Analysis Overview
SHA256
e2bc20d0cf6aaec78f25a06218bf7029578657dc87c35b3d738dc559f3c97026
Threat Level: Known bad
The file file was found to be: Known bad.
Malicious Activity Summary
ZGRat
Detect ZGRat V1
RedLine
RedLine payload
CryptOne packer
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Reads user/profile data of web browsers
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Enumerates connected drives
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Drops file in Windows directory
Program crash
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Checks SCSI registry key(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Checks processor information in registry
Enumerates system info in registry
Opens file in notepad (likely ransom note)
Suspicious behavior: LoadsDriver
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-01 13:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-01 13:35
Reported
2024-03-01 13:44
Platform
win10-20240221-en
Max time kernel
465s
Max time network
475s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ZGRat
CryptOne packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\conhost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000\Software\Microsoft\Windows\CurrentVersion\Run\kwweifjdskdv = "C:\\Users\\Admin\\AppData\\Local\\kwweifjdskdv\\kwweifjdskdv.exe" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Y: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\unregmp2.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2392 set thread context of 4168 | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| PID 1044 set thread context of 4588 | N/A | C:\Users\Admin\AppData\Local\Temp\main\Installer.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\4183903823\810424605.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\3877292338.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\netsstpa.PNF | \??\c:\windows\system32\svchost.exe | N/A |
| File created | C:\Windows\INF\netrasa.PNF | \??\c:\windows\system32\svchost.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 | C:\Windows\system32\svchost.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133537740395529597" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = c1c3431ede6bda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7cefbd18de6bda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7becfb18de6bda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\AskToCloseAllTabs = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Pack = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9e077418de6bda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\notepad.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffe27c9758,0x7fffe27c9768,0x7fffe27c9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1768,i,3335642123024318311,11214767049159115521,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1768,i,3335642123024318311,11214767049159115521,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1768,i,3335642123024318311,11214767049159115521,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1768,i,3335642123024318311,11214767049159115521,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1768,i,3335642123024318311,11214767049159115521,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4628 --field-trial-handle=1768,i,3335642123024318311,11214767049159115521,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1768,i,3335642123024318311,11214767049159115521,131072 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Aurora X [by RyosX].rar"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Aurora_V2.rar"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe
"C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe"
C:\Users\Admin\AppData\Local\Temp\conhost.exe
"C:\Users\Admin\AppData\Local\Temp\conhost.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Aurora_V2\Aurora.txt
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Windows\system32\mode.com
mode 65,10
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e file.zip -p146312891125116171371883110193 -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_2.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_1.zip -oextracted
C:\Windows\system32\attrib.exe
attrib +H "Installer.exe"
C:\Users\Admin\AppData\Local\Temp\main\Installer.exe
"Installer.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Aurora_V2\scripts\scripts.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe
"C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C powershell -EncodedCommand "PAAjAEsAYQBLAGYAVwBPAEIAIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwAwAFcAUgA4ADcASABuAEIAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMAYQBVADEAQgBWADYAcAB2AHUAMAAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBWAE0ANgB2AEoAUwBTADIAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -EncodedCommand "PAAjAEsAYQBLAGYAVwBPAEIAIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwAwAFcAUgA4ADcASABuAEIAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMAYQBVADEAQgBWADYAcAB2AHUAMAAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBWAE0ANgB2AEoAUwBTADIAIwA+AA=="
C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe
"C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Remove -ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'kwweifjdskdv';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'kwweifjdskdv' -Value '"C:\Users\Admin\AppData\Local\kwweifjdskdv\kwweifjdskdv.exe"' -PropertyType 'String'
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 700
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk328" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 1120
C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe
"C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe"
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Desktop\WaitInvoke.ps1"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\InstallMount.vbs"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\SwitchClear.rar"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffd1b99758,0x7fffd1b99768,0x7fffd1b99778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=480 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2828 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3880 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4828 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4944 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2960 --field-trial-handle=1800,i,3157473718690287683,1137436261891748029,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff793177688,0x7ff793177698,0x7ff7931776a8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff793177688,0x7ff793177698,0x7ff7931776a8
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\System32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffd1b99758,0x7fffd1b99768,0x7fffd1b99778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4828 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1848 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4436 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5596 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5632 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5816 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5952 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4784 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5420 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6088 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2980 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2892 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3856 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6548 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6828 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7024 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7064 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7080 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7312 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7412 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7056 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7348 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8008 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4448 --field-trial-handle=1836,i,14736302442260852086,15590495056087440268,131072 /prefetch:2
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SwitchEdit.3gp"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 104.16.57.101:443 | static.cloudflareinsights.com | tcp |
| IE | 18.66.168.114:443 | cdn.amplitude.com | tcp |
| IE | 74.125.193.138:445 | translate.google.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 35.160.198.38:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | 97.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.57.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.168.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.193.125.74.in-addr.arpa | udp |
| IE | 74.125.193.102:445 | www.google-analytics.com | tcp |
| IE | 74.125.193.100:445 | www.google-analytics.com | tcp |
| IE | 74.125.193.101:445 | www.google-analytics.com | tcp |
| IE | 74.125.193.113:445 | www.google-analytics.com | tcp |
| IE | 74.125.193.139:445 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| IE | 74.125.193.138:139 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 38.198.160.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download2261.mediafire.com | udp |
| US | 199.91.155.2:443 | download2261.mediafire.com | tcp |
| US | 199.91.155.2:443 | download2261.mediafire.com | tcp |
| US | 8.8.8.8:53 | 2.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.16.113.74:445 | static.mediafire.com | tcp |
| US | 104.16.114.74:445 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.16.114.74:139 | static.mediafire.com | tcp |
| US | 20.231.121.79:80 | tcp | |
| NL | 45.15.156.167:80 | tcp | |
| US | 8.8.8.8:53 | 167.156.15.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ip.sb | udp |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | 31.13.26.104.in-addr.arpa | udp |
| NL | 195.20.16.153:80 | 195.20.16.153 | tcp |
| US | 8.8.8.8:53 | 153.16.20.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | joxi.net | udp |
| US | 188.114.96.2:80 | joxi.net | tcp |
| US | 188.114.96.2:443 | joxi.net | tcp |
| US | 8.8.8.8:53 | 94.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| NL | 45.15.156.167:80 | tcp | |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.68.143:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 143.68.20.104.in-addr.arpa | udp |
| NL | 195.20.16.153:80 | 195.20.16.153 | tcp |
| NL | 195.20.16.153:80 | 195.20.16.153 | tcp |
| US | 8.8.8.8:53 | 96.134.221.88.in-addr.arpa | udp |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | 129.134.221.88.in-addr.arpa | udp |
| NL | 45.15.156.167:80 | tcp | |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | 187.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| IE | 74.125.193.106:443 | www.google.com | tcp |
| IE | 74.125.193.106:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 94.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 52.35.249.210:443 | api.amplitude.com | tcp |
| IE | 74.125.193.138:445 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 210.249.35.52.in-addr.arpa | udp |
| IE | 74.125.193.102:445 | translate.google.com | tcp |
| IE | 74.125.193.100:445 | translate.google.com | tcp |
| IE | 74.125.193.101:445 | translate.google.com | tcp |
| IE | 74.125.193.113:445 | translate.google.com | tcp |
| IE | 74.125.193.139:445 | translate.google.com | tcp |
| IE | 74.125.193.138:139 | translate.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.videolan.org | udp |
| FR | 213.36.253.2:443 | www.videolan.org | tcp |
| FR | 213.36.253.2:443 | www.videolan.org | tcp |
| US | 8.8.8.8:53 | images.videolan.org | udp |
| FR | 213.36.253.2:443 | images.videolan.org | tcp |
| FR | 213.36.253.2:443 | images.videolan.org | tcp |
| FR | 213.36.253.2:443 | images.videolan.org | tcp |
| FR | 213.36.253.2:443 | images.videolan.org | tcp |
| US | 8.8.8.8:53 | 2.253.36.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| FR | 213.36.253.2:443 | images.videolan.org | tcp |
| FR | 213.36.253.2:443 | images.videolan.org | tcp |
| FR | 213.36.253.2:443 | images.videolan.org | tcp |
| FR | 213.36.253.2:443 | images.videolan.org | tcp |
| US | 8.8.8.8:53 | get.videolan.org | udp |
| FR | 195.154.241.219:443 | get.videolan.org | tcp |
| US | 8.8.8.8:53 | 219.241.154.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 193.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redir.metaservices.microsoft.com | udp |
| GB | 88.221.134.112:80 | redir.metaservices.microsoft.com | tcp |
| US | 8.8.8.8:53 | onlinestores.metaservices.microsoft.com | udp |
| GB | 88.221.134.130:80 | onlinestores.metaservices.microsoft.com | tcp |
| US | 8.8.8.8:53 | 112.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.134.221.88.in-addr.arpa | udp |
| IE | 74.125.193.106:443 | www.google.com | tcp |
| IE | 74.125.193.106:443 | www.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| IE | 209.85.203.95:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 94.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| IE | 74.125.193.101:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 101.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| IE | 209.85.202.102:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | locate.measurementlab.net | udp |
| IE | 209.85.202.121:443 | locate.measurementlab.net | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| IE | 209.85.203.102:443 | encrypted-tbn0.gstatic.com | tcp |
| IE | 209.85.203.102:443 | encrypted-tbn0.gstatic.com | tcp |
| IE | 209.85.203.102:443 | encrypted-tbn0.gstatic.com | tcp |
| IE | 209.85.203.102:443 | encrypted-tbn0.gstatic.com | tcp |
| IE | 209.85.203.102:443 | encrypted-tbn0.gstatic.com | tcp |
| IE | 209.85.203.102:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 102.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.speedtest.net | udp |
| US | 104.18.202.232:443 | www.speedtest.net | tcp |
| US | 104.18.202.232:443 | www.speedtest.net | tcp |
| US | 8.8.8.8:53 | 232.202.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ziffstatic.com | udp |
| US | 8.8.8.8:53 | b.cdnst.net | udp |
| GB | 2.16.153.162:443 | cdn.ziffstatic.com | tcp |
| US | 151.101.2.219:443 | b.cdnst.net | tcp |
| US | 151.101.2.219:443 | b.cdnst.net | tcp |
| US | 151.101.2.219:443 | b.cdnst.net | tcp |
| US | 151.101.2.219:443 | b.cdnst.net | tcp |
| GB | 2.16.153.162:443 | cdn.ziffstatic.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| FR | 52.222.145.16:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.18.131.236:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| FR | 52.222.145.16:443 | c.amazon-adsystem.com | tcp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | cdn.static.zdbb.net | udp |
| GB | 92.123.26.128:443 | cdn.static.zdbb.net | tcp |
| US | 8.8.8.8:53 | 219.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.145.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.131.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.26.123.92.in-addr.arpa | udp |
| US | 104.18.131.236:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| IE | 18.66.171.5:443 | config.aps.amazon-adsystem.com | tcp |
| IE | 209.85.202.157:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 5.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | zdbb.net | udp |
| US | 8.8.8.8:53 | gurgle.speedtest.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 18.215.19.117:443 | gurgle.speedtest.net | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| IE | 34.253.91.50:443 | zdbb.net | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 3.162.140.83:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| IE | 209.85.203.95:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | gurgle.zdbb.net | udp |
| US | 18.215.19.117:443 | gurgle.zdbb.net | tcp |
| IE | 209.85.202.157:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 63.35.74.224:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.91.253.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.19.215.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.74.35.63.in-addr.arpa | udp |
| FR | 3.162.42.171:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | jogger.zdbb.net | udp |
| US | 8.8.8.8:53 | tags.bkrtx.com | udp |
| US | 52.2.106.153:443 | jogger.zdbb.net | tcp |
| GB | 23.207.215.130:443 | tags.bkrtx.com | tcp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | c2shb.pubgw.yahoo.com | udp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| DE | 35.157.246.167:443 | c2shb.pubgw.yahoo.com | tcp |
| DE | 35.157.246.167:443 | c2shb.pubgw.yahoo.com | tcp |
| DE | 35.157.246.167:443 | c2shb.pubgw.yahoo.com | tcp |
| DE | 35.157.246.167:443 | c2shb.pubgw.yahoo.com | tcp |
| DE | 35.157.246.167:443 | c2shb.pubgw.yahoo.com | tcp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| DE | 52.29.30.126:443 | btlr.sharethrough.com | tcp |
| DE | 52.29.30.126:443 | btlr.sharethrough.com | tcp |
| DE | 52.29.30.126:443 | btlr.sharethrough.com | tcp |
| DE | 52.29.30.126:443 | btlr.sharethrough.com | tcp |
| DE | 52.29.30.126:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 35.157.246.167:443 | c2shb.pubgw.yahoo.com | tcp |
| US | 151.101.2.219:443 | b.cdnst.net | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 172.67.23.234:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | speedtest.boxbroadband.co.uk.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | speedlon.hyperoptic.com | udp |
| US | 8.8.8.8:53 | speedtest.upp.com.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | speedtest-1.london.network.youfibre.com.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | speedtest.swishfibre.com.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | lon.host.speedtest.net.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net | udp |
| GB | 45.10.101.252:8080 | speedtest.boxbroadband.co.uk.prod.hosts.ooklaserver.net | tcp |
| US | 8.8.8.8:53 | lg-lon.fdcservers.net | udp |
| US | 8.8.8.8:53 | speedtest.noone.co.uk.prod.hosts.ooklaserver.net | udp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 31.22.12.17:8080 | speedtest.swishfibre.com.prod.hosts.ooklaserver.net | tcp |
| GB | 45.92.46.45:8080 | speedtest-1.london.network.youfibre.com.prod.hosts.ooklaserver.net | tcp |
| GB | 152.37.112.6:8080 | speedlon.hyperoptic.com | tcp |
| GB | 95.87.111.214:8080 | lon.host.speedtest.net.prod.hosts.ooklaserver.net | tcp |
| GB | 51.148.82.21:8080 | speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net | tcp |
| GB | 193.3.26.19:8080 | speedtest.upp.com.prod.hosts.ooklaserver.net | tcp |
| GB | 188.94.45.252:8080 | speedtest.noone.co.uk.prod.hosts.ooklaserver.net | tcp |
| GB | 50.7.152.4:8080 | lg-lon.fdcservers.net | tcp |
| US | 8.8.8.8:53 | cdn.krxd.net | udp |
| US | 151.101.2.133:443 | cdn.krxd.net | tcp |
| US | 8.8.8.8:53 | stags.bluekai.com | udp |
| GB | 2.19.169.14:443 | stags.bluekai.com | tcp |
| US | 8.8.8.8:53 | 171.42.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.106.2.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.246.157.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.215.207.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.30.29.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.101.10.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.26.113.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.12.22.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.111.87.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.46.92.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.82.148.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.26.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.45.94.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.112.37.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.152.7.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p.ad.gt | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 8.8.8.8:53 | ids.ad.gt | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 172.67.23.234:443 | ids.ad.gt | tcp |
| US | 172.67.23.234:443 | ids.ad.gt | tcp |
| DE | 37.252.173.215:443 | secure.adnxs.com | tcp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| FR | 5.196.111.72:443 | sync.smartadserver.com | tcp |
| IE | 172.253.116.154:443 | cm.g.doubleclick.net | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | a1b6d7bc119de0166059c62fe816828f.safeframe.googlesyndication.com | udp |
| IE | 172.253.116.132:443 | a1b6d7bc119de0166059c62fe816828f.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | 14.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.173.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.111.196.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| IE | 54.77.210.83:443 | ad.360yield.com | tcp |
| US | 8.8.8.8:53 | secure-us.imrworldwide.com | udp |
| IE | 54.229.251.120:443 | secure-us.imrworldwide.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| IE | 172.253.116.154:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| IE | 209.85.202.132:443 | tpc.googlesyndication.com | tcp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| US | 172.67.23.234:443 | ids.ad.gt | tcp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | pixels.ad.gt | udp |
| US | 8.8.8.8:53 | cdn-gl.imrworldwide.com | udp |
| FR | 178.250.7.2:443 | static.criteo.net | tcp |
| IE | 209.85.203.157:443 | stats.g.doubleclick.net | tcp |
| US | 104.22.5.69:443 | pixels.ad.gt | tcp |
| IE | 18.66.171.36:443 | cdn-gl.imrworldwide.com | tcp |
| IE | 209.85.202.132:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | bee.imrworldwide.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 3.162.140.6:443 | bee.imrworldwide.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | d.turn.com | udp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| IE | 18.200.78.201:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | dka43wfita4mryh7inmrwrbzksfvr1709300598.nuid.imrworldwide.com | udp |
| US | 8.8.8.8:53 | 154.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.251.229.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.164.228.46.in-addr.arpa | udp |
| US | 3.162.140.82:443 | dka43wfita4mryh7inmrwrbzksfvr1709300598.nuid.imrworldwide.com | tcp |
| IE | 172.253.116.132:443 | a1b6d7bc119de0166059c62fe816828f.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| IE | 74.125.193.157:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | fw.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| IE | 209.85.203.132:443 | cdn.ampproject.org | tcp |
| IE | 209.85.203.132:443 | cdn.ampproject.org | tcp |
| IE | 209.85.203.132:443 | cdn.ampproject.org | tcp |
| IE | 209.85.203.132:443 | cdn.ampproject.org | tcp |
| IE | 209.85.203.132:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| IE | 52.209.115.189:443 | fw.adsafeprotected.com | tcp |
| IE | 74.125.193.157:443 | googleads.g.doubleclick.net | tcp |
| IE | 209.85.202.149:443 | s0.2mdn.net | tcp |
| IE | 209.85.202.149:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| IE | 18.66.171.73:443 | static.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | ookla-d.openx.net | udp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| US | 8.8.8.8:53 | dt.adsafeprotected.com | udp |
| NL | 173.223.118.19:443 | eus.rubiconproject.com | tcp |
| IE | 209.85.202.149:443 | s0.2mdn.net | udp |
| US | 3.214.172.119:443 | dt.adsafeprotected.com | tcp |
| US | 3.214.172.119:443 | dt.adsafeprotected.com | tcp |
| US | 3.214.172.119:443 | dt.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | 201.78.200.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.115.209.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| IE | 209.85.202.157:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| US | 8.8.8.8:53 | 19.118.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.172.214.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.51.243.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtb.gumgum.com | udp |
| IE | 52.215.125.147:443 | rtb.gumgum.com | tcp |
| US | 8.8.8.8:53 | dis.eu.criteo.com | udp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | 147.125.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | se.semasio.net | udp |
| DK | 77.243.51.121:443 | se.semasio.net | tcp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| IE | 67.220.228.202:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| DE | 91.228.74.166:443 | cms.quantserve.com | tcp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 54.157.187.91:443 | sync.srv.stackadapt.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.228.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| IE | 34.247.62.134:443 | match.prod.bidr.io | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | ads.avct.cloud | udp |
| US | 8.8.8.8:53 | a.audrte.com | udp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| IE | 52.211.95.176:443 | a.audrte.com | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| IE | 176.34.187.84:443 | pr-bh.ybp.yahoo.com | tcp |
| DK | 37.157.6.243:443 | c1.adform.net | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 64.158.223.140:443 | pubmatic-match.dotomi.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| FR | 5.135.209.105:443 | rtb-csync.smartadserver.com | tcp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.187.157.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.95.211.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.129.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.62.247.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.187.34.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.223.158.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.74.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.209.135.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 54.167.240.199:443 | sync.ipredictive.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | image4.pubmatic.com | udp |
| US | 8.8.8.8:53 | idsync.frontend.weborama.fr | udp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| NL | 198.47.127.20:443 | image4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| DE | 52.57.57.202:443 | match.sharethrough.com | tcp |
| US | 34.111.131.239:443 | idsync.frontend.weborama.fr | tcp |
| IE | 18.203.217.228:443 | ce.lijit.com | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| US | 8.8.8.8:53 | hb.yahoo.net | udp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| GB | 104.77.160.19:443 | hb.yahoo.net | tcp |
| US | 8.8.8.8:53 | 91.130.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.240.167.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.131.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.57.57.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.217.203.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| GB | 185.64.190.81:443 | simage4.pubmatic.com | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 45.10.101.252:8080 | speedtest.boxbroadband.co.uk.prod.hosts.ooklaserver.net | tcp |
| GB | 95.87.111.214:8080 | lon.host.speedtest.net.prod.hosts.ooklaserver.net | tcp |
| GB | 51.148.82.21:8080 | speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 45.10.101.252:8080 | speedtest.boxbroadband.co.uk.prod.hosts.ooklaserver.net | tcp |
| US | 8.8.8.8:53 | 81.190.64.185.in-addr.arpa | udp |
| GB | 95.87.111.214:8080 | lon.host.speedtest.net.prod.hosts.ooklaserver.net | tcp |
| GB | 51.148.82.21:8080 | speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| IE | 209.85.203.157:443 | ade.googlesyndication.com | udp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
Files
\??\pipe\crashpad_3592_CVDULAVDZXBUGIYD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 410f0afbc17af710e49e841c0d9b14f3 |
| SHA1 | 00129eaa26642fbb619c238db4454a0639cce925 |
| SHA256 | edfa5b404095eb25b8f9a972df90711fafcb70cb9cf5bc959c776e0449715ce6 |
| SHA512 | 9e442d45a343748e4c7ecf135a74d0da835e5164615f9beacf004445f73e8a03ac8e0670e2d85377fe89a7a8b0ed781a58670daf6b739bf3589df73c176a810e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8d341ac9c82496fa443e5def1e770062 |
| SHA1 | 66dab3bb815dd72b456c40f061d381050928c5e1 |
| SHA256 | 25f3563b1b7deeff51c1b55bd0215d602d4e1d2b4f829fad2e6bb740ab2073e1 |
| SHA512 | 2fb96a0e6d3ed4e836e048f313ebcab066dc3e6ae754c3b92f1ae0abe5385ce60ff48f9c408e2ce58b5678b0290fd864fb593e577ae9078ed3e45c7a9f3bcade |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a64e90f0458914926d450f7738d9f302 |
| SHA1 | 4888fa37a9416954a58d0b0b6a9f76e7156bd196 |
| SHA256 | 988491dfca82e6edb6775e0449f1de021365bafda25ab974cbccd34a6ddf03f9 |
| SHA512 | f0efac02934f30784f66fc271a07146d034987628b78890a2342d164c253a0eb56320f1fcf57110891f1a97ef4a70d2d89c2dc92e0a90b5c6b0861a403682151 |
C:\Users\Admin\Downloads\Aurora X [by RyosX].rar
| MD5 | 89fccf749850ede660ae3fbeac95e487 |
| SHA1 | 1795c36e70b4454784419e475516c1e1a35fe221 |
| SHA256 | ba00978fa3933d128d43f7be77ecd4323284b4bdf1ac80ac0315ef09802749ae |
| SHA512 | eb2b97d321f0bda62f6a698f99debf435a8b040c26a1f68f6769bfa88337887c8dc9c951e9e7ff9dfc78b0f5c730155f4302e89f0bb4c870b3c29b4a2b807807 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 630a62240bfca1ee37d6f8c3c3c7e185 |
| SHA1 | 5bc728e35c6a28f1ae97449e861fbf19fb616184 |
| SHA256 | 4df84e0c32e1a0c3e7a83804adf7b756a2070a7dd0f8812f78d541b66a3110e5 |
| SHA512 | 1e31b785a252c9dac472580da1f25dcd33ec42e265c85c832262727ccc35bff6c78bcfe68ef80eb286b7bbbd3e1c1727c335538b6ecf1e1a6773ab887d1c98a7 |
C:\Users\Admin\Desktop\Aurora_V2.rar
| MD5 | 2319c9c1f8ee867e159c7ec45c62a2b0 |
| SHA1 | 6acacabada1f62bd8a890d9af8ec149226c14d6d |
| SHA256 | 676bd489dd14f999feeada6cea8ac3ac7d01e60a1fa75010c411370d66abd624 |
| SHA512 | eeb46f1d03fd0e87467cc4596c419a00975f9c7ae2c371cf25120379dc75fefce7fe9ec1330307932ca07ed0a5411d0175a72cab9275a96b2f3c9ee7b767e168 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 039817f84c096728f424ea5712a9d10d |
| SHA1 | 11cac5418991fa5adbf310edaccac7571c5f9eb8 |
| SHA256 | 3aa14060f72a2c1cfaf1f26238cd11f23c0dc69ceca6d12b59fd658150636fd4 |
| SHA512 | 69096c2d8ec38888084d668135bb44df0aaf238e68dcf7c6c50ef981f61191f9aaeb8caab675560555dc85cac93826e5673a7e9220249425462c296cb84412fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 45d2ecaffa8c83c94a9d44e54b9226e8 |
| SHA1 | 5c3d486a366c3f7fcce4bebe593f48a5b71ccac9 |
| SHA256 | 4443fe582e74cdba356d1b69c5c9e26483f546dc1c31edd1be0f1d375960c7a4 |
| SHA512 | efa10073a2c348aa7bb295ed475f24148c35c2035273fa0789a0028d55341f702fc9be3b8f508669cbc2e92a0ff7ef26c33dfae86cc537ddf775976509e91ffc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | cb463d41c8b365cc1a66afd1d2d3fb3f |
| SHA1 | 469456419f061237638d7150ec9bf73a0ac20b98 |
| SHA256 | 00b2136e625ed65e2c75c872532baa3eed2534ed27171a179c80d5f64fddeb56 |
| SHA512 | cfb83e1dc0718c7f1cd37141069038705db798ed7db8ef0c76188bc7368fc43e3244769efdb3ffd108a179d58854f44af535b2423accce578b3fcb851fcd0c0b |
C:\Users\Admin\Desktop\Aurora_V2\Aurora.exe
| MD5 | 403c733d425c072e88fc4a61595519dc |
| SHA1 | ad25c881299ef6ac612ea36cdd40884caa479ba4 |
| SHA256 | 96666cb323337b2fc5e3b87369639e637df2bb864a18422fd115c0f8f198b879 |
| SHA512 | 1a30c2be85ec14cb644f3a81062a05b2759c09b6e29245a6856320f47865cd207b694feac6951e1d91c2350cfbe0bdbca2b302d02e92e3286de7bd2b9aafcf3e |
memory/784-106-0x0000000001070000-0x00000000010C0000-memory.dmp
memory/784-110-0x00000000739B0000-0x000000007409E000-memory.dmp
memory/784-111-0x0000000005CD0000-0x00000000061CE000-memory.dmp
memory/784-112-0x00000000057D0000-0x0000000005862000-memory.dmp
memory/784-113-0x0000000003450000-0x0000000003460000-memory.dmp
memory/784-114-0x0000000003470000-0x000000000347A000-memory.dmp
memory/784-115-0x0000000006BA0000-0x00000000071A6000-memory.dmp
memory/784-116-0x0000000008400000-0x000000000850A000-memory.dmp
memory/784-117-0x0000000008310000-0x0000000008322000-memory.dmp
memory/784-118-0x0000000008370000-0x00000000083AE000-memory.dmp
memory/784-119-0x00000000083B0000-0x00000000083FB000-memory.dmp
memory/784-129-0x00000000092E0000-0x0000000009346000-memory.dmp
memory/784-130-0x0000000003450000-0x0000000003460000-memory.dmp
memory/784-131-0x000000000A3E0000-0x000000000A430000-memory.dmp
memory/784-133-0x0000000009B40000-0x0000000009D02000-memory.dmp
memory/784-134-0x000000000A960000-0x000000000AE8C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\conhost.exe
| MD5 | 8340b7602e82921aa8d72ae4f8ea11cc |
| SHA1 | a49524d26639130bc09acb4a0187917fbc5ec003 |
| SHA256 | efee38133480e7ccaa11424d49bb3d8ebdb89ffb1d81a10f6c405337e7d3a737 |
| SHA512 | eab92e881f24d6fdcb061540c3ee96f4d4fa9e26a7ef1ea82743ebca3e64821f94467cc65a2c3e83ee4c9091cc4e714e938b9f583c3dc9f88938555322e04f10 |
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | b21687531efe8dc00a1c8351a761d477 |
| SHA1 | ea3af09ecf64ff0abf3f683d141da1a736c4a094 |
| SHA256 | b3e7a10bd81672567d2744d0bbee638f0b7d8829540659ccb7b532ccee2e0a0b |
| SHA512 | b3d78b761410a15f2cabdc1c98621b037931b0f82628918144f70bd01f9006d8c4c4ac8482e21170710674ebc24eb8abdfa8e3da9be494f19aa3740da0238743 |
C:\Users\Admin\AppData\Local\Temp\main\main.bat
| MD5 | 4edd28bf306d37273a4b30ef3f75d92f |
| SHA1 | db8fbd39931f0faaa160c700435279210bf97cc3 |
| SHA256 | e49d849e2a89613a493a07ee4f15f56cde89073e1dc527a4881846dd03eaa130 |
| SHA512 | b05fb8ff44ce032d09f096de855d99d64f64c03dead392863aa186edd05809fc99825862432dc7b826447b5880fe7b1eeb6135502df35d0227c16691665530df |
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | 9e1805660fd7902b6a5ed908666e94c5 |
| SHA1 | 70841471dfd38de430415f79a0798626c60e1fbe |
| SHA256 | f510f9a612c31b1873f772827b8bff785492b81992fb97444cae274f93dc6aec |
| SHA512 | 93701915485e9b1a33f185b0fce6808e0f7eed430eb0f73b9750c4b0f98bee5f21b2fdafb9082ed73d73f6a4a0c84bc97db393440f6da1922c0bb0856820235b |
C:\Users\Admin\AppData\Local\Temp\main\file.bin
| MD5 | c739dc7d7835f1f4ac33ab32d951b13a |
| SHA1 | ac2a9032f893fe788aec2f5b2ff27676f59b82a6 |
| SHA256 | 4af341c7b8e975368889c1e4fadbca9602e2c17858de8a64ca3ee50ca9e316d6 |
| SHA512 | dc708047e2b77c23cdf3027f7e49f1b01a92970eeb9e31b9e147fac5bdf73747e825bca17c40f8fea0f0fa3edf1868ee1d8c3984f3500570563aa0e1a1e5de8a |
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | 619f7135621b50fd1900ff24aade1524 |
| SHA1 | 6c7ea8bbd435163ae3945cbef30ef6b9872a4591 |
| SHA256 | 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2 |
| SHA512 | 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628 |
memory/784-163-0x00000000739B0000-0x000000007409E000-memory.dmp
\Users\Admin\AppData\Local\Temp\main\7z.dll
| MD5 | c6036e5945cc6de91bc7085ca6935bea |
| SHA1 | 8ba1717eae2d1fa71ab71f6e9d8182669b5a0765 |
| SHA256 | e044b07e4465476885c5db3d993fd29fc7c3a52f29b79f5848c4d2e0f386eb5e |
| SHA512 | 5fde1d27b122c67b0d1a3dcad078adc4dc4dbb681f742c9d7f7120e839154be641caac8b2cc7e0305a901aff9fc451366bc2634a817e919c79c3eebdfcc1e0cb |
memory/2392-165-0x00000000739B0000-0x000000007409E000-memory.dmp
memory/2392-164-0x0000000000D60000-0x00000000013E8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\main\7z.dll
| MD5 | 72491c7b87a7c2dd350b727444f13bb4 |
| SHA1 | 1e9338d56db7ded386878eab7bb44b8934ab1bc7 |
| SHA256 | 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891 |
| SHA512 | 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511 |
memory/2392-173-0x0000000006700000-0x0000000006A50000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_2.zip
| MD5 | f01c7babbccbc52eb09bddb5cf6b0d3e |
| SHA1 | 1eaa1e0680664fdcc4346d85c473c74159ee5e7f |
| SHA256 | 45d3df8fe49f3d75ae63f9bfac027d6ab63866942a83ec182feb986d2cc58ad4 |
| SHA512 | dcca2f83449678f4aaf6e21e62c57d5adb4764d6101a7fc865fad558194b18bd6ea33843b288b651543e3eb7782bf83eb029645cb623f9ab18fa4ef78bd461af |
memory/2392-178-0x0000000006600000-0x0000000006700000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_1.zip
| MD5 | e4ca48380a6effe7a0b89af5ba7f4b16 |
| SHA1 | dc460bdf5f920d52944be3e8259474f622950c28 |
| SHA256 | b307235cdfc1adcb429f8c7bbb9fa890dea97ca75e0d5f41b092ff1587650105 |
| SHA512 | b8e7ff1b5001d389021d05f332d60a82b37e6b010990cf6e4ac9286da25dea516701aebc9e50e15d72dce5d8d3f907b7220cd94ac8796dba95ad277f3ddb740b |
C:\Users\Admin\AppData\Local\Temp\main\extracted\ANTIAV~1.DAT
| MD5 | dc1d146a6c46d5c6f6e399f4a99a9cc5 |
| SHA1 | e50f37db6c3153c2b5d2230aeaa4ec9fadc681d4 |
| SHA256 | 04ce04daa190b0c322d7caaaecdd96495b8405bd0001838735de166407686bbf |
| SHA512 | 642c803e6bfe2074821560e5938aec34db51362593e2013fbb017804d16daade03822043289d17c4a3fdd12dfab998d60f70b639f7a1879344130f0babe2a009 |
C:\Users\Admin\AppData\Local\Temp\main\Installer.exe
| MD5 | 2874167161a444db954b0c42227f232b |
| SHA1 | 14cea2d07600343c78d1176d94cb4da46c043ba6 |
| SHA256 | 6cb2e2927e8f282151e1425142b0b66c8d17e2c362703715c33bc4a0e4985663 |
| SHA512 | 5212137ab297d06bce39c604a944e4bfb4e102debaab1bcf870e03ad9cff975c23026e4c1dec294c93261c091d3536665d12901b7b0e31c3480aa8e8f0f1bbe2 |
\Users\Admin\AppData\Local\Temp\main\7z.dll
| MD5 | ebb140695a8e29bf947327db342b2ffe |
| SHA1 | a8ffd5ece5a14db77e830284c763ae096f42c677 |
| SHA256 | ae31fdcfb3468581bc4189ff71bf22e2c97f71f24126e9f83891120e0c6aba54 |
| SHA512 | fdb05e452dff66c349d1d3da26ebcacccbf96287eb297a3ae6177bf22aeb8bafa8c66f3b77e582e3d9d3bc14c0263ec049f7673b2645a0362db2976000b5138d |
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | aa884e0711107a61cc56aa662cf731b3 |
| SHA1 | a48bd2ba85ee6717b47fb4809491dadf3b6d4c45 |
| SHA256 | ff698eec9b3b0979e40b906c2a7a8358ac931d4d96685fe5c00fd6dd8e3303b9 |
| SHA512 | 5b97dcf19a465009b11346d95648761047fce2298fb8a81fd6a42ce3baa4eeb47ca726e24a3d6ad2b07f41aadb3c9757aa298d023dad8a2cb98a98d76c554fb8 |
memory/784-181-0x00000000739B0000-0x000000007409E000-memory.dmp
memory/2392-168-0x0000000003B40000-0x0000000003BDC000-memory.dmp
memory/2392-191-0x0000000006A50000-0x0000000006CA6000-memory.dmp
memory/2392-192-0x00000000739B0000-0x000000007409E000-memory.dmp
memory/2392-193-0x0000000006600000-0x0000000006700000-memory.dmp
C:\Users\Admin\Desktop\Aurora_V2\scripts\scripts.dll
| MD5 | e169df04bee70eb4dc28c6f73bb1ac78 |
| SHA1 | e9c5d577fa6da41b0b7160dc2f6a5511645b9fb3 |
| SHA256 | 6407f50f47d3bc49518c6ae8d0b63870dd9c22a003c25aa260e972d5a4123331 |
| SHA512 | 488a02a55ad02e85f6faef1fa183daf570911582b2fb3d07687854ba989496fa4e968ffa4d42dbe55b63a7d99974d46427071bfcbc6610c43a4964fd6dda94a1 |
memory/2392-195-0x0000000007000000-0x0000000007192000-memory.dmp
\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll
| MD5 | 544cd51a596619b78e9b54b70088307d |
| SHA1 | 4769ddd2dbc1dc44b758964ed0bd231b85880b65 |
| SHA256 | dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd |
| SHA512 | f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719 |
memory/2392-201-0x0000000006600000-0x0000000006700000-memory.dmp
memory/2392-203-0x0000000006600000-0x0000000006700000-memory.dmp
memory/2392-202-0x0000000001DD0000-0x0000000001DE0000-memory.dmp
memory/2392-204-0x0000000006600000-0x0000000006700000-memory.dmp
memory/2392-205-0x0000000006600000-0x0000000006700000-memory.dmp
memory/2392-206-0x0000000006600000-0x0000000006700000-memory.dmp
memory/2392-207-0x0000000006600000-0x0000000006700000-memory.dmp
memory/4168-208-0x0000000000400000-0x000000000040E000-memory.dmp
memory/2392-210-0x0000000006600000-0x0000000006700000-memory.dmp
memory/2392-209-0x0000000006600000-0x0000000006700000-memory.dmp
memory/2392-211-0x0000000006600000-0x0000000006700000-memory.dmp
memory/2392-212-0x0000000006600000-0x0000000006700000-memory.dmp
memory/4168-216-0x0000000004E90000-0x0000000004EA0000-memory.dmp
memory/4168-217-0x0000000000400000-0x000000000040E000-memory.dmp
memory/4168-218-0x0000000000400000-0x000000000040E000-memory.dmp
memory/4168-215-0x00000000739B0000-0x000000007409E000-memory.dmp
memory/4168-214-0x0000000000400000-0x000000000040E000-memory.dmp
memory/4168-219-0x0000000000400000-0x000000000040E000-memory.dmp
memory/4168-220-0x0000000000400000-0x000000000040E000-memory.dmp
memory/4168-221-0x0000000000400000-0x000000000040E000-memory.dmp
memory/4168-222-0x0000000000400000-0x000000000040E000-memory.dmp
memory/4168-224-0x0000000000400000-0x000000000040E000-memory.dmp
memory/4168-226-0x0000000000400000-0x000000000040E000-memory.dmp
memory/4168-227-0x0000000000400000-0x000000000040E000-memory.dmp
memory/4168-230-0x0000000000400000-0x000000000040E000-memory.dmp
memory/4168-233-0x0000000000400000-0x000000000040E000-memory.dmp
memory/4168-235-0x0000000000400000-0x000000000040E000-memory.dmp
memory/4168-232-0x0000000000400000-0x000000000040E000-memory.dmp
memory/1044-245-0x0000000000E00000-0x0000000000F00000-memory.dmp
memory/4588-244-0x0000000000400000-0x000000000040C000-memory.dmp
memory/4588-250-0x00000000739B0000-0x000000007409E000-memory.dmp
memory/4588-251-0x0000000005160000-0x0000000005170000-memory.dmp
memory/2260-253-0x0000000000220000-0x0000000000270000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log
| MD5 | 90f2958528f036abcae48d93ede6f8ce |
| SHA1 | e5a6935d1c874d66766b83882e49db9d84be3b8a |
| SHA256 | 4a32fff3e568bf2d9ae0f88279de7009f7949d4030a3a0005e56171268b9f74b |
| SHA512 | 0c89f2b88e89c9b77a0e4d034513b82c70fa5c57ec976eb418202472eb5ab582e184abfe696927526da0dc687c14e24c9cee1d39432e5f7b4a67b60e0ad25b91 |
memory/2392-258-0x0000000006600000-0x0000000006700000-memory.dmp
memory/2392-259-0x0000000006600000-0x0000000006700000-memory.dmp
memory/2260-260-0x00000000739B0000-0x000000007409E000-memory.dmp
memory/2392-261-0x0000000006600000-0x0000000006700000-memory.dmp
memory/2392-262-0x0000000006600000-0x0000000006700000-memory.dmp
memory/2260-263-0x00000000029D0000-0x00000000029E0000-memory.dmp
memory/2260-264-0x0000000005A70000-0x0000000005ABB000-memory.dmp
memory/2392-266-0x0000000006600000-0x0000000006700000-memory.dmp
memory/2392-268-0x0000000006600000-0x0000000006700000-memory.dmp
memory/2772-270-0x0000000004B10000-0x0000000004B46000-memory.dmp
memory/2392-271-0x0000000006600000-0x0000000006700000-memory.dmp
memory/2772-269-0x00000000739B0000-0x000000007409E000-memory.dmp
memory/4168-273-0x00000000739B0000-0x000000007409E000-memory.dmp
memory/2772-274-0x0000000004BB0000-0x0000000004BC0000-memory.dmp
memory/4168-276-0x0000000004E90000-0x0000000004EA0000-memory.dmp
memory/2772-277-0x0000000004BB0000-0x0000000004BC0000-memory.dmp
memory/2772-275-0x0000000007780000-0x0000000007DA8000-memory.dmp
memory/2772-278-0x0000000007750000-0x0000000007772000-memory.dmp
memory/2772-279-0x0000000007F00000-0x0000000007F66000-memory.dmp
memory/2392-282-0x00000000739B0000-0x000000007409E000-memory.dmp
memory/4820-283-0x00000000010C0000-0x0000000001110000-memory.dmp
memory/2772-287-0x0000000007E40000-0x0000000007E5C000-memory.dmp
memory/4820-289-0x00000000739B0000-0x000000007409E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xclen0n2.mg0.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | ae858ee8414e0f028a20d170d3d7c2f5 |
| SHA1 | e84ccb8754bd737480355eb69ad26e078811857c |
| SHA256 | e11bb88e04e40e5ca7af2887a037fbe3edcf863e08ca6b8175ab767ae3a57b9b |
| SHA512 | 02ac68adbbc9e475a7fe86c4104f07ab42059875253274a5bd683aa90260cff22649b3cfeff874369efb2cc2e3d9382f0dcc7a842b2d1dfba70f6606c145c4e0 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | db01a2c1c7e70b2b038edf8ad5ad9826 |
| SHA1 | 540217c647a73bad8d8a79e3a0f3998b5abd199b |
| SHA256 | 413da361d77055dae7007f82b58b366c8783aa72e0b8fbe41519b940c253b38d |
| SHA512 | c76ff57fcee5cdf9fdf3116d4e1dc0cf106867bf19ab474b763e242acf5dca9a7509cb837c35e130c3e056636b4e8a4e135512a978bcd3dd641e20f5bf76c3d6 |
C:\Users\Admin\AppData\Local\kwweifjdskdv\kwweifjdskdv.exe
| MD5 | 53eac6a1efcdd851ac025fb7bf7e9ec1 |
| SHA1 | 9e945fc8fa397dc13c993b2ea7bde07648d2fbc7 |
| SHA256 | 85678c213dc5d11411070297d3e899c3c052dee7a2ff1a0ccc26990c7c5f9aa3 |
| SHA512 | 40db6da535d3f2e79127af5795f509ab0a666a493176dfc3a48d82640894c14563ecd5cbec2671768e4b17cb6115308b009f405f1f8e017162d6881ccb95f8c0 |
memory/948-925-0x00000000012D0000-0x0000000001320000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | bfe26c884d6446bdf66ae7ed0aaf5730 |
| SHA1 | b0beacc9d6aa7c7561c846ae0e49dda1da819963 |
| SHA256 | 72f8738485174d528b665df1084ab3aecaba0368a1e564fe9815836b8104b538 |
| SHA512 | 63582d56887087d0be3a109b8ab4a6b8f550bc49aff3d4b9ef4e97108ed65cfc7e3cd87531314cc32fe2046e7dfce80e404cb27e0833e5f6b786517aad575077 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | 5abd85bde6ef676c9a36a345014f9bbf |
| SHA1 | 090c86546d557ad0f0f47c942d0322e05d201459 |
| SHA256 | fdd10e530931247c3012021eb869515eeebc0814c5a41b904dbc01458c3d06f0 |
| SHA512 | b8d729a64f3ce1116d12f3418db29553de1353a68c5534d2a675118c644d784c359366cf38fd2da625793171a201abdac26e621fcf2968f6c559da1c29e2a387 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13353773774712138
| MD5 | 5dda46a0d8d6bcd65ab49a25cd2cdfad |
| SHA1 | d144cebef45f64caa0277b042defa10b4cec6f01 |
| SHA256 | 52654e9fc8522325c469744d142056c633f754228d8b2fc97a7576b2d7bb200a |
| SHA512 | 33d0ada6aa3798fd6106511f27a34964f9f46f89e06fd5f776f9f6b140d58e66e7af28ccc677a230c75a71bed35f2246391c1d23999f615a1e5474dbb1777802 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 207a51542be0d62469615eda4e764ce0 |
| SHA1 | 8baab7805b5b736e0d870ff68504463196d2696b |
| SHA256 | f2fe6acc3a755ae7438c1ee009642b2770dea932be3075a6c67a7b9f400cf59d |
| SHA512 | 26ad257127d33e3923c68e8a764e1897b2272e88e1527f3634f13a7e675a68f33895c55011d2152ca1e217a4dc8e4e294eb04addcb2298aaff517cc4c6512305 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | f67700ce718fc50748cab758d26f0583 |
| SHA1 | 8dfc9a2a0d6d5d059cf829c69b562689daed317f |
| SHA256 | 512eadbe2ee8f427637d7a954b1ea6fb234428058975d272e3a1dcadc7c9f65b |
| SHA512 | 733973a07bc77a1d3300e45cc648e0383575e7100a9d4854531a8539c4f38d7990aa59ae7efd4c71cfa8e1f76e3347f821d4efd142209a88f57d92fbc735da18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
| MD5 | 0aa0bdc51b83576e3552ce8c99792042 |
| SHA1 | 89bf8b2d200ec205a251739ada767b99ad11e800 |
| SHA256 | 455d8766fe5effb9214be345241ff3fd45c213487df5a5c2483130f4b5ce29ee |
| SHA512 | 9bc90d0591b2f7af172cc5a90653cafb3927bdfb96ce37e2182c840530848fd44954dd3a59667a9957abaac5b381b17b48a8b12e18c4d5546197965e855b81f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
| MD5 | 32306aff7f2269e8c5111e72182be578 |
| SHA1 | 7d1259589193567080c7b2dab771a5da1e31621a |
| SHA256 | 348b5d18a508ddaa7d9461d8a696c58fc356ad335e5c37ad55f45f872206b241 |
| SHA512 | 905814d738ab3d410fb2bb474f9a25d3bd92a57b435c38d9d4822196fc00612aeedbd7625fc50435a2b7e301ae9dc583ca48f80b3d030e3611f36bb83b167069 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
| MD5 | 8046b6c1a00092bee4e978867f8f1b90 |
| SHA1 | c067f56dd246512d228ce0c53d870a56be71fdea |
| SHA256 | 11c44355213885b378121df5504ed0b9fa9375f1d4cc3af5c8f8c15e7f71c208 |
| SHA512 | a650313741bfe9f174086a03c2b8ca5b4c736b92f6c45420f0995fd8ec62c5305e5b24fdc9f752e56f6b28fab7e0150df2e111b0a2c79f81e2e37834002be53f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | e0f498ac244f907c18c6d7b2ad9a5f28 |
| SHA1 | fe07b83dc81844e433feb117fbd25aebefe83e68 |
| SHA256 | 6f94c5496bc11ce18b38816cd562a80bacab0468e5e3e2699f2142243d39ffec |
| SHA512 | 3d82075298b29ec74cf64416e511a8607442c066c941565cec9cc10b58a0d71b241f5dc0a6cb365a7635a2b7508c48f27d0ac348563becf88aa14d1eaef99577 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 4cf150197b1c6522d289f73ffe25e7e7 |
| SHA1 | ca5b1e69c94f828a9c5953a4da5acd4cc25a2765 |
| SHA256 | 02c5c5a4b56933e01cb1972afd2fb95536e5dd789892b195091b33d56176bc49 |
| SHA512 | 268aa62121ae79f960b7b9640bc4e30fd4e315b57b7e9619d3c1c99c5b5276665f1566e2b08b1bb1e0cde3af3e14b2fe00f826f7ebb6463efc59a7f0c0af97f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 5537af63387cf44c4ce7b229b28eb828 |
| SHA1 | c2aa68d517a2b9cc14ebdd5ff94e45f7b6b85363 |
| SHA256 | f9340ce71902fd6401510eeebcb9b4de61ab9cf33ca23d4c09e9b0238e495c36 |
| SHA512 | c4497303339e74941ecca522eb082a7fb758e004de4db693836dd25d250628559fde75d599e51e78a8ce899b03dfb4ad5272796922a920d22589c267bd014919 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 0780e066f709e3d1d21b5c5b4b8be509 |
| SHA1 | eeebbe6b5cc23727e1c70f68fd8994945f20c821 |
| SHA256 | b317826793287219645e73fbe990d4377514e4996e335410b6d36ccf29afc7e9 |
| SHA512 | 981e2893a99d22073837bf2f6f831e6589ee362af1aacb95feb139dcf91269461c2da469f8b85808da6ce9cf2a0b8e48cacefc2bfb4d13441cb931c313cbccd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | c4558412736e9dd6cedf72ff5eddc697 |
| SHA1 | b40787b86bff27a82ea5b36df173c04efab7f1df |
| SHA256 | 99be80224442e57f20432db4e00b9df542874b7b6a741c87f312a10b2c285730 |
| SHA512 | 940754fddd21cc3661715f3fac120faa93444fe136f20e48d33287243fe7da4a9694d7c23627e413fdda7534fe13d52d98df1ef1f43268280f1ee859ee848d82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | dcef0c64a9f00c4fb359e96c02572bb7 |
| SHA1 | e719dbb98c2227e128c5afcf4dfe39b779f21ef2 |
| SHA256 | 508a92d614bdb3ab04c15b562d2b1f059d0fef58b5e811e06d1b9dc6a8c83e11 |
| SHA512 | 2b9b927d42cba357d37106fee4c807a6463fd8c324d88ee5e330bdd6943071e58c50bb8f8a377494a984395758ca82bb5285b3efa9c2c51cd1c953c920f02a32 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 0ec655159ccd5110aa66f115ebae5efa |
| SHA1 | 4ef643ac97f4bcb651058ff3eadc6c8e5a8b0eb1 |
| SHA256 | 060cdec6666a5d48518e47254435d91e6627b2152d9bd18c271ff119f353ca6e |
| SHA512 | 89572b4489d98830cf2b30fa4206b7cc274e5b052d02fc3de7bf52a8e39585adf9e682cc5cef76dd786e3018264a2f4d7922a5a716780025e670c044533319ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9e5aa35ae6b25399ac7523e26cef77a6 |
| SHA1 | 6ff271eb37dffabd1de15c6529bbccc4287dc9a7 |
| SHA256 | 3562b30858b8b82c430ca85d6f064aacce69818e0cf14593ffe3bc6888d20752 |
| SHA512 | fcf6b48f630805d2cad93e90a589fc50c1558e10562227e981d79bc0ef241f1a94dacff9b9947168eec87e0e4886ae6f8510272e4b91c713217e0b220fae2152 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5f962ef84fe7709fb9feff47fb4a6fb0 |
| SHA1 | 2332e39e10067b40a423674f83d5ce4c7ee37d28 |
| SHA256 | 49fb002446abc543a7f08eae2cb92114af8bfcf81863f278cd3dbc3909fe3c9f |
| SHA512 | 74e025a992139d10f60e26d1b90d0aea03e530d1ee124c98bf43d2524c3d196119012977a44f6f6f956bedadfb0aecf6a4a8ff602be2fcf52e54be3e10fafcd3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 86c7600be15e3cda4254e2af0f6b2708 |
| SHA1 | cab042776d11cbed02aaec4991aa44a340a08819 |
| SHA256 | be2d43b7e07a9197b262ea8229645b0edf991d622ebf5273f58040f1822139d7 |
| SHA512 | 80c8a2e3f39d3852d7e98097174f94551dfb411b082155fda6577b4e5e8c1ad162cd50f68b7a848794fa32396af4b355b1d309a1047adc716de13b1fb70df11d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8e5b246a2ce4af5a3e416802df3eba13 |
| SHA1 | 0eaa8bf19b6a5162135b17a724d6dd51b07d9cea |
| SHA256 | d14232f9070ffdef50323448ab2a36a4f7dee060287730537ea4aa29bbf70c53 |
| SHA512 | 490e0b605e13edd97d4073bba89f07e7d94ca6032675ae12bbfb8e0a1532ec665822df633abcaccb90f03a5e8e5fef7093e172367b466841856a5202c294fd48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c841565fc28909757e94c99cf2e3b9f5 |
| SHA1 | 8e206df702c5d3b4445afc10bfc485dcbc6e2a26 |
| SHA256 | 350deb03b4a9f6d13315a71570d26db54adaa03720ecdd9558ef40510cd7879e |
| SHA512 | a0f5058f788a8a9cb287d2a70aebff32374f918286dab93ec240ff0c906df126ab2f95667a311ba5b12d09fdba7e6c59b828949025d40a009dae21bb39710439 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f310d07ae7de1c5271d42c5985b4e50d |
| SHA1 | 6d755982245344011da510139ab03036f0e96b1b |
| SHA256 | 6a4f3a7a84634ea2dfa3017046b35640402ba741b97f96130363c3bb0f8eb5e7 |
| SHA512 | 7df745312c88489de094c2141b1fba7ea09b26f5cbef7568346f8b7f530603db3ab5c05c741e65457ef5987c838311ddf6c3b7d47220f3f58ab88864cf9dbc49 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
memory/436-1120-0x000002673A380000-0x000002673A390000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4ZT7HBN4\favicon[1].ico
| MD5 | 9c9964c95355aab3c179df77b9b9e558 |
| SHA1 | 50e995f391853ed2b651a0c0ff5a2ee6a2421a21 |
| SHA256 | 8f80f6042654d323d0b9012e5a66e6824c277cd9ba49a2bd997333e186aa2ac4 |
| SHA512 | db7c9ff754284dbfb6e90d0c666eddf41454373659c95551bec84fb8bae092585e113685770f4c61a88743ede45a6e05dde65a95a06f9fcd160ed0cf210e99a6 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF9708DEBD98BDFC96.TMP
| MD5 | 3fb6631fcd049ae2c4812896745ff507 |
| SHA1 | 6e839c4f65ac0911899e40749c90a5306c222902 |
| SHA256 | 5a06a5c3c51ddeeb3cbead4fe0bb9bdc1099cd88bacbd937b040041b210d20f9 |
| SHA512 | 2963a3515762b232f5fe86196a940e6646099fdc399259f217710c3087179572ce1e2996c9fbe9e165fa26ea02e8dbb118c31548286692c4991a0eaebbd9562d |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 98df921f667bf303621c789390ed9f2e |
| SHA1 | d9c82e51534cf1c2eb5a255286de6a09ca364d1a |
| SHA256 | 8b8497d37fa9ddd44e275aa7631d7c7173c384a501d11e73e3d4401513c4bbe3 |
| SHA512 | 58e896295763c2729c5a19986356e7cc7706265bbda5cd9cec98201ec9ce86c4b68a3e388c86aba198870ca4b8ab1a7876f2d8e1fff7437216dd2789b3ed3796 |
C:\Users\Admin\AppData\Local\Temp\tmp32359.WMC\allservices.xml
| MD5 | df03e65b8e082f24dab09c57bc9c6241 |
| SHA1 | 6b0dacbf38744c9a381830e6a5dc4c71bd7cedbf |
| SHA256 | 155b9c588061c71832af329fafa5678835d9153b8fbb7592195ae953d0c455ba |
| SHA512 | ef1cc8d27fbc5da5daab854c933d3914b84ee539d4d2f0126dc1a04a830c5599e39a923c80257653638b1b99b0073a7174cc164be5887181730883c752ba2f99 |
C:\Windows\INF\netrasa.PNF
| MD5 | 80648b43d233468718d717d10187b68d |
| SHA1 | a1736e8f0e408ce705722ce097d1adb24ebffc45 |
| SHA256 | 8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380 |
| SHA512 | eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d0bd61af-d41c-44a9-886d-14f4e9de7429.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d3f0fa4addb8ef7165485d2344bac5a6 |
| SHA1 | a07095a02b8f822fb6d5104a6136dd7aab16d84c |
| SHA256 | 648b2bf395a7428e1068a21e82cda31331d2b5200d9e8d499939cf9ecc8e705a |
| SHA512 | 49a6356b26f3966fbc380ef519dc4e5a3f05fcdd4ec2c6b2ab043b882f456110256dea732edb4814385ff72350f27610fb7f3e38979e255a0274449d02db49e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c541bf28a2e9d645019ca399419f85bc |
| SHA1 | 838f8ba72f2c88ac534463342c328ead622318fd |
| SHA256 | 79e037a4b6b84bc9508ad40f180280f582214e1ddf352c41f5c9328ba633ab04 |
| SHA512 | fbe9a7c3dd136d6bc3dcb2de1c52621b41f5eca4c0e097480c1cfbd76870988c9a750384e768c74a3677b7144a729ad7f80f1095bd05f961a3bf62f13e47075f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ca809b4b342c9b127d7d11d7d7108ffc |
| SHA1 | cf9bc1d32cc33e33ed735e30362ee06d5572399e |
| SHA256 | 400210d71197238e1cd77fefe0615d80c362d8f347b9d7e6556e4e9caa245c21 |
| SHA512 | 4897bc5167df1ba2bc04e87f6ace5821e183dc8fd3531c54d41bd3beac53232edcfd40221a2f8fe7459581372c6da04fe7c21de15fefc5b111dbb846486138f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 89d79dbf26a3c2e22ddd95766fe3173d |
| SHA1 | f38fd066eef4cf4e72a934548eafb5f6abb00b53 |
| SHA256 | 367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69 |
| SHA512 | ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 67050e363b5fe7543996fa974ab86345 |
| SHA1 | b6811ba099f4fc18e366bdbdf08fb8dbb41024d5 |
| SHA256 | b48a82298382905fa11dc5411784a28ffb022dba3c225fd4d5cd38885f2b8dc8 |
| SHA512 | 2d26d66b485bebe77356533e2508a7e0e762a832d6db1d4319c3f834fc44e551991eb14284e03242c9fe11d135801ed7970d5d802ccf0fb414a6a7f7b122dfb2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 753e75a765b39a23bef566340b15c4a1 |
| SHA1 | 271117416078f85439b7f748d2bf6e341545706c |
| SHA256 | b7ef6e4d71d219469e4d0044e2d8db504c1c2e33d62ac2a4396690203695e0f5 |
| SHA512 | 50d8121563431f1bedd2629bf4637f704cc9f58530f35ce8c3aaf35192ae15be089b36f5621eaf1af0d5df60bb17dba2859e3dde7ad18b997de85fe1f0407843 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 479cd5967499db3ae5e329fe29d354e4 |
| SHA1 | 79a63478cd7406273361e69eee11ef5f1e4d9284 |
| SHA256 | d50c5d731800493df53e46bb742ca764beb2c875ac63d6e7f4915c9aa9d0979a |
| SHA512 | 952152b49362a215af87555bc54b259c092852fd90e01dc20a341675102f128c71e960b9af968470b97a2a937fd5c9f7b2d04ab048ae89a6c3da6838d84663a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 39770b61e1004479818f5abc7951713b |
| SHA1 | a812f1c5cdac0297be6ea3d62ce8e1c2bcbb0700 |
| SHA256 | 144a3b107e9162d36fe55fff5e99a1e95ff27ec362491778c6846d12d56a0aa0 |
| SHA512 | acb0134e427f711f77ebc09e6f81031ebfb714c7f8560b3ea225047f145bbab26c0cf9ef4e9e81682abbad903b67f58b29034d0c4ab343cb0f1881d053085450 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 40f365f3f37116b78e1e2723a09392f8 |
| SHA1 | 71e8dfe6647534e498cf4dee92bcc9929821de26 |
| SHA256 | 80f7eb7d2df7e347bafb954e6a7a31a88ac0ac6de61229d319922fe1a758e1dd |
| SHA512 | 15d4b658dac4fac7398fe1e49c27ad5ba93fed4be1d4fc806d411d5312910bb13449cb405fd9515be1e11763104f6dbc51329ed85aeebef1cf02fb414a0375f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0cc3f1059048b9c1f9ad2102db83455c |
| SHA1 | ff32a1f5cf207ce8d369b1b9ea6174744a21113a |
| SHA256 | 73510d8b25c5826f7e935106ac5922d804143522b11c128e64fa96c92872569b |
| SHA512 | 610c26cc4cebc3a794335eba6bdd31702fcbf8de93657e2252f5ac817ef0ad6123a762798a9c9bda0393cd5178deac75ad34eef7dc8aec2a25580618151980b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 20b3a225a1804c4d91871e53d9f51ebc |
| SHA1 | f154cf6f990c81f555797a1ae644ea3116052a70 |
| SHA256 | 753c0b27445d9b78bd8133f18fe38784f3258205ab131da68a6d43a6324281f5 |
| SHA512 | 94296cac01c7334e6ec8f5dfe2db2e81fe68af68b9e268d8f0b1735238a6a660ea0f75a5219c3efb430991dd63772b6ff19a1e193f233d1e7b55e1f163be7785 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d
| MD5 | e1b1b180e0ac6fa588cc6a536e379f84 |
| SHA1 | e850ccdf4ca521e614e6c1bf31e4a2dfe08ae462 |
| SHA256 | 72d84e0126277ef39e8ac647c57330904b3aa34f238ae51b671472db6bfcea0c |
| SHA512 | 2031f73585c9d6c8966ddd65e4534c391dadeccb875b659054f96dd7a6114fa9b2ca99593b0f74cba8b90b358b141404db12d4dafd3d347d248b5034e54cfa01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 836a27034a1f3e576630eda32b9db25f |
| SHA1 | 0fe3018b916259bf151f6f850f55266a676f5a5d |
| SHA256 | af39078e2bc769599623a483d01de8803064f212a0045b293ae38a174ba15671 |
| SHA512 | e9febce32b9535c6c41d3fe6920098e8ae421f152aaa1aa985f2f0969ae129f804b44c0b9a5218be629a403b61b50ddd7eb5d0f42ea720fc18f63ce031b67159 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0e08386a29185563569ab4df205c7295 |
| SHA1 | 0682c08a2577ec00c8a84fea279110475296284d |
| SHA256 | 59a7154110f8aac4e8cb6fba544fe676058cb11772df5f77febc9ebbada7f359 |
| SHA512 | d432b3ab8eb20bd4a062b70180587b4aef83aa424c0eb1764c570947a9b8449dba27a2b82ba0e796f89e0d60777edb0c839771a8d7578add16223ec6cd620225 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 52dedffb75ef044d9cc43d039b92f023 |
| SHA1 | 34fca5d1b2db8ec06a20b5fee725584d77fc52e2 |
| SHA256 | e3961b03fba2938507d852405dcd97cf6b2a713474f59d8e8e0c4cf50f3e5280 |
| SHA512 | 32856f62798511131014e849d26db503703f73c478029a9622b3801765f932ba93bfc60088280358b267972364e8f9c125a916a598d15a20fbd33fecfc15c453 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5e3b13.TMP
| MD5 | eccdd28845e2eacbe7f9cbd6361eb116 |
| SHA1 | a05f2ebc7fc05cdef37e388ca80d27a5557501bd |
| SHA256 | c3588abda3269c343178479d5baecb0b3e6033c9035d4ca7cedb1a73ccbddd39 |
| SHA512 | 07c7da74a997c7e4ecb5c1c6841d4bedb80125249a8f42f0ed206940abbbf9ab53058bdbbec92498dda2eacdb27b1ce0d3377c5a01cf7f3c07ac2cfe9b40722a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4b7bc99078eaefbc21bf42e13128c467 |
| SHA1 | 890728007f4a10c3a96b92290cc15d518a96f620 |
| SHA256 | 3dcf3a150541f7605af481147f7cfb9eaf4ed9be7c8746f96848a150191f5bbb |
| SHA512 | 9fdafd673ccb6c4cb23f3924e0a12d72be1b412714dfa1e601b6c107072cc601194a970c25aab2af5f037d862efe59be99b15d0345ecf18b9544669e1a5d3d39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dca8ef097c3e588c6d2586e02674584e |
| SHA1 | 45622d28482f3b5ed34c59acd25f916e881abea2 |
| SHA256 | 42dcf38822d9f445297fe248007b07f2cc4d561761d4ceeb7714a284a90fd10b |
| SHA512 | da6139f115d9d8650b1d5263453138fff20ef658fb547e9fe1d9d78f42bdc5b5260843be5ba86d0726404a30a09ce7efde0243f338d6089e558db93f058ec0ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f61be35e932b1f9bd86a426218971b41 |
| SHA1 | 8e956cf74b8bbf034fca3c291f4ffe3c269f135b |
| SHA256 | 2727f7573b45831e22843d87972e870338ac522838a77ee6e80fc05cf6f8b2ce |
| SHA512 | aaa7c808e88e8c61b5e86cc2b4656277212da058b2c9c94d347e5024fdedadbf2b1bc3ba2b309c60e0bd0c8589511c91cab19795b0586b8f226fa8548fa4295b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 414daae6d97ad3a72b48d2bf6fff927b |
| SHA1 | 807e3029ec0ffd50e97664a0b90481e0b0676bfd |
| SHA256 | 5fc08f6833a54ae39c4e88cf45983e0d723816d93b99fbda566235f2ba230a5e |
| SHA512 | 34bc49da739c030ea5084fa7fc843b4c7762dfb872f723eaad168ecbe800686f7a3eda1f3b6cad5ec28d83d799de7b7e0291cf9b5cb17b3c7401b51c928d4799 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4b6f6b8f32cba2cb94142352078e1125 |
| SHA1 | 0d0336e87f5fe23754e2c6858027bcf0b918ebdf |
| SHA256 | 65e58498caefd84e2aaf55061a11522475a26852c965090d73c1e36275a67cd0 |
| SHA512 | fd76313ab53b801faaebd162c7ce177bfca585bdec2c0379e83c60fe17b8b136764c7a608171db4febfbef9bd4d476dce51bffe25638658c7eb75329d5c1962b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a91c093298b20943b1b1892ff7c6c63e |
| SHA1 | 2d8716b7d7b164ef34ccd5e2a7ac1971616aa3b6 |
| SHA256 | 3afd922494e23e9ef6c1ec4021cb17e8590ffed6830150876d1093a77f3761a0 |
| SHA512 | e1148319456c5e06867a8abfdafa3aca7b115df2a7b6aa2485f03ade9d1a444e24eb640d537ad403eb136f9488bce7ab1715dbbe786610eb2fc1c1c6483f8b4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 44e89f402119563e312da2dae88742d0 |
| SHA1 | fe7a1a5e7244b1f79a64f41a691b2184dc743eff |
| SHA256 | 312d92ee9565654707db383f35f7c6e4b905d9b8d938e3f620a38c1097c142dc |
| SHA512 | bbbd9bb1660af718dca0630ac1cea9517b961901e6fd9e75ee88f50912ea2fc27d3220bc7fb9c176d05cc8374f7a0403449b5cc92b124a386f14c4977ad60829 |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | 17dbc9730975ce24b6f513691ed01d17 |
| SHA1 | 316bdafc9d850b7dcaae4333f213c4b9151c628d |
| SHA256 | 106175b878e97faf8f43312af6e4b00fec2921c3a63e0bbb3cf5cf906820c800 |
| SHA512 | e1e85884c753322caea62cd45c8e932fb4b2bd02c1ff9f94cd6555485294982eba46217d682be67b3a052ef70217ad6ed98c6d58207cc2c54437aea4104a5ef9 |