Analysis Overview
SHA256
ef7f698497ec7f0ad7db6f37af6662cca2f9fc6e5ca9867a5a1201e8d81859b9
Threat Level: Known bad
The file AdsPower-Global-4.10.18-x64.exe was found to be: Known bad.
Malicious Activity Summary
joker
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Checks installed software on the system
Adds Run key to start application
Drops file in Program Files directory
Enumerates physical storage devices
Gathers network information
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Modifies registry class
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Views/modifies file attributes
Enumerates processes with tasklist
Suspicious use of SendNotifyMessage
Collects information from the system
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-11-15 23:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-11-15 23:48
Reported
2022-11-15 23:58
Platform
win10v2004-20220901-en
Max time kernel
563s
Max time network
571s
Command Line
Signatures
joker
Executes dropped EXE
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\AdsPower Global\resources\elevate.exe | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\libGLESv2.dll | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\nl.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\zh-CN.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\resources\app.asar | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File opened for modification | C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\ffmpeg.dll | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\snapshot_blob.bin | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\hr.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\zh-TW.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\id.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\ml.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\uninstallerIcon.ico | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\v8_context_snapshot.bin | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\vulkan-1.dll | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\hi.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\sw.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\license | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\chrome_100_percent.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\bg.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\he.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\kn.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\sl.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\th.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File opened for modification | C:\Program Files\AdsPower Global\resources\app.asar.unpacked | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\swiftshader\libEGL.dll | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\Uninstall AdsPower Global.exe | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\cs.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\fr.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\lt.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x86.exe | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\uk.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File opened for modification | C:\Program Files\AdsPower Global\AdsPower Global.exe | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\d3dcompiler_47.dll | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\el.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\ro.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\fa.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\fi.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\ms.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File opened for modification | C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\libEGL.dll | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\vk_swiftshader_icd.json | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\de.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\en-US.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x64.exe | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\bn.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\da.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\lv.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\nb.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\te.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\icudtl.dat | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\am.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\es-419.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\et.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\hu.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\mr.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\pt-BR.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\sk.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\LICENSES.chromium.html | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File opened for modification | C:\Program Files\AdsPower Global\locales | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\ar.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\gu.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\locales\sr.pak | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| File created | C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\package.json | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NETSTAT.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NETSTAT.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NETSTAT.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NETSTAT.EXE | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal\URL Protocol | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal\shell\Open | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal\shell\Open\command\ = "C:\\Program Files\\AdsPower Global\\AdsPower Global.exe %1" | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal\shell | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal\shell\ | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal\shell\Open\ | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal\shell\Open\command | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\adsPowerGlobal\ = "URL:adsPowerGlobal" | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files\AdsPower Global\AdsPower Global.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe
"C:\Users\Admin\AppData\Local\Temp\AdsPower-Global-4.10.18-x64.exe"
C:\Program Files\AdsPower Global\AdsPower Global.exe
"C:\Program Files\AdsPower Global\AdsPower Global.exe"
C:\Program Files\AdsPower Global\AdsPower Global.exe
"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\adspower_global /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\adspower_global\Crashpad --url=https://logger.adspower.net/api/robotlog --annotation=_companyName=mix "--annotation=_productName=AdsPower Browser" --annotation=_version=4.10.18 --annotation=prod=Electron --annotation=ver=11.3.0 --initial-client-data=0x428,0x42c,0x430,0x404,0x434,0x7ff61eb1d5e8,0x7ff61eb1d5f8,0x7ff61eb1d608
C:\Program Files\AdsPower Global\AdsPower Global.exe
"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=gpu-process --field-trial-handle=1628,11747237252005202305,4054725860001503536,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1636 /prefetch:2
C:\Program Files\AdsPower Global\AdsPower Global.exe
"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,11747237252005202305,4054725860001503536,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2004 /prefetch:8
C:\Program Files\AdsPower Global\AdsPower Global.exe
"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=renderer --field-trial-handle=1628,11747237252005202305,4054725860001503536,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id="electron.app.AdsPower Global" --app-path="C:\Program Files\AdsPower Global\resources\app.asar" --node-integration --no-sandbox --no-zygote --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\AdsPower Global\AdsPower Global.exe
"C:\Program Files\AdsPower Global\AdsPower Global.exe" C:\Users\Admin\AppData\Roaming\adspower_global\cwd_global\lib\main.min.js
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get model,manufacturer/format:list"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get Caption,freeSpace,DriveType /format:list"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get model,manufacturer/format:list
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get Caption,freeSpace,DriveType /format:list
C:\Windows\system32\attrib.exe
attrib +h C:\.ADSPOWER_GLOBAL
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "attrib +h C:\.ADSPOWER_GLOBAL"
C:\Program Files\AdsPower Global\AdsPower Global.exe
"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=renderer --field-trial-handle=1628,11747237252005202305,4054725860001503536,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-user-model-id="electron.app.AdsPower Global" --app-path="C:\Program Files\AdsPower Global\resources\app.asar" --node-integration --no-sandbox --no-zygote --enable-remote-module --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x64.exe
"C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x64.exe"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill -PID SunBrowser.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill -PID SunBrowser.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\NETSTAT.EXE
netstat -ano
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\AdsPower Global\AdsPower Global.exe
"C:\Program Files\AdsPower Global\AdsPower Global.exe"
C:\Program Files\AdsPower Global\AdsPower Global.exe
"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\adspower_global /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\adspower_global\Crashpad --url=https://logger.adspower.net/api/robotlog --annotation=_companyName=mix "--annotation=_productName=AdsPower Browser" --annotation=_version=4.10.18 --annotation=prod=Electron --annotation=ver=11.3.0 --initial-client-data=0x428,0x42c,0x430,0x404,0x434,0x7ff61eb1d5e8,0x7ff61eb1d5f8,0x7ff61eb1d608
C:\Program Files\AdsPower Global\AdsPower Global.exe
"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=gpu-process --field-trial-handle=1556,1662887745248583131,9357829766271808043,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1564 /prefetch:2
C:\Program Files\AdsPower Global\AdsPower Global.exe
"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,1662887745248583131,9357829766271808043,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2024 /prefetch:8
C:\Program Files\AdsPower Global\AdsPower Global.exe
"C:\Program Files\AdsPower Global\AdsPower Global.exe" C:\Users\Admin\AppData\Roaming\adspower_global\cwd_global\lib\main.min.js
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\AdsPower Global\AdsPower Global.exe
"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=renderer --field-trial-handle=1556,1662887745248583131,9357829766271808043,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id="electron.app.AdsPower Global" --app-path="C:\Program Files\AdsPower Global\resources\app.asar" --node-integration --no-sandbox --no-zygote --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get model,manufacturer/format:list"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get model,manufacturer/format:list
C:\Program Files\AdsPower Global\AdsPower Global.exe
"C:\Program Files\AdsPower Global\AdsPower Global.exe" --type=renderer --field-trial-handle=1556,1662887745248583131,9357829766271808043,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-user-model-id="electron.app.AdsPower Global" --app-path="C:\Program Files\AdsPower Global\resources\app.asar" --node-integration --no-sandbox --no-zygote --enable-remote-module --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\NETSTAT.EXE
netstat -ano
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\NETSTAT.EXE
netstat -ano
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x64.exe
"C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x64.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill -PID SunBrowser.exe"
C:\Windows\system32\taskkill.exe
taskkill -PID SunBrowser.exe
C:\Windows\system32\NETSTAT.EXE
netstat -ano
Network
| Country | Destination | Domain | Proto |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 104.80.225.205:443 | tcp | |
| N/A | 204.79.197.200:443 | tcp | |
| N/A | 20.189.173.12:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 8.8.8.8:53 | download.adspower.net | udp |
| N/A | 18.65.39.34:443 | download.adspower.net | tcp |
| N/A | 8.8.8.8:53 | app-global.adspower.net | udp |
| N/A | 108.156.60.44:443 | tcp | |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 8.8.8.8:53 | api-global.adspower.net | udp |
| N/A | 18.65.39.76:443 | api-global.adspower.net | tcp |
| N/A | 8.8.8.8:53 | bat.bing.com | udp |
| N/A | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| N/A | 204.79.197.200:443 | bat.bing.com | tcp |
| N/A | 216.58.208.98:443 | googleads.g.doubleclick.net | tcp |
| N/A | 8.8.8.8:53 | connect.facebook.net | udp |
| N/A | 179.60.193.2:443 | connect.facebook.net | tcp |
| N/A | 8.8.8.8:53 | region1.google-analytics.com | udp |
| N/A | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| N/A | 8.8.8.8:53 | www.google.nl | udp |
| N/A | 142.251.39.99:443 | www.google.nl | tcp |
| N/A | 8.8.8.8:53 | www.facebook.com | udp |
| N/A | 157.240.201.35:443 | www.facebook.com | tcp |
| N/A | 8.8.8.8:53 | stun.l.google.com | udp |
| N/A | 74.125.128.127:19302 | stun.l.google.com | udp |
| N/A | 216.239.32.36:443 | region1.google-analytics.com | udp |
| N/A | 8.8.8.8:53 | sys.adspower.net | udp |
| N/A | 18.65.39.6:443 | sys.adspower.net | tcp |
| N/A | 8.8.8.8:53 | logger.adspower.net | udp |
| N/A | 47.89.190.72:443 | logger.adspower.net | tcp |
| N/A | 127.0.0.1:20725 | tcp | |
| N/A | 8.8.8.8:53 | udp | |
| N/A | 18.65.40.146:80 | tcp | |
| N/A | 127.0.0.1:4435 | tcp | |
| N/A | 127.0.0.1:4435 | tcp | |
| N/A | 204.79.197.200:443 | bat.bing.com | tcp |
| N/A | 8.8.8.8:53 | spo-ring.msedge.net | udp |
| N/A | 13.107.136.254:443 | spo-ring.msedge.net | tcp |
| N/A | 8.8.8.8:53 | a-ring-fallback.msedge.net | udp |
| N/A | 131.253.33.254:443 | a-ring-fallback.msedge.net | tcp |
| N/A | 8.8.8.8:53 | rum8.perf.linkedin.com | udp |
| N/A | 108.174.10.24:443 | rum8.perf.linkedin.com | tcp |
| N/A | 8.8.8.8:53 | app-global.adspower.net | udp |
| N/A | 108.156.60.75:443 | app-global.adspower.net | tcp |
| N/A | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| N/A | 142.251.39.98:443 | googleads.g.doubleclick.net | udp |
| N/A | 8.8.8.8:53 | api-global.adspower.net | udp |
| N/A | 18.65.39.76:443 | api-global.adspower.net | tcp |
| N/A | 8.8.8.8:53 | bat.bing.com | udp |
| N/A | 204.79.197.200:443 | bat.bing.com | tcp |
| N/A | 8.8.8.8:53 | sys.adspower.net | udp |
| N/A | 18.65.39.82:443 | sys.adspower.net | tcp |
| N/A | 8.8.8.8:53 | www.google.nl | udp |
| N/A | 142.251.39.99:443 | www.google.nl | udp |
| N/A | 8.8.8.8:53 | www.facebook.com | udp |
| N/A | 179.60.193.35:443 | www.facebook.com | tcp |
| N/A | 8.8.8.8:53 | stun.l.google.com | udp |
| N/A | 74.125.128.127:19302 | stun.l.google.com | udp |
| N/A | 127.0.0.1:20725 | tcp | |
| N/A | 8.8.8.8:53 | region1.google-analytics.com | udp |
| N/A | 216.239.34.36:443 | region1.google-analytics.com | udp |
| N/A | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| N/A | 127.0.0.1:20725 | tcp | |
| N/A | 8.8.8.8:53 | logger.adspower.net | udp |
| N/A | 47.89.190.72:443 | logger.adspower.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\nsrCCFA.tmp\nsDialogs.dll
| MD5 | 466179e1c8ee8a1ff5e4427dbb6c4a01 |
| SHA1 | eb607467009074278e4bd50c7eab400e95ae48f7 |
| SHA256 | 1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172 |
| SHA512 | 7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817 |
C:\Program Files\AdsPower Global\AdsPower Global.exe
| MD5 | 87d8afaa4289a5576e1c9741661913f7 |
| SHA1 | 270e5c325e3ced01c06365d4ec015921c8a936b0 |
| SHA256 | 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21 |
| SHA512 | 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81 |
C:\Program Files\AdsPower Global\ffmpeg.dll
| MD5 | 8bf15122c6ed5a35354067aba38278c3 |
| SHA1 | 85b5be6325404fa68c560d8de8bbf07125b738ad |
| SHA256 | af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65 |
| SHA512 | 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd |
C:\Program Files\AdsPower Global\ffmpeg.dll
| MD5 | 8bf15122c6ed5a35354067aba38278c3 |
| SHA1 | 85b5be6325404fa68c560d8de8bbf07125b738ad |
| SHA256 | af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65 |
| SHA512 | 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd |
C:\Program Files\AdsPower Global\v8_context_snapshot.bin
| MD5 | c2208c06c8ff81bca3c092cc42b8df1b |
| SHA1 | f7b9faa9ba0e72d062f68642a02cc8f3fed49910 |
| SHA256 | 4a67de195878d290f49b503b83e415917b8bbcbd9936b07a5d33b48e9bc6e0a3 |
| SHA512 | 6c3c370dd086a976c44d4059a315bd3bcbb50961aa34734e65a40d861cffca9090d47cec74575afe23952e394e4845bda2d8798eebe01fb54a7a6288bce238f5 |
C:\Program Files\AdsPower Global\icudtl.dat
| MD5 | ad2988770b8cb3281a28783ad833a201 |
| SHA1 | 94b7586ee187d9b58405485f4c551b55615f11b5 |
| SHA256 | df876c7af43ed93eec6aea4d2d55c805009c219653cdeb368f1d048f4922b108 |
| SHA512 | f27e542a9c6c60fa28c5b7cc2818079341ef93aef3bbcadecad2dc11aff5b1592b19c7ebfa543ea42a3cbfec26a668641b255545fb0912056e25e852c2dedd01 |
C:\Program Files\AdsPower Global\resources\app.asar
| MD5 | 5a8a5fa7922cdeb3acd31ef09ae42457 |
| SHA1 | b4ebe87d41d4e0d517630d5dd4b979ed1c5ef7f0 |
| SHA256 | 5730db096e98fc650e1847bb002e630b6c2ca5627ed7a6ba36e1773b3cf64b11 |
| SHA512 | 6f9f138e4d38ff135ca3b632eea39046e9373dbd60f759a1e86723b72e0c5b6a11529f7ed793bdada3b88b3cf1692a85c3e5d15835b0004f7c4a0f96edacf2ed |
C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\index.js
| MD5 | 32385488335d3acbac238ae79c09256b |
| SHA1 | 6945ac03e7581574c5e9dc0b943d89f13eb6bc81 |
| SHA256 | fb267dc224440784ece7cac39c0143d79420a206ac8054d5cec1bc702a885a9c |
| SHA512 | 76fbdc4e34e68acdbac018c73d937a3da3cad307e417174f9b52db26959388d23f9bb502f9b4f64e44f62565d675dedaabb4f4f3b0f3dbae088b284c96a8bfbe |
C:\Program Files\AdsPower Global\ffmpeg.dll
| MD5 | 8bf15122c6ed5a35354067aba38278c3 |
| SHA1 | 85b5be6325404fa68c560d8de8bbf07125b738ad |
| SHA256 | af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65 |
| SHA512 | 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd |
memory/3620-152-0x0000000000000000-mapping.dmp
C:\Program Files\AdsPower Global\AdsPower Global.exe
| MD5 | 87d8afaa4289a5576e1c9741661913f7 |
| SHA1 | 270e5c325e3ced01c06365d4ec015921c8a936b0 |
| SHA256 | 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21 |
| SHA512 | 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81 |
C:\Users\Admin\AppData\Roaming\adspower_global\Crashpad\settings.dat
| MD5 | 5190ae4da9b2026cf61516281a59ca04 |
| SHA1 | 4eeee94f618a0ab367309d9cdf32e956e40796c8 |
| SHA256 | d1c8a3d9dfcc1325c6fa625e32377304383a6f2a0bc999b419023a43f92002fb |
| SHA512 | b9cb966c2b42d142e4b3e7569304b32eb2e88217c4d65d8a54a23f6d196e24ea762bd1b59f4ad4352c3f532c811c5ce162d59fdbb3e7d78c5d58538d45776165 |
C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\package.json
| MD5 | fab8c951d36e58fc69feaeb3a5edc356 |
| SHA1 | d304db544078dd0a5095d4a86ef92c650a176895 |
| SHA256 | 6784a7400f302ef6ea92423c0542ebb4babbe8f42c3d9ab857243f58a962f2ad |
| SHA512 | ab09b51d7d0f0f029b563b8aef9371419c9ae414703742a9c8802acbe3a30111beaa7b485eafb5aeb103b8cf2f2c75853f9bb7b098809e6969cbaad8878003c2 |
C:\Program Files\AdsPower Global\resources.pak
| MD5 | d13873f6fb051266deb3599b14535806 |
| SHA1 | 143782c0ce5a5773ae0aae7a22377c8a6d18a5b2 |
| SHA256 | 7b953443e3cd54a0a4775528b52fbfe5ebecbc2c71731600ed0999d227969506 |
| SHA512 | 1ab38fcb70d1958c74da2493459532b52a04b884009509a1ac8dd39f6e9e670658a52f4d19ef57f1bc71dccfdd6ceedbc18034bbcad0b500d75a97c74aac6939 |
C:\Program Files\AdsPower Global\locales\en-US.pak
| MD5 | bd8f7b719110342b7cefb16ddd05ec55 |
| SHA1 | 82a79aeaa1dd4b1464b67053ba1766a4498c13e7 |
| SHA256 | d1d3f892be16329c79f9a8ee8c5fa1c9fb46d17edfeb56a3d9407f9d7587a0de |
| SHA512 | 7cd1493e59e87c70927e66769eb200f79a57e1eb1223af4eb4064088571893d3e32cbc4b5ece568fd308992aad65684aa280dc9834f2b5d327bdee514b046e5e |
C:\Program Files\AdsPower Global\chrome_200_percent.pak
| MD5 | 57c27201e7cd33471da7ec205fe9973c |
| SHA1 | a8e7bce09c4cbdae2797611b2be8aeb5491036f9 |
| SHA256 | dd8146b2ee289e4d54a4a0f1fd3b2f61b979c6a2baaba96a406d96c3f4fdb33b |
| SHA512 | 57258aa169bec66abf0f45a3e026bb68751fb970b74bd0cb465607fa3b2a89967e832d92d8f675f0449bb6662fcb7786d05f0597124cc8e18bb99a47245779b4 |
C:\Program Files\AdsPower Global\chrome_100_percent.pak
| MD5 | 06baf0ad34e0231bd76651203dba8326 |
| SHA1 | a5f99ecdcc06dec9d7f9ce0a8c66e46969117391 |
| SHA256 | 5ae14147992a92548bcad76867dd88cdfcdb69d951c8720920cce6fb135e3189 |
| SHA512 | aff6616e56781ebb925a0ca146245ad3b2827250b32261c0c7c0d5b10b20a343a17fc3761c95d93104163e77b2eae3f1f9cbd3cb2b377f49b42bea39bdd09b91 |
memory/3588-161-0x0000000000000000-mapping.dmp
C:\Program Files\AdsPower Global\AdsPower Global.exe
| MD5 | 87d8afaa4289a5576e1c9741661913f7 |
| SHA1 | 270e5c325e3ced01c06365d4ec015921c8a936b0 |
| SHA256 | 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21 |
| SHA512 | 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81 |
C:\Program Files\AdsPower Global\ffmpeg.dll
| MD5 | 8bf15122c6ed5a35354067aba38278c3 |
| SHA1 | 85b5be6325404fa68c560d8de8bbf07125b738ad |
| SHA256 | af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65 |
| SHA512 | 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd |
C:\Program Files\AdsPower Global\AdsPower Global.exe
| MD5 | 87d8afaa4289a5576e1c9741661913f7 |
| SHA1 | 270e5c325e3ced01c06365d4ec015921c8a936b0 |
| SHA256 | 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21 |
| SHA512 | 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81 |
C:\Program Files\AdsPower Global\ffmpeg.dll
| MD5 | 8bf15122c6ed5a35354067aba38278c3 |
| SHA1 | 85b5be6325404fa68c560d8de8bbf07125b738ad |
| SHA256 | af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65 |
| SHA512 | 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd |
memory/3876-163-0x0000000000000000-mapping.dmp
C:\Program Files\AdsPower Global\AdsPower Global.exe
| MD5 | 87d8afaa4289a5576e1c9741661913f7 |
| SHA1 | 270e5c325e3ced01c06365d4ec015921c8a936b0 |
| SHA256 | 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21 |
| SHA512 | 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81 |
\??\pipe\crashpad_4904_IQQCCUHZDZXRIETB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Program Files\AdsPower Global\swiftshader\libEGL.dll
| MD5 | d00b35304c31b123974011d0ab047497 |
| SHA1 | ffbfb9ba8d3362f8b4d454d9e16579a0d2aeec73 |
| SHA256 | afad38069e5f427362132ba71215c3f0c97b6b28123190a47216a30e93b1af16 |
| SHA512 | 9032d851092db10e6dbbb50973a49ecccb257751b6a8a7f10560452833291b7121badc3dfff8987f6fcfdfca05612e66d028f6488dabaec2e672f2a984c8a3b1 |
C:\Program Files\AdsPower Global\ffmpeg.dll
| MD5 | 8bf15122c6ed5a35354067aba38278c3 |
| SHA1 | 85b5be6325404fa68c560d8de8bbf07125b738ad |
| SHA256 | af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65 |
| SHA512 | 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd |
C:\Program Files\AdsPower Global\AdsPower Global.exe
| MD5 | 87d8afaa4289a5576e1c9741661913f7 |
| SHA1 | 270e5c325e3ced01c06365d4ec015921c8a936b0 |
| SHA256 | 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21 |
| SHA512 | 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81 |
C:\Program Files\AdsPower Global\swiftshader\libegl.dll
| MD5 | d00b35304c31b123974011d0ab047497 |
| SHA1 | ffbfb9ba8d3362f8b4d454d9e16579a0d2aeec73 |
| SHA256 | afad38069e5f427362132ba71215c3f0c97b6b28123190a47216a30e93b1af16 |
| SHA512 | 9032d851092db10e6dbbb50973a49ecccb257751b6a8a7f10560452833291b7121badc3dfff8987f6fcfdfca05612e66d028f6488dabaec2e672f2a984c8a3b1 |
C:\Program Files\AdsPower Global\swiftshader\libGLESv2.dll
| MD5 | d8d23801b094e61ef5a935b8c04f3709 |
| SHA1 | 7d07e2e6365036c52ffe64e35c3f8bfaee365156 |
| SHA256 | 00e131c30ef2ce1762fc8368f30656db2034e6787eb6b76a285f615c3951413b |
| SHA512 | 8d4595f6afda6da6b7c7d59cbf3cc6466548b0c1f1a4f719272024a43bf981f24880425ee7d1cccad75792dacf3aa65e1e37a9d03ed65b1eae135bf585219c79 |
C:\Program Files\AdsPower Global\swiftshader\libglesv2.dll
| MD5 | d8d23801b094e61ef5a935b8c04f3709 |
| SHA1 | 7d07e2e6365036c52ffe64e35c3f8bfaee365156 |
| SHA256 | 00e131c30ef2ce1762fc8368f30656db2034e6787eb6b76a285f615c3951413b |
| SHA512 | 8d4595f6afda6da6b7c7d59cbf3cc6466548b0c1f1a4f719272024a43bf981f24880425ee7d1cccad75792dacf3aa65e1e37a9d03ed65b1eae135bf585219c79 |
C:\Program Files\AdsPower Global\d3dcompiler_47.dll
| MD5 | e7e8d933de822f88addf8591485eebb2 |
| SHA1 | 335e521636acaea7766870596434d119f99a7a2b |
| SHA256 | c3680d1f1f61b92bbca4bcaed71b14b5aef0e7b54c63fb9959e830499a6cb071 |
| SHA512 | 2ffd454e021738f0651bc0bc80402353823c8140ea423e547248485b1a771ff71b37e507c99f78322d31896c1084303336dced279f9b6f3e9089e6dda7633f66 |
C:\Program Files\AdsPower Global\D3DCompiler_47.dll
| MD5 | e7e8d933de822f88addf8591485eebb2 |
| SHA1 | 335e521636acaea7766870596434d119f99a7a2b |
| SHA256 | c3680d1f1f61b92bbca4bcaed71b14b5aef0e7b54c63fb9959e830499a6cb071 |
| SHA512 | 2ffd454e021738f0651bc0bc80402353823c8140ea423e547248485b1a771ff71b37e507c99f78322d31896c1084303336dced279f9b6f3e9089e6dda7633f66 |
memory/4072-168-0x0000000000000000-mapping.dmp
C:\Program Files\AdsPower Global\ffmpeg.dll
| MD5 | 8bf15122c6ed5a35354067aba38278c3 |
| SHA1 | 85b5be6325404fa68c560d8de8bbf07125b738ad |
| SHA256 | af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65 |
| SHA512 | 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd |
C:\Program Files\AdsPower Global\AdsPower Global.exe
| MD5 | 87d8afaa4289a5576e1c9741661913f7 |
| SHA1 | 270e5c325e3ced01c06365d4ec015921c8a936b0 |
| SHA256 | 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21 |
| SHA512 | 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81 |
memory/3472-178-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\adspower_global\cwd_global\lib\main.min.js
| MD5 | f2134a6d6ae8a7adbd085515177a40c9 |
| SHA1 | ef0c402331793480439c9ea5b100dbcd0546fab7 |
| SHA256 | 4b343c978f9b0ab91cd78053fe56bf530fccf0f32c12b4debe9e11f7bf15e5c0 |
| SHA512 | e66f8dda4d2c1806bd5242397f6c49dbbc62f7f4e0640e4965bc684ea2eb8d458e3aabaaa30338326d8ddecc674973ed09ec38b9b14a995e4f7fb80848ef1518 |
memory/5088-182-0x0000000000000000-mapping.dmp
memory/4132-185-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\adspower_global\cwd_global\lib\node_sqlite3.node
| MD5 | 56192831a7f808874207ba593f464415 |
| SHA1 | e0c18c72a62692d856da1f8988b0bc9c8088d2aa |
| SHA256 | 6aa8763714aa5199a4065259af792292c2a7d6a2c381aa27007255421e5c9d8c |
| SHA512 | c82aa1ef569c232b4b4f98a3789f2390e5f7bf5cc7e73d199fe23a3f636817edfdc2fb49ce7f69169c028a9dd5ab9f63e8f64964bb22424fc08db71e85054a33 |
C:\Users\Admin\AppData\Roaming\adspower_global\cwd_global\lib\node_sqlite3.node
| MD5 | 56192831a7f808874207ba593f464415 |
| SHA1 | e0c18c72a62692d856da1f8988b0bc9c8088d2aa |
| SHA256 | 6aa8763714aa5199a4065259af792292c2a7d6a2c381aa27007255421e5c9d8c |
| SHA512 | c82aa1ef569c232b4b4f98a3789f2390e5f7bf5cc7e73d199fe23a3f636817edfdc2fb49ce7f69169c028a9dd5ab9f63e8f64964bb22424fc08db71e85054a33 |
memory/4520-186-0x0000000000000000-mapping.dmp
memory/3772-187-0x0000000000000000-mapping.dmp
memory/2988-188-0x0000000000000000-mapping.dmp
memory/2972-189-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\adspower_global\cwd_global\source\conf
| MD5 | b901a454971eb1a23be6d0e5866736e5 |
| SHA1 | 860e59bea2c1e467d595ac037a6bd920a3a54818 |
| SHA256 | dcd65622039e40c6edfefa34750adf98cf00a1e6b8c6e5e7c6c8f4410f5edd14 |
| SHA512 | f153f42e79a4778070c1e485c92fce953989ff9ddd00ded95819b0e9e1b5ea5674a75d7ef998ddc7ca308af8f4f83855b46788abaceee77b42390620498a17ee |
memory/2352-191-0x0000000000000000-mapping.dmp
C:\Program Files\AdsPower Global\ffmpeg.dll
| MD5 | 8bf15122c6ed5a35354067aba38278c3 |
| SHA1 | 85b5be6325404fa68c560d8de8bbf07125b738ad |
| SHA256 | af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65 |
| SHA512 | 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd |
C:\Program Files\AdsPower Global\AdsPower Global.exe
| MD5 | 87d8afaa4289a5576e1c9741661913f7 |
| SHA1 | 270e5c325e3ced01c06365d4ec015921c8a936b0 |
| SHA256 | 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21 |
| SHA512 | 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81 |
memory/3872-194-0x0000000000000000-mapping.dmp
memory/3372-195-0x0000000000000000-mapping.dmp
memory/2584-196-0x0000000000000000-mapping.dmp
memory/2008-197-0x0000000000000000-mapping.dmp
memory/3908-198-0x0000000000000000-mapping.dmp
memory/5048-199-0x0000000000000000-mapping.dmp
memory/4480-200-0x0000000000000000-mapping.dmp
memory/4604-201-0x0000000000000000-mapping.dmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdsPower.lnk
| MD5 | 76b4d867c07c355bd77bc55b66ea564d |
| SHA1 | 67dbecee88cc7595ce1473e0587c4b28df5643ea |
| SHA256 | e6082bf393ebb45286c3a36492b44ad38976b9f3ae97aa8f6abfcead03e6b476 |
| SHA512 | 66815e5f0d5a3ce8da6b9c8a54128e2e22c95745f4eea103b022bf32a0ab82500ed0dac4da176a06faee3c6bb1afade2e8e04880a0743420f61b701113e29511 |
memory/1560-203-0x0000000000000000-mapping.dmp
memory/448-204-0x0000000000000000-mapping.dmp
memory/3648-205-0x0000000000000000-mapping.dmp
memory/1724-206-0x0000000000000000-mapping.dmp
memory/3976-207-0x0000000000000000-mapping.dmp
memory/5092-208-0x0000000000000000-mapping.dmp
memory/3228-210-0x0000000000000000-mapping.dmp
memory/4860-209-0x0000000000000000-mapping.dmp
memory/3684-211-0x0000000000000000-mapping.dmp
memory/4084-212-0x0000000000000000-mapping.dmp
memory/3568-213-0x0000000000000000-mapping.dmp
memory/2200-214-0x0000000000000000-mapping.dmp
memory/2320-215-0x0000000000000000-mapping.dmp
memory/4712-216-0x0000000000000000-mapping.dmp
memory/5032-217-0x0000000000000000-mapping.dmp
memory/1412-218-0x0000000000000000-mapping.dmp
memory/544-219-0x0000000000000000-mapping.dmp
memory/4480-220-0x0000000000000000-mapping.dmp
memory/4308-222-0x0000000000000000-mapping.dmp
memory/4868-221-0x0000000000000000-mapping.dmp
memory/2084-223-0x0000000000000000-mapping.dmp
memory/4528-224-0x0000000000000000-mapping.dmp
memory/844-225-0x0000000000000000-mapping.dmp
memory/4772-227-0x0000000000000000-mapping.dmp
C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x64.exe
| MD5 | e3de22ec02a5b612b587dfce8a0c4e65 |
| SHA1 | d492978a519c728dc1aaff0fa6356e3b2ec7d673 |
| SHA256 | 4611d321af4f2696520d77c42a83f3cfb30b796b50833718cd94dc45177594a1 |
| SHA512 | 3dda71c68d0fcf7080e3f89d428ed4d5fc0d69b65ba6cf54bcfa2ffe05c3e96768a983802942b9c73abbe208e684f8c88faaba365e9ff0f8a83d89eb134b91d6 |
C:\Program Files\AdsPower Global\resources\app.asar.unpacked\node_modules\ps-list\vendor\fastlist-0.3.0-x64.exe
| MD5 | e3de22ec02a5b612b587dfce8a0c4e65 |
| SHA1 | d492978a519c728dc1aaff0fa6356e3b2ec7d673 |
| SHA256 | 4611d321af4f2696520d77c42a83f3cfb30b796b50833718cd94dc45177594a1 |
| SHA512 | 3dda71c68d0fcf7080e3f89d428ed4d5fc0d69b65ba6cf54bcfa2ffe05c3e96768a983802942b9c73abbe208e684f8c88faaba365e9ff0f8a83d89eb134b91d6 |
memory/1144-226-0x0000000000000000-mapping.dmp
memory/5092-230-0x0000000000000000-mapping.dmp
memory/1768-231-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 6bd369f7c74a28194c991ed1404da30f |
| SHA1 | 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643 |
| SHA256 | 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d |
| SHA512 | 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | d2fb266b97caff2086bf0fa74eddb6b2 |
| SHA1 | 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d |
| SHA256 | b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a |
| SHA512 | c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8 |
C:\Program Files\AdsPower Global\AdsPower Global.exe
| MD5 | 87d8afaa4289a5576e1c9741661913f7 |
| SHA1 | 270e5c325e3ced01c06365d4ec015921c8a936b0 |
| SHA256 | 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21 |
| SHA512 | 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81 |
memory/1596-236-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Program Files\AdsPower Global\AdsPower Global.exe
| MD5 | 87d8afaa4289a5576e1c9741661913f7 |
| SHA1 | 270e5c325e3ced01c06365d4ec015921c8a936b0 |
| SHA256 | 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21 |
| SHA512 | 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81 |
C:\Program Files\AdsPower Global\ffmpeg.dll
| MD5 | 8bf15122c6ed5a35354067aba38278c3 |
| SHA1 | 85b5be6325404fa68c560d8de8bbf07125b738ad |
| SHA256 | af323df235e6103dd434143692c5f286a08d9561a1b0bf788f24af36baea4c65 |
| SHA512 | 14ce489e109ecf1662fc850b6e22495070c5c59c7abc27c4301bed3d5294073f1a97257bcb2db20ce9cc5adb59ea98ff7e5c6d94a68561dfa152bfa6106e3cfd |
C:\Program Files\AdsPower Global\AdsPower Global.exe
| MD5 | 87d8afaa4289a5576e1c9741661913f7 |
| SHA1 | 270e5c325e3ced01c06365d4ec015921c8a936b0 |
| SHA256 | 233d27e371c04dedb2796f9d2e72d59bbc3955296b153ed8a7e173a1df18ce21 |
| SHA512 | 01435e2cc9049006bf4a955f1ed5a895ecaff999e6ac1b3f1012cc530c41bd1da11b9f08ceb5b38895de3c815a2e90017aab2d77ad30f3391cb2e53da2543b81 |
memory/4820-240-0x0000000000000000-mapping.dmp
memory/4488-243-0x0000000000000000-mapping.dmp
memory/4928-246-0x0000000000000000-mapping.dmp
memory/4980-245-0x0000000000000000-mapping.dmp
memory/4052-244-0x0000000000000000-mapping.dmp
memory/2680-247-0x0000000000000000-mapping.dmp
memory/3316-248-0x0000000000000000-mapping.dmp
memory/3420-249-0x0000000000000000-mapping.dmp
memory/2392-250-0x0000000000000000-mapping.dmp
memory/2428-251-0x0000000000000000-mapping.dmp
memory/3512-252-0x0000000000000000-mapping.dmp
memory/480-253-0x0000000000000000-mapping.dmp
memory/3872-254-0x0000000000000000-mapping.dmp
memory/5096-255-0x0000000000000000-mapping.dmp
memory/3372-256-0x0000000000000000-mapping.dmp
memory/916-257-0x0000000000000000-mapping.dmp