe64e35c3f8bfaee365156
SHA256 00e131c30ef2ce1762fc8368f30656db2034e6787eb6b76a285f615c3951413b
SHA512 8d4595f6afda6da6b7c7d59cbf3cc6466548b0c1f1a4f719272024a43bf981f24880425ee7d1cccad75792dacf3aa65e1e37a9d03ed65b1eae135bf585219c79

C:\Program Files\AdsPower Global\d3dcompiler_47.dll

MD5 e7e8d933de822f88addf8591485eebb2
SHA1 335e521636acaea7766870596434d119f99a7a2b
SHA256 c3680d1f1f61b92bbca4bcaed71b14b5aef0e7b54c63fb9959e830499a6cb071
SHA512 2ffd454e021738f0651bc0bc80402353823c8140ea423e547248485b1a771ff71b37e507c99f78322d31896c1084303336dced279f9b6f3e9089e6dda7633f66

C:\Program Files\AdsPower Global\D3DCompiler_47.dll

MD5 e7e8d933de822f88addf8591485eebb2
SHA1 335e521636acaea7766870596434d119f99a7a2b
SHA256 c3680d1f1f61b92bbca4bcaed71b14b5aef0e7b54c63fb9959e830499a6cb071
SHA512 2ffd454e021738f0651bc0bc80402353823c8140ea423e547248485b1a771ff71b37e507c99f78322d31896c1084303336dced279f9b6f3e9089e6dda7633f66

memory/4072-168-0x0000000000000000-mapping.dmp

C:\Program Files\AdsPower Global\ffmpeg.dll

MD5 8bf15122c6ed5a35354067aba38278c3
SHA1 85b5be6325404fa68c560d8de8bbf07125b738ad
SHA256 af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65
SHA512 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd

C:\Program Files\AdsPower Global\AdsPower Global.exe

MD5 87d8afaa4289a5576e1c9741661913f7
SHA1 270e5c325e3ced01c06365d4ec015921c8a936b0
SHA256 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21
SHA512 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81

memory/3472-178-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\adspower_global\cwd_global\lib\main.min.js

MD5 f2134a6d6ae8a7adbd085515177a40c9
SHA1 ef0c402331793480439c9ea5b100dbcd0546fab7
SHA256 4b343c978f9b0ab91cd78053fe56bf530fccf0f32c12b4debe9e11f7bf15e5c0
SHA512 e66f8dda4d2c1806bd5242397f6c49dbbc62f7f4e0640e4965bc684ea2eb8d458e3aabaaa30338326d8ddecc674973ed09ec38b9b14a995e4f7fb80848ef1518

memory/5088-182-0x0000000000000000-mapping.dmp

memory/4132-185-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\adspower_global\cwd_global\lib\node_sqlite3.node

MD5 56192831a7f808874207ba593f464415
SHA1 e0c18c72a62692d856da1f8988b0bc9c8088d2aa
SHA256 6aa8763714aa5199a4065259af792292c2a7d6a2c381aa27007255421e5c9d8c
SHA512 c82aa1ef569c232b4b4f98a3789f2390e5f7bf5cc7e73d199fe23a3f636817edfdc2fb49ce7f69169c028a9dd5ab9f63e8f64964bb22424fc08db71e85054a33

C:\Users\Admin\AppData\Roaming\adspower_global\cwd_global\lib\node_sqlite3.node

MD5 56192831a7f808874207ba593f464415
SHA1 e0c18c72a62692d856da1f8988b0bc9c8088d2aa
SHA256 6aa8763714aa5199a4065259af792292c2a7d6a2c381aa27007255421e5c9d8c
SHA512 c82aa1ef569c232b4b4f98a3789f2390e5f7bf5cc7e73d199fe23a3f636817edfdc2fb49ce7f69169c028a9dd5ab9f63e8f64964bb22424fc08db71e85054a33

memory/4520-186-0x0000000000000000-mapping.dmp

memory/3772-187-0x0000000000000000-mapping.dmp

memory/2988-188-0x0000000000000000-mapping.dmp

memory/2972-189-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\adspower_global\cwd_global\source\conf

MD5 b901a454971eb1a23be6d0e5866736e5
SHA1 860e59bea2c1e467d595ac037a6bd920a3a54818
SHA256 dcd65622039e40c6edfefa34750adf98cf00a1e6b8c6e5e7c6c8f4410f5edd14
SHA512 f153f42e79a4778070c1e485c92fce953989ff9ddd00ded95819b0e9e1b5ea5674a75d7ef998ddc7ca308af8f4f83855b46788abaceee77b42390620498a17ee

memory/2352-191-0x0000000000000000-mapping.dmp

C:\Program Files\AdsPower Global\ffmpeg.dll

MD5 8bf15122c6ed5a35354067aba38278c3
SHA1 85b5be6325404fa68c560d8de8bbf07125b738ad
SHA256 af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65
SHA512 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd

C:\Program Files\AdsPower Global\AdsPower Global.exe

MD5 87d8afaa4289a5576e1c9741661913f7
SHA1 270e5c325e3ced01c06365d4ec015921c8a936b0
SHA256 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21
SHA512 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81

memory/3872-194-0x0000000000000000-mapping.dmp

memory/3372-195-0x0000000000000000-mapping.dmp

memory/2584-196-0x0000000000000000-mapping.dmp

memory/2008-197-0x0000000000000000-mapping.dmp

memory/3908-198-0x0000000000000000-mapping.dmp

memory/5048-199-0x0000000000000000-mapping.dmp

memory/4480-200-0x0000000000000000-mapping.dmp

memory/4604-201-0x0000000000000000-mapping.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdsPower.lnk

MD5 76b4d867c07c355bd77bc55b66ea564d
SHA1 67dbecee88cc7595ce1473e0587c4b28df5643ea
SHA256 e6082bf393ebb45286c3a36492b44ad38976b9f3ae97aa8f6abfcead03e6b476
SHA512 66815e5f0d5a3ce8da6b9c8a54128e2e22c95745f4eea103b022bf32a0ab82500ed0dac4da176a06faee3c6bb1afade2e8e04880a0743420f61b701113e29511

memory/1560-203-0x0000000000000000-mapping.dmp

memory/448-204-0x0000000000000000-mapping.dmp

memory/3648-205-0x0000000000000000-mapping.dmp

memory/1724-206-0x0000000000000000-mapping.dmp

memory/3976-207-0x0000000000000000-mapping.dmp

memory/5092-208-0x0000000000000000-mapping.dmp

memory/3228-210-0x0000000000000000-mapping.dmp

memory/4860-209-0x0000000000000000-mapping.dmp

memory/3684-211-0x0000000000000000-mapping.dmp

memory/4084-212-0x0000000000000000-mapping.dmp

memory/3568-213-0x0000000000000000-mapping.dmp

memory/2200-214-0x0000000000000000-mapping.dmp

memory/2320-215-0x0000000000000000-mapping.dmp

memory/4712-216-0x0000000000000000-mapping.dmp

memory/5032-217-0x0000000000000000-mapping.dmp

memory/1412-218-0x0000000000000000-mapping.dmp

memory/544-219-0x0000000000000000-mapping.dmp

memory/4480-220-0x0000000000000000-mapping.dmp

memory/4308-222-0x0000000000000000-mapping.dmp

memory/4868-221-0x0000000000000000-mapping.dmp

memory/2084-223-0x0000000000000000-mapping.dmp

memory/4528-224-0x0000000000000000-mapping.dmp

memory/844-225-0x0000000000000000-mapping.dmp

memory/4772-227-0x0000000000000000-mapping.dmp

C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x64.exe

MD5 e3de22ec02a5b612b587dfce8a0c4e65
SHA1 d492978a519c728dc1aaff0fa6356e3b2ec7d673
SHA256 4611d321af4f2696520d77c42a83f3cfb30b796b50833718cd94dc45177594a1
SHA512 3dda71c68d0fcf7080e3f89d428ed4d5fc0d69b65ba6cf54bcfa2ffe05c3e96768a983802942b9c73abbe208e684f8c88faaba365e9ff0f8a83d89eb134b91d6

C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x64.exe

MD5 e3de22ec02a5b612b587dfce8a0c4e65
SHA1 d492978a519c728dc1aaff0fa6356e3b2ec7d673
SHA256 4611d321af4f2696520d77c42a83f3cfb30b796b50833718cd94dc45177594a1
SHA512 3dda71c68d0fcf7080e3f89d428ed4d5fc0d69b65ba6cf54bcfa2ffe05c3e96768a983802942b9c73abbe208e684f8c88faaba365e9ff0f8a83d89eb134b91d6

memory/1144-226-0x0000000000000000-mapping.dmp

memory/5092-230-0x0000000000000000-mapping.dmp

memory/1768-231-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 6bd369f7c74a28194c991ed1404da30f
SHA1 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643
SHA256 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d
SHA512 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 d2fb266b97caff2086bf0fa74eddb6b2
SHA1 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d
SHA256 b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a
SHA512 c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

C:\Program Files\AdsPower Global\AdsPower Global.exe

MD5 87d8afaa4289a5576e1c9741661913f7
SHA1 270e5c325e3ced01c06365d4ec015921c8a936b0
SHA256 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21
SHA512 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81

memory/1596-236-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Program Files\AdsPower Global\AdsPower Global.exe

MD5 87d8afaa4289a5576e1c9741661913f7
SHA1 270e5c325e3ced01c06365d4ec015921c8a936b0
SHA256 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21
SHA512 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81

C:\Program Files\AdsPower Global\ffmpeg.dll

MD5 8bf15122c6ed5a35354067aba38278c3
SHA1 85b5be6325404fa68c560d8de8bbf07125b738ad
SHA256 af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65
SHA512 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd

C:\Program Files\AdsPower Global\AdsPower Global.exe

MD5 87d8afaa4289a5576e1c9741661913f7
SHA1 270e5c325e3ced01c06365d4ec015921c8a936b0
SHA256 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21
SHA512 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81

memory/4820-240-0x0000000000000000-mapping.dmp

memory/4488-243-0x0000000000000000-mapping.dmp

memory/4928-246-0x0000000000000000-mapping.dmp

memory/4980-245-0x0000000000000000-mapping.dmp

memory/4052-244-0x0000000000000000-mapping.dmp

memory/2680-247-0x0000000000000000-mapping.dmp

memory/3316-248-0x0000000000000000-mapping.dmp

memory/3420-249-0x0000000000000000-mapping.dmp

memory/2392-250-0x0000000000000000-mapping.dmp

memory/2428-251-0x0000000000000000-mapping.dmp

memory/3512-252-0x0000000000000000-mapping.dmp

memory/480-253-0x0000000000000000-mapping.dmp

memory/3872-254-0x0000000000000000-mapping.dmp

memory/5096-255-0x0000000000000000-mapping.dmp

memory/3372-256-0x0000000000000000-mapping.dmp

memory/916-257-0x0000000000000000-mapping.dmp