Analysis Overview
SHA256
4dc8c9b2f72e691fcbb5318c24a6716e52dbc1ee30573ff265b96479c9d5c3ec
Threat Level: Shows suspicious behavior
The file PCBS RAM Creator-53-4-0-1-1665000372.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-04-07 19:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-07 19:17
Reported
2023-04-07 19:19
Platform
win10v2004-20230220-en
Max time kernel
78s
Max time network
95s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PCBS RAM Creator-53-4-0-1-1665000372.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133253759408257276" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\PCBS RAM Creator-53-4-0-1-1665000372.exe
"C:\Users\Admin\AppData\Local\Temp\PCBS RAM Creator-53-4-0-1-1665000372.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba259758,0x7ffeba259768,0x7ffeba259778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3272 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3832 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5196 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3868 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5504 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5464 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5892 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x510
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6012 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6816 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6824 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6792 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6776 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6636 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6620 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6612 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6588 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6420 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6252 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| DE | 2.16.241.76:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 123.108.74.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.241.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| IE | 20.50.73.9:443 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| NL | 173.223.113.164:443 | tcp | |
| US | 8.8.8.8:53 | 62.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 172.217.168.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 206.168.217.172.in-addr.arpa | udp |
| US | 13.107.4.50:80 | tcp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.251.36.46:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 112.208.253.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| NL | 173.223.113.131:80 | tcp | |
| US | 204.79.197.203:80 | api.msn.com | tcp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 142.250.179.195:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.150:443 | i.ytimg.com | tcp |
| NL | 172.217.168.206:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.250.179.206:443 | play.google.com | tcp |
| NL | 142.250.179.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.nexusmods.com | udp |
| US | 104.18.6.36:443 | www.nexusmods.com | tcp |
| US | 104.18.6.36:443 | www.nexusmods.com | tcp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 172.64.133.15:443 | use.fontawesome.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | code.highcharts.com | udp |
| US | 8.8.8.8:53 | api.enthusiastgaming.net | udp |
| US | 104.18.9.9:443 | code.highcharts.com | tcp |
| US | 18.65.39.38:443 | api.enthusiastgaming.net | tcp |
| US | 8.8.8.8:53 | staticdelivery.nexusmods.com | udp |
| US | 8.8.8.8:53 | www.pcbs-partcreator.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | data.nexusmods.com | udp |
| NL | 52.222.139.110:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | 36.6.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.133.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.9.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| SG | 103.229.10.171:443 | secure.quantserve.com | tcp |
| US | 104.18.7.36:443 | data.nexusmods.com | tcp |
| SG | 103.229.10.171:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | pghub.io | udp |
| US | 8.8.8.8:53 | enthusiastgaming-com.videoplayerhub.com | udp |
| US | 172.67.74.207:443 | enthusiastgaming-com.videoplayerhub.com | tcp |
| US | 35.241.45.217:443 | pghub.io | tcp |
| DE | 13.32.99.23:443 | sb.scorecardresearch.com | tcp |
| US | 172.64.133.15:443 | use.fontawesome.com | udp |
| US | 8.8.8.8:53 | vplayer.enthusiastgaming.com | udp |
| NL | 13.227.219.46:443 | vplayer.enthusiastgaming.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.7.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.10.229.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.211.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.45.241.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.99.32.13.in-addr.arpa | udp |
| US | 104.26.7.139:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | staticstats.nexusmods.com | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| NL | 13.227.219.28:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 18.65.39.81:443 | rules.quantcount.com | tcp |
| US | 18.65.39.81:443 | rules.quantcount.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.169:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 46.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | ced.sascdn.com | udp |
| US | 8.8.8.8:53 | cmp.quantcast.com | udp |
| NL | 172.217.168.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | tagan.adlightning.com | udp |
| NL | 13.227.219.52:443 | cmp.quantcast.com | tcp |
| NL | 23.72.252.155:443 | ced.sascdn.com | tcp |
| US | 18.65.39.72:443 | tagan.adlightning.com | tcp |
| NL | 52.222.136.109:443 | c.amazon-adsystem.com | tcp |
| NL | 172.217.168.194:443 | securepubads.g.doubleclick.net | udp |
| NL | 172.217.168.194:443 | securepubads.g.doubleclick.net | udp |
| NL | 52.222.136.109:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | e.serverbid.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 159.89.246.130:443 | e.serverbid.com | tcp |
| US | 8.8.8.8:53 | c2shb.ssp.yahoo.com | udp |
| SG | 13.213.181.201:443 | tlx.3lift.com | tcp |
| US | 8.8.8.8:53 | enthusiast-gaming-d.openx.net | udp |
| US | 8.8.8.8:53 | krk.kargo.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| SG | 54.169.226.204:443 | btlr.sharethrough.com | tcp |
| SG | 54.169.226.204:443 | btlr.sharethrough.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pre.ads.justpremium.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 18.65.35.220:443 | aax.amazon-adsystem.com | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | udp |
| NL | 216.52.2.86:443 | ap.lijit.com | tcp |
| DE | 69.173.144.140:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| DE | 69.173.144.140:443 | fastlane.rubiconproject.com | tcp |
| US | 34.98.64.218:443 | enthusiast-gaming-d.openx.net | tcp |
| SG | 13.250.192.86:443 | c2shb.ssp.yahoo.com | tcp |
| JP | 35.77.165.250:443 | pre.ads.justpremium.com | tcp |
| US | 104.18.25.185:443 | htlb.casalemedia.com | tcp |
| SG | 54.169.166.2:443 | krk.kargo.com | tcp |
| US | 18.235.185.19:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| FR | 23.39.253.208:443 | secure.cdn.fastclick.net | tcp |
| SG | 54.169.226.204:443 | btlr.sharethrough.com | tcp |
| SG | 13.213.181.201:443 | tlx.3lift.com | tcp |
| SG | 13.250.192.86:443 | c2shb.ssp.yahoo.com | tcp |
| SG | 54.169.166.2:443 | krk.kargo.com | tcp |
| JP | 35.77.165.250:443 | pre.ads.justpremium.com | tcp |
| US | 18.235.185.19:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.119:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| US | 8.8.8.8:53 | images.nexusmods.com | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.136.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.35.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.246.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.2.52.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.144.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.253.39.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.213.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.226.169.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.185.235.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.192.250.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.166.169.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.165.77.35.in-addr.arpa | udp |
| NL | 89.207.16.210:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| FR | 185.86.138.152:443 | rtb-csync.smartadserver.com | tcp |
| IE | 52.95.126.138:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | ats.rlcdn.com | udp |
| US | 8.8.8.8:53 | cookie-matching.mediarithmics.com | udp |
| FR | 141.95.144.168:443 | cookie-matching.mediarithmics.com | tcp |
| NL | 13.227.219.37:443 | ats.rlcdn.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 210.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.138.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.126.95.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.144.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.212.199.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| NL | 13.227.219.46:443 | vplayer.enthusiastgaming.com | tcp |
| NL | 172.217.168.234:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| SG | 54.251.140.206:443 | ps.eyeota.net | tcp |
| SG | 54.251.140.206:443 | ps.eyeota.net | tcp |
| US | 8.8.8.8:53 | 234.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.140.251.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| CH | 185.29.132.241:443 | sync.mathtag.com | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| US | 8.8.8.8:53 | sync.serverbid.com | udp |
| US | 8.8.8.8:53 | 241.132.29.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| NL | 23.2.211.147:443 | eus.rubiconproject.com | tcp |
| US | 18.65.39.38:443 | sync.serverbid.com | tcp |
| NL | 23.2.211.147:443 | eus.rubiconproject.com | tcp |
| US | 18.65.39.38:443 | sync.serverbid.com | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| US | 104.18.10.47:443 | js-sec.indexww.com | tcp |
| JP | 18.177.245.211:443 | match.prod.bidr.io | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| SG | 145.40.73.5:443 | sync.1rx.io | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | adapi-srv-us-east.smartadserver.com | udp |
| SG | 145.40.73.5:443 | sync.1rx.io | tcp |
| JP | 18.177.245.211:443 | match.prod.bidr.io | tcp |
| US | 199.187.193.164:443 | adapi-srv-us-east.smartadserver.com | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| FR | 185.86.139.104:443 | ssbsync-global.smartadserver.com | tcp |
| US | 199.187.193.164:443 | adapi-srv-us-east.smartadserver.com | tcp |
| NL | 213.19.162.80:443 | pixel-eu.rubiconproject.com | tcp |
| SG | 13.251.33.147:443 | match.sharethrough.com | tcp |
| SG | 13.251.33.147:443 | match.sharethrough.com | tcp |
| US | 35.190.60.146:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| SG | 13.228.126.19:443 | ups.analytics.yahoo.com | tcp |
| SG | 207.65.33.79:443 | image8.pubmatic.com | tcp |
| JP | 35.213.12.39:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | synchrobox.adswizz.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | cdn.adswizz.com | udp |
| US | 8.8.8.8:53 | sync.colossusssp.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| SG | 13.251.33.147:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 64.247.193.132:443 | sync.colossusssp.com | tcp |
| IE | 54.76.88.190:443 | synchrobox.adswizz.com | tcp |
| US | 147.28.129.37:443 | prebid.a-mo.net | tcp |
| FR | 185.86.138.155:443 | sync.smartadserver.com | tcp |
| US | 74.214.196.131:443 | bh.contextweb.com | tcp |
| NL | 13.227.219.40:443 | cdn.adswizz.com | tcp |
| US | 69.166.1.10:443 | sync.go.sonobi.com | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| CA | 185.80.39.216:443 | ssum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pm.w55c.net | udp |
| JP | 35.213.12.39:443 | x.bidswitch.net | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| JP | 18.177.245.211:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| DK | 37.157.3.29:443 | c1.adform.net | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| SG | 207.65.33.79:443 | image8.pubmatic.com | tcp |
| SG | 13.228.126.19:443 | ups.analytics.yahoo.com | tcp |
| JP | 35.213.12.39:443 | x.bidswitch.net | tcp |
| NL | 23.2.211.147:443 | secure-assets.rubiconproject.com | tcp |
| SG | 3.0.198.7:443 | pm.w55c.net | tcp |
| JP | 35.213.12.39:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | 147.211.2.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.10.18.104.in-addr.arpa | udp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 80.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.245.177.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.193.187.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.73.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.139.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.88.76.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.138.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.39.80.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.33.251.13.in-addr.arpa | udp |
| IE | 34.250.191.205:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 64.247.193.132:443 | sync.colossusssp.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| SG | 207.65.33.83:443 | image6.pubmatic.com | tcp |
| SG | 3.0.198.7:443 | pm.w55c.net | tcp |
| US | 199.187.193.164:443 | adapi-srv-us-east.smartadserver.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| US | 35.190.60.146:443 | id.rlcdn.com | udp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| SG | 207.65.33.79:443 | image8.pubmatic.com | tcp |
| SG | 13.228.126.19:443 | ups.analytics.yahoo.com | tcp |
| JP | 35.213.12.39:443 | x.bidswitch.net | tcp |
| NL | 213.19.162.80:443 | token.rubiconproject.com | tcp |
| SG | 207.65.33.83:443 | image6.pubmatic.com | tcp |
| NL | 213.19.162.80:443 | token.rubiconproject.com | tcp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | tmk.smartadserver.com | udp |
| US | 199.187.193.194:443 | tmk.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 199.187.193.194:443 | tmk.smartadserver.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 8.8.8.8:53 | 29.3.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.129.28.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.126.228.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.196.214.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.12.213.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.191.250.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.130.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.33.65.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.198.0.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.33.65.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.193.187.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync.targeting.unrulymedia.com | udp |
| SG | 103.231.98.194:443 | image2.pubmatic.com | tcp |
| SG | 145.40.73.5:443 | sync.targeting.unrulymedia.com | tcp |
| SG | 103.231.98.194:443 | image2.pubmatic.com | tcp |
| SG | 145.40.73.5:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | 194.98.231.103.in-addr.arpa | udp |
Files
memory/444-134-0x0000000000A90000-0x0000000001158000-memory.dmp
memory/444-135-0x0000000005B70000-0x0000000005C0C000-memory.dmp
memory/444-136-0x00000000061C0000-0x0000000006764000-memory.dmp
memory/444-137-0x0000000005C10000-0x0000000005CA2000-memory.dmp
memory/444-138-0x0000000003650000-0x0000000003660000-memory.dmp
memory/444-139-0x0000000005B30000-0x0000000005B3A000-memory.dmp
memory/444-140-0x0000000005E00000-0x0000000005E56000-memory.dmp
memory/444-141-0x0000000005F10000-0x0000000005F76000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ce5561ca-8be2-48c6-aded-c0fd7a17d1be\AgileDotNetRT.dll
| MD5 | 14ff402962ad21b78ae0b4c43cd1f194 |
| SHA1 | f8a510eb26666e875a5bdd1cadad40602763ad72 |
| SHA256 | fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b |
| SHA512 | daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b |
C:\Users\Admin\AppData\Local\Temp\ce5561ca-8be2-48c6-aded-c0fd7a17d1be\AgileDotNetRT.dll
| MD5 | 14ff402962ad21b78ae0b4c43cd1f194 |
| SHA1 | f8a510eb26666e875a5bdd1cadad40602763ad72 |
| SHA256 | fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b |
| SHA512 | daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b |
memory/444-150-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-151-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-149-0x00000000736F0000-0x0000000073779000-memory.dmp
memory/444-153-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-155-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-157-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-159-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-161-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-163-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-165-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-167-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-169-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-171-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-173-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-175-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-177-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-179-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-181-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-183-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-185-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-187-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-189-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-191-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-193-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-195-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-197-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-199-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-201-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-203-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-205-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-207-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-209-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-211-0x0000000006770000-0x000000000697B000-memory.dmp
memory/444-707-0x0000000003650000-0x0000000003660000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e0cd01e33c02832c3f5f71bd780d580d |
| SHA1 | 4c7a7fbb6021c60be99b37c84cd27c6991022eaa |
| SHA256 | d0664a29aa0d851d636c263bb06f27418a2b9a8b73808a942a433414b639ff58 |
| SHA512 | 4a9f883362ca285a33a7dc79474e4c95a0064278c4d6d2caed04cca218453e26095b9debb9951509baa696977601e95f3beabd066e0d10f1611af3fc6855d10e |
\??\pipe\crashpad_4060_ECSCCFKOKTLCQLGA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b6f884eba2253de4e4f9aa5cc525bc20 |
| SHA1 | 46bfa3601abd77c6e17c923a0c606b76fe7eaac3 |
| SHA256 | 13c51b7befd03fa4f06c084172f7d620d9721d5a011eb44d8b31d5174bb81133 |
| SHA512 | 5ba817090a92ffedfa26367115a44fe66900547f1c4830db56a1b0bd55ef183566e704a902d1d7a87d7f68245523d38c00975dc6afa52ab3ae1d01814da13dee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bb63cbe5dc505128c99e04212181e3bb |
| SHA1 | 413be3f4de6ba77e93d28160b1b71bb79c9896ca |
| SHA256 | 2f82e04524554eae10df1f89a7fc5c98d527c23d1541c22ff6e024799c2d6a4c |
| SHA512 | 6936d20f33f1c2bb958598391ab78ff5596c4d062a866e0ef6f24324e8ca7f59a5795ba23cf8de63685866ca5ae67cb6658a44e373000dabec55b9069249b76c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 2daf1133d555313bb1341635e9d8c696 |
| SHA1 | b70fde7688449380cd6ae52f99aa30ae8af367c5 |
| SHA256 | 3198b16391106f02ad2d94324c321df019d252eb07575e87c1ba07aa533aa67c |
| SHA512 | 55426b5f5d149101b3faa09ec7ae0764ba53b02ec06e47da19107d66c58ac5004a2bc0ff248bc58d94c1834bcbc7710c77f3be2b145af2e740281c3dddb12806 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8299f7745f65ac88ffdf41f144fa8660 |
| SHA1 | 6dccaf71c94eb6a6c3fc306e3ca5f8de77b58729 |
| SHA256 | df6420ce9b0a7b868e41e33c76aae6389eb0cddabdd5cbd0dec1c779c386b903 |
| SHA512 | 1ad37f57ed528cf60aad1244ccc3b97f9d848da8d74db20460e28b2ce5b09c05ad40f980df7f7f297391c72496ed97a64b69e1c99c31e65f3bd08beb5bf05e72 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6673571ee05c732e6b665299bf6f1fb8 |
| SHA1 | 4d22950571dbe87c81eaedad2099af276d1f9fd6 |
| SHA256 | fc057fb5319e0fb5e0a5bf4adebadba745b92db34535b0bd3358dd80dd26cb64 |
| SHA512 | b8a8dddaf5e3014834f2a25fff593d2a11486f16e16aa0b68193cd313aa4d21b45f326e0246e1e33295bf33554a9663878016c896ef330eebc702250b3400d98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4b231db15c10de718fabc9b52081b296 |
| SHA1 | 7ab0d1858f72277ee1d339636e4df287188be814 |
| SHA256 | 457d610ff4665897d1d16e5a0f0294b8ca38ac2ead1d427d706cb0b5747de2cb |
| SHA512 | 6291cbd9a9a34458be2e4cef73c49aa3b8eedfdafcf65eef15ef73f530a4422a32978b29a4dd52768ca272aa41f5179e657eee4bc57caa7de3f066b03d54991a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bf266371a04436c2e5e6b868585b49d9 |
| SHA1 | d2d49aaca676a4a6ed275d19c6b409aeb2ac1a6f |
| SHA256 | 3477c21475a2cf4e7975f207b9dc45c8507f435b78ac31a7e356d83058de0ef3 |
| SHA512 | 137a57b72c2d498210317146f413054f750b3c05572a1d725d2f48f03589c05a98a1685a7ece4ff86263b72fa864deac5c167f5e15ff3e9d9591ff3201f70cdf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a3d9675b0c69d1c08aa5ccacdff10924 |
| SHA1 | cf9db9eb7e8613ad6ece0450bfd3a4a10784efb4 |
| SHA256 | cc2bbb27542a4db73528e2c8dd7c320f563a3d71e2bb7d8c8cb42bee9ac64f61 |
| SHA512 | 061325af5d878ff1605ec1dc84902baf433814136e6c0c6ad5263239d5f9c828f48e8dde1c4703ba22c3e6d2eaea4a79f080ae39878726cf6e12c9cba8764912 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c307f9869fe693a691a26378d6fd7c54 |
| SHA1 | a2196c0ffcb9125f8aa8610aea021f355924c880 |
| SHA256 | be02106326f617c3a3d38945ad0eb2c68342212562b1cf075a4b998b30a7f3ed |
| SHA512 | f7d5ec47a9952bf73c996663c5a6d7d73def07b61a731592f4d6f33cff09eda7ae6935c8eecb2bcc26a1bfb86b047d3fb5a27cab3bad150df9e8c51cb11db218 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7a06f0a5144ed9d901d14e1030bcbf9f |
| SHA1 | b376ea2417f96303721cb6438384fc8bdb5a6556 |
| SHA256 | e1a3035225baebd345cdf510e8a307b10132adb6ebe3a44c9fec696b44d2628a |
| SHA512 | 2c3d6b77581e160c2ef7806b7801e15e1ea1334d552846d3df2b20c02c70eada08f52cb26a5a57067bcae29633d37c91ef9a202635b6cb5db0ed66c4ec5d7128 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 86804d94c1ed80a29d3f1a2005878118 |
| SHA1 | ada63169765362b21720d97c0fe6c6c91bf6aed0 |
| SHA256 | c684168fbed19f8dedb2f4257340a87b974ae603acef11a8f09586451524840f |
| SHA512 | ef054595eef76a45e6f9c4f79d553913455cbb147bd683648bf7ee501cfefb2e6d00776244efd196ed9a464a296df84da359d886b9e23d1ec5e4112a1a9e7f02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9663b0fadbd376e197e2ab1510895bf6 |
| SHA1 | dc5205270d4101b9c72c002dc4dcc57f2199a9d7 |
| SHA256 | 6be56568f4168c975f569513da9b6b1a9e7f73dba1f00d4cc8a03d2211b739b1 |
| SHA512 | be15be0e5d0b271c869aaf710e414e973e74fac2f28c86f6af3d05679f0ae17673025ba053916a0561a08d570e2e393b3d425b94a5b2bfc87b402903945903d9 |